search for: opensc

...reproduced on: Ubuntu 19.10, Fedora Version of OpenSSH: git commit b2491c28, latest at time of writing. Example output demonstrating the problem (with a Yubikey in PIV mode inserted): $ SSH_AUTH_SOCK=/tmp/ssh-dhfNCpXwSk8B/agent.21022; export SSH_AUTH_SOCK; $ ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so Enter passphrase for PKCS#11: Could not add card "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so": agent refused operation $ SSH_AUTH_SOCK=/tmp/ssh-RORElJeiiHBc/agent.21116; export SSH_AUTH_SOCK; $ ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so Enter passphrase for PKCS#11:...

OpenSC Release 0.8.0 ==================== We are pleased to announce the availability of OpenSC 0.8.0. OpenSC provides a set of libraries and utilities to access smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as mail...

...h Assignee: unassigned-bugs at mindrot.org Reporter: jamin.collins at gmail.com I have found that I am unable to connect to an ssh host if I have both my user's ssh config set to use a PCKS11 library and my yubikey based keys loaded into my ssh agent. I have tried both the opensc and yubico pcks11 libraries for accessing the card. The results differ slightly, but both ultimately fail to authenticate if my user's ssh config is set to use the PCKS11 library and the keys have been added to my ssh agent. ** using libykcs11.so from yubico-piv-tool 1.4.2 $ ssh-add -s /usr/...

http://bugzilla.mindrot.org/show_bug.cgi?id=577 Summary: bug (wrong flag) in sc_private_decrypt (scard-opensc.c) Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch a...

https://bugzilla.mindrot.org/show_bug.cgi?id=1160 --- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2009-11-20 21:18:50 EST --- Created an attachment (id=1727) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1727) /home/dtucker/openssh/pending/openssh-opensc-configure.patch Use pkg-config for opensc if available. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

Dear friends, First, thanks for helping me on ssh default option for smartcards. I recompiled SSH from CVS and it seems to work. I still have problems with: ssh-add -s /usr/lib/opensc-pkcs11.so Enter passphrase for PKCS#11: (I enter PIN code) SSH_AGENT_FAILURE Could not add card: /usr/lib/opensc-pkcs11.so pkcs11-tool --slot 1 -O Public Key Object; RSA 2048 bits label: Public Key ID: 7645d913d5***********54816ff02324c23a7ebf4 Usage: none Certificate Obje...

Hello, I'm writing from OpenSC project (OpenSSH used to include OpenSC support for smart cards, it has been removed now and PKCS#11 is used instead, whish is nice), we're planning to have a "Security / hardware crypto keys" themed devroom at FOSDEM next year. Are people on this list interested in participating, and...

...ient to get a pin from the command line when using a smartcard. Most of it is from a patch by Danny De Cock <godot () ulyssis ! org>, but I've used the ssh read_passphrase function instead. Any errors are mine, I'm sure. This enables ssh -I 0 to use a pin-protected smartcard via opensc. Thanks, Kevin Stefanik -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-3.5p1-opensc-get_pin.patch.bz2 Type: application/x-bzip2 Size: 655 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030508/83a1c785/a...

https://bugzilla.mindrot.org/show_bug.cgi?id=1498 Summary: OpenSC smartcard access should use raw public keys, not X.509 certificates Classification: Unclassified Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Keywords: patch Sev...

On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote: > As a side note, OpenSC is looking at issues with using tokens vs > separate > readers and smart cards. The code paths in PKCS#11 differ. Removing a > card > from a reader leaves the pkcs#11 slot still available. Removing a > token (Yubikey) > removes both the reader and and its builtin smart card. Firef...

On 6/24/2017 11:35 AM, Emmanuel Deloget wrote: > Hello Douglas, > > On Fri, Jun 23, 2017 at 9:16 PM, Douglas E Engert <deengert at gmail.com <mailto:deengert at gmail.com>> wrote: > > OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing > > a shim for OpenSSL-1.1, the OpenSC code has been converted to > > the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and > > macros was written to support older versions of OpenSSL a...

OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing a shim for OpenSSL-1.1, the OpenSC code has been converted to the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and macros was written to support older versions of OpenSSL and Libressl. https://github.com/...

On Tue, 2010-04-06 at 15:52 +0300, Lars Nooden wrote: > You might wish to focus on sftp instead of scp. Okay, I will have a look. I had some problems: 1) I would like to store smart card information -o PKCS11Provider=/usr/lib/opensc-pkcs11.so in /etc/ssh/ssh-config. Is it possible? 2) ssh-add -s does not seem to work. Read: http://www.gooze.eu/howto/using-openssh-scp-with-smart-cards-pkcs11/using-ssh-authentication-agent-ssh-add-with Can anyone help with these issues. Kind regards, Jean-Michel

Hi, sorry, I'm not on the list, so please answer directly. I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6 with Gemplus 410 and 430 smartcard readers and Schlumberger cryptoflex smartcards. I used openssh-3.2.2p1 but the relevant file scard-opensc.c is unchanged in 3.4. RSA authentication to a remote host running opensshd did not work with the smartcard. In...

Hello, PKCS#11 is a standard API interface that can be used in order to access cryptographic tokens. You can find the specification at http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most smartcard and other cryptographic device vendors support PKCS#11, opensc also provides PKCS#11 interface. I can easily make the scard.c, scard-opensc.c and ssh-agent.c support PKCS#11. PKCS#11 is much more portable, standard, used standard than the current opensc implementation. I just written the PKCS#11 support for the openvpn project, and I think openssh can al...

...ts Bug 2474 - Enabling ECDSA in PKCS#11 support for ssh-agent Bug 2817 - Add support for PKCS#11 URIs (RFC 7512) Bug 2472 - Add support to load additional certificates Bug 2075 - [PATCH] Enable key pair generation on a PCKS#11 device Namely, the #2638 one will be a big problem after the release of OpenSC 0.18.0 [1], which is no longer allowing the workflow OpenSSH is using. Also in the #2817, there is a resurrection of the soft-pkcs11 module in regress testsuite, which can be later extended to verify also other use cases. [1] https://github.com/OpenSC/OpenSC/pull/1256 Thanks, -- Jakub Jelen Sof...

...ome logic in includes.h to handle HAVE_STRINGS_H, but none for HAVE_STRING_H the reason for this is that many source files use str* and mem* functions but are inconsistent as to whether they include string.h ... for example, these files do not include string.h, yet they use funcs: entropy.c scard-opensc.c ssh-rand-helper.c in the case of scard-opensc.c, it results in ugly warnings like: scard-opensc.c: In function 'sc_prkey_op_init': scard-opensc.c:176: warning: implicit declaration of function 'strcmp' scard-opensc.c:188: warning: implicit declaration of function 'strlen'...

https://bugzilla.mindrot.org/show_bug.cgi?id=1751 Summary: ssh-add -s /usr/lib/opensc-pkcs11.so does not work Product: Portable OpenSSH Version: 5.4p1 Platform: amd64 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: unassigned-bugs at mindrot.org...

http://bugzilla.mindrot.org/show_bug.cgi?id=591 Summary: use PKCS#15 private key label as a comment in case of OpenSC Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch...

http://bugzilla.mindrot.org/show_bug.cgi?id=621 Summary: scard-opensc.c: more than one private key object for a certificate Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard...