search for: keyped

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshkey_load_private() in authfile.h authfile.c | 38

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

https://bugzilla.mindrot.org/show_bug.cgi?id=3068 Bug ID: 3068 Summary: Duplicate code in sshkey_load_private() function Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Windows 10 Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:

On Wed, 17 Feb 2016, Hisashi T Fujinaka wrote: > > I need to make these error messages more user-friendly :( > > > > -24 is SSH_ERR_SYSTEM_ERROR, so it's likely failing to find/load the > > key for some reason. I'll make a patch to improve the error message, > > but in the meantime you could probably figure out the exact failure > > using

On Wed, Feb 17, 2016 at 3:51 AM, Hisashi T Fujinaka <htodd at twofifty.com> wrote: > Sorry, I haven't been paying too much attention here, but I'm having > repeated failures when I tried this morning. > > NetBSD-current: > test_sshkey: ..................................[1] Segmentation fault > (core dumped) ${V} /home/htodd... > *** Error code 139 did it

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

Hello, In one recent change (https://anongit.mindrot.org/openssh.git/commit/?id=2b13d3934d5803703c04803ca3a93078ecb5b715), I noticed a regression. If ssh-keygen is given a private file without passphrase and without the corresponding .pub file, I doesn't extract the comment after the commit, while it did before: Before the commit: $ ./ssh-keygen -q -t dsa -N '' -C foobar -f

Hi, OpenSSH 5.3 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

https://bugzilla.mindrot.org/show_bug.cgi?id=3192 Bug ID: 3192 Summary: openssh-8.2 & openssl-1.1.1d error: dereferencing pointer to incomplete type Not found struct BIO , bio->num_write Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW

https://bugzilla.mindrot.org/show_bug.cgi?id=3190 Bug ID: 3190 Summary: Inconsistent handling of private keys without accompanying public keys Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

Some HSM's such as Safenet Network HSM do not allow searching for keys unauthenticated. To support such devices provide a mechanism for users to provide a pin code that is always used to automatically log in to the HSM when using PKCS11. The pin code is read from a file specified by the environment variable SSH_PKCS11_PINFILE if it is set. Tested against Safenet Network HSM. ---

I have a call center where we're looking at converting it from a traditional PBX w/ digital phone "agent" sets (keyless phones) that have headsets to a SIP based environment. I am having trouble finding anything on the market that resembles this in the VoIP world. For reference, we're currently using Inter-Tel Agent Sets, which are basically a digital phone with out any keypad,

I find this approach very bad in general.? PKCS#11 standard says that *private* keys should not be accessible without authentication. *Public* keys and certificates of course can and should be accessible with no authentication. SoftHSM misinterpreted this originally (older pkcs11 documents were less clear :), but they rectified this mistake. We should not repeat it.?

On Thu, Sep 21, 2017 at 02:22:10AM -0500, Zev Weiss wrote: > test_kex: regress/unittests/kex/test_kex.c:91 test #1 "sshkey_generate" > ASSERT_INT_EQ(sshkey_generate(keytype, bits, &private), 0) failed: > sshkey_generate(keytype, bits, &private) = -56 That error code is: $ grep -- -56 ssherr.h #define SSH_ERR_KEY_LENGTH -56 Unfortunately there's lots of

I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (concatenated with the challenge hash). The authData blob

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extended the KASLR randomization range below the -2G memory limit. Signed-off-by: Thomas Garnier <thgarnie at google.com> --- arch/x86/crypto/aes-x86_64-asm_64.S | 45 ++++++++----- arch/x86/crypto/aesni-intel_asm.S

Hi, OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or

As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or