search for: larsch

...without PIN Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de The function sc_prkey_op_init (in scard-opensc.c) requires for every private key a PKCS#15 AuthenticationObject object, but the this object is optional => sc_prkey_op_init fails if the key is not protected by a PIN. If sc_pkcs15_find_pin_by_auth_id retuns SC_ERROR_OBJECT_NOT_...

...OpenSC Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de Attached is patch with which the ssh-agent will use the optional PKCS#15 private key label (if existing) as the comment for the smartcard key (instead of the standard comment "smartcard key"). In case sc_get_key_label returns NULL the standard comment is used. Comment...

...d-opensc.c) Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de There's a small bug in scard-opensc.c. The OpenSC function sc_pkcs15_decipher is called with the wrong flag. Currently sc_private_decrypt set the flag to 0 and hence OpenSC uses RSA raw to decipher the cryptogram => the Smartcard (or OpenSC) does not remove the PKCS#1 pad...

...te key Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de sc_get_keys loads the public keys from every certificate stored on the smartcard. Therefore public keys of CA certificate (or other certs for which there's no corresponding private key on the smartcard) are loaded into the ssh-agent. This has (at least) two drawbacks: a) loa...

...certificate Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de There's currently a small problem in scard-opensc.c if there's more than one private key object for a given certificate (i.e. public key). For example some cards OSs do not support signing and decryption with one private key object => if you want to use the same key f...

Hi, I am not sure if this the right place for the question. Sorry if not ... My System: SuSE 9.2 OpenSSH 3.9p1 I have trouble to use a Smartcard with openssh. If i try to connect directly to the Smartcard, it fails: ssh -I 0:45 localhost card-etoken.c:175:etoken_check_sw: required access right not granted card-etoken.c:631:do_compute_signature: returning with: Security status not satisfied

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

Hi, I think there's a small bug in sc_private_decrypt in scard-opensc.c (see attached patch). The 'flags' parameter in the sc_pkcs15_decipher function call should be set to SC_ALGORITHM_RSA_PAD_PKCS1 and not to 0. If flags == 0 then sc_pkcs15_decipher uses RSA raw as a default method which has (at least) two drawbacks a) not all cards support RSA raw and b) sc_pkcs15_decipher does not

Hi, from ChangeLog: 20030609 - (djm) Sync README.smartcard with OpenBSD -current My I ask why the OpenSC section has been removed ? Note: OpenSSH + OpenSC works for me (at least with a recent OpenSC snapshot). Regards, Nils

Hi, the current CVS version (head) of OpenSSH doesn't build with OpenSC because the sc_get_key_label function is currently not defined in scard-opensc.c => please apply the scard-opensc.c part of patch #330 (see: http://bugzilla.mindrot.org/attachment.cgi?id=330&action=view ). Regards, Nils