search for: cka_always_authenticate

https://bugzilla.mindrot.org/show_bug.cgi?id=2638 Bug ID: 2638 Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: Smart...

...must. So again, I offering my help in this area not limited to the following bugs (according to complexity and priority): Bug 2430 - ssh-keygen should allow to login before reading public key from smart card Bug 2652 - PKCS11 login skipped if login required and no pin set Bug 2638 - Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects Bug 2474 - Enabling ECDSA in PKCS#11 support for ssh-agent Bug 2817 - Add support for PKCS#11 URIs (RFC 7512) Bug 2472 - Add support to load additional certificates Bug 2075 - [PATCH] Enable key pair generation on a PCKS#11 device Namely, the #2638 one will be a bi...

...0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_DERIVE 00007fff3bd35ab7 / 1 [out] pTemplate[1]: CKA_DERIVE False Returned: 0 CKR_OK 20: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_ALWAYS_AUTHENTICATE 00007fff3bd35a5f / 1 [out] pTemplate[1]: CKA_ALWAYS_AUTHENTICATE False Returned: 0 CKR_OK 21: C_FindObjects 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] ulMaxObjectCount = 0x1 [out] ulObjectCount = 0x1 Object 0x8690003 matches Returned: 0 CKR_OK 22: C_GetAttributeValue 2014-01-...

...ndling at initial token login. The attempt to read the PIN could be skipped in some cases, particularly on devices with integrated PIN readers. This would lead to an inability to retrieve keys from these tokens. bz#2652 * ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the C_SignInit operation. bz#2638 * ssh(1): Improve documentation for ProxyJump/-J, clarifying that local configuration does not apply to jump hosts. * ssh-keygen(1): Clarify manual - ssh-keygen -e only writes public keys, not private. * ssh(1), s...

https://bugzilla.mindrot.org/show_bug.cgi?id=2915 Bug ID: 2915 Summary: Tracking bug for 8.0 release Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

...ndling at initial token login. The attempt to read the PIN could be skipped in some cases, particularly on devices with integrated PIN readers. This would lead to an inability to retrieve keys from these tokens. bz#2652 * ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the C_SignInit operation. bz#2638 * ssh(1): Improve documentation for ProxyJump/-J, clarifying that local configuration does not apply to jump hosts. * ssh-keygen(1): Clarify manual - ssh-keygen -e only writes public keys, not private. * ssh(1), s...