search for: key_only

Displaying 6 results from an estimated 6 matches for "key_only".

2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...0) + fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); + if (confirm != 0) + fprintf(stderr, "The user must confirm each use of the key\n"); + out: + free(comment); + sshkey_free(cert); + + return ret; +} + +static int add_file(int agent_fd, const char *filename, int key_only) { struct sshkey *private, *cert; @@ -445,13 +488,16 @@ lock_agent(int agent_fd, int lock) } static int -do_file(int agent_fd, int deleting, int key_only, char *file) +do_file(int agent_fd, int deleting, int key_only, int cert_only, char *file) { if (deleting) { if (delete_file(agent_f...
2020 Oct 06
2
Accessing SSH key path using SSH_ASKPASS and passwordstore
Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may
2016 Dec 28
2
certificates keys on pkcs11 devices
Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,
2020 Jan 30
6
[PATCH 1/2] Add support for openssl engine based keys
...(ret != SSH_AGENT_SUCCESS) { + fprintf(stderr, "failed to add engine key: %s\n", ssh_err(ret)); + } else { + fprintf(stderr, "Engine Identity added: %s\n", file); + } + if (pin) + free (pin); + return ret; +} + static int delete_file(int agent_fd, const char *filename, int key_only, int qflag) { @@ -609,6 +632,9 @@ usage(void) #ifdef WITH_XMSS " [-M maxsign] [-m minleft]\n" #endif +#ifdef USE_OPENSSL_ENGINE +" [-o engine]\n" +#endif " [file ...]\n" " ssh-add -s pkcs11\n" "...