Displaying 20 results from an estimated 129 matches for "opensc".
Did you mean:
opens
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
...reproduced on: Ubuntu 19.10, Fedora
Version of OpenSSH: git commit b2491c28, latest at time of writing.
Example output demonstrating the problem (with a Yubikey in PIV mode inserted):
$ SSH_AUTH_SOCK=/tmp/ssh-dhfNCpXwSk8B/agent.21022; export SSH_AUTH_SOCK;
$ ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Enter passphrase for PKCS#11:
Could not add card "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so": agent
refused operation
$ SSH_AUTH_SOCK=/tmp/ssh-RORElJeiiHBc/agent.21116; export SSH_AUTH_SOCK;
$ ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Enter passphrase for PKCS#11:...
2003 Aug 15
0
OpenSC 0.8.0 Released
OpenSC Release 0.8.0
====================
We are pleased to announce the availability of OpenSC 0.8.0.
OpenSC provides a set of libraries and utilities to access smart
cards. Its main focus is on cards that support cryptographic operations,
and facilitate their use in security applications such as mail...
2016 Oct 27
11
[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
...h
Assignee: unassigned-bugs at mindrot.org
Reporter: jamin.collins at gmail.com
I have found that I am unable to connect to an ssh host if I have both
my user's ssh config set to use a PCKS11 library and my yubikey based
keys loaded into my ssh agent.
I have tried both the opensc and yubico pcks11 libraries for accessing
the card. The results differ slightly, but both ultimately fail to
authenticate if my user's ssh config is set to use the PCKS11 library
and the keys have been added to my ssh agent.
** using libykcs11.so from yubico-piv-tool 1.4.2
$ ssh-add -s /usr/...
2003 May 27
3
[Bug 577] bug (wrong flag) in sc_private_decrypt (scard-opensc.c)
http://bugzilla.mindrot.org/show_bug.cgi?id=577
Summary: bug (wrong flag) in sc_private_decrypt (scard-opensc.c)
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: larsch a...
2009 Nov 20
8
[Bug 1160] OpenSSH should use libopensc.pc instead of opensc-config
https://bugzilla.mindrot.org/show_bug.cgi?id=1160
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2009-11-20 21:18:50 EST ---
Created an attachment (id=1727)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1727)
/home/dtucker/openssh/pending/openssh-opensc-configure.patch
Use pkg-config for opensc if available.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
2010 Apr 08
1
ssh-add -s /usr/lib/opensc-pkcs11.so does not work
Dear friends,
First, thanks for helping me on ssh default option for smartcards. I
recompiled SSH from CVS and it seems to work.
I still have problems with:
ssh-add -s /usr/lib/opensc-pkcs11.so
Enter passphrase for PKCS#11: (I enter PIN code)
SSH_AGENT_FAILURE
Could not add card: /usr/lib/opensc-pkcs11.so
pkcs11-tool --slot 1 -O
Public Key Object; RSA 2048 bits
label: Public Key
ID: 7645d913d5***********54816ff02324c23a7ebf4
Usage: none
Certificate Obje...
2010 Sep 23
2
OpenSSH developers @ FOSDEM 2011
Hello,
I'm writing from OpenSC project (OpenSSH used to include OpenSC support for smart cards, it has been removed now and PKCS#11 is used instead, whish is nice), we're planning to have a "Security / hardware crypto keys" themed devroom at FOSDEM next year. Are people on this list interested in participating, and...
2003 May 08
3
get_pin for scard-opensc.c
...ient to get a pin from the command line
when using a smartcard. Most of it is from a patch by Danny De Cock
<godot () ulyssis ! org>, but I've used the ssh read_passphrase function
instead. Any errors are mine, I'm sure.
This enables ssh -I 0 to use a pin-protected smartcard via opensc.
Thanks,
Kevin Stefanik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-3.5p1-opensc-get_pin.patch.bz2
Type: application/x-bzip2
Size: 655 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030508/83a1c785/a...
2008 Jul 31
5
[Bug 1498] New: OpenSC smartcard access should use raw public keys, not X.509 certificates
https://bugzilla.mindrot.org/show_bug.cgi?id=1498
Summary: OpenSC smartcard access should use raw public keys,
not X.509 certificates
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Keywords: patch
Sev...
2020 Feb 24
4
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote:
> As a side note, OpenSC is looking at issues with using tokens vs
> separate
> readers and smart cards. The code paths in PKCS#11 differ. Removing a
> card
> from a reader leaves the pkcs#11 slot still available. Removing a
> token (Yubikey)
> removes both the reader and and its builtin smart card. Firef...
2017 Jun 24
2
OpenSSL 1.1 support status : what next?
On 6/24/2017 11:35 AM, Emmanuel Deloget wrote:
> Hello Douglas,
>
> On Fri, Jun 23, 2017 at 9:16 PM, Douglas E Engert <deengert at gmail.com <mailto:deengert at gmail.com>> wrote:
> > OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
> > a shim for OpenSSL-1.1, the OpenSC code has been converted to
> > the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and
> > macros was written to support older versions of OpenSSL a...
2017 Jun 23
5
OpenSSL 1.1 support status : what next?
OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
a shim for OpenSSL-1.1, the OpenSC code has been converted to
the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and
macros was written to support older versions of OpenSSL and Libressl.
https://github.com/...
2010 Apr 06
3
Using OpenSSH with smart cards HOWTO
On Tue, 2010-04-06 at 15:52 +0300, Lars Nooden wrote:
> You might wish to focus on sftp instead of scp.
Okay, I will have a look.
I had some problems:
1) I would like to store smart card information
-o PKCS11Provider=/usr/lib/opensc-pkcs11.so
in /etc/ssh/ssh-config. Is it possible?
2) ssh-add -s does not seem to work.
Read:
http://www.gooze.eu/howto/using-openssh-scp-with-smart-cards-pkcs11/using-ssh-authentication-agent-ssh-add-with
Can anyone help with these issues.
Kind regards,
Jean-Michel
2002 Jul 20
0
opensc smartcard support does not work
Hi,
sorry, I'm not on the list, so please answer directly.
I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6
with Gemplus 410 and 430 smartcard readers and Schlumberger
cryptoflex smartcards.
I used openssh-3.2.2p1 but the relevant file scard-opensc.c
is unchanged in 3.4.
RSA authentication to a remote host running opensshd
did not work with the smartcard.
In...
2005 Oct 05
2
ssh-agent add PKCS#11 support
Hello,
PKCS#11 is a standard API interface that can be used in
order to access cryptographic tokens. You can find the
specification at
http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most
smartcard and other cryptographic device vendors support
PKCS#11, opensc also provides PKCS#11 interface.
I can easily make the scard.c, scard-opensc.c and
ssh-agent.c support PKCS#11.
PKCS#11 is much more portable, standard, used standard than
the current opensc implementation.
I just written the PKCS#11 support for the openvpn project,
and I think openssh can al...
2018 Feb 26
3
Outstanding PKCS#11 issues
...ts
Bug 2474 - Enabling ECDSA in PKCS#11 support for ssh-agent
Bug 2817 - Add support for PKCS#11 URIs (RFC 7512)
Bug 2472 - Add support to load additional certificates
Bug 2075 - [PATCH] Enable key pair generation on a PCKS#11 device
Namely, the #2638 one will be a big problem after the release of OpenSC
0.18.0 [1], which is no longer allowing the workflow OpenSSH is using.
Also in the #2817, there is a resurrection of the soft-pkcs11 module in
regress testsuite, which can be later extended to verify also other use
cases.
[1] https://github.com/OpenSC/OpenSC/pull/1256
Thanks,
--
Jakub Jelen
Sof...
2007 Mar 11
4
[Bug 1294] includes.h should pull in string.h based on HAVE_STRING_H
...ome logic in includes.h to handle HAVE_STRINGS_H, but none for
HAVE_STRING_H
the reason for this is that many source files use str* and mem*
functions but are inconsistent as to whether they include string.h ...
for example, these files do not include string.h, yet they use funcs:
entropy.c
scard-opensc.c
ssh-rand-helper.c
in the case of scard-opensc.c, it results in ugly warnings like:
scard-opensc.c: In function 'sc_prkey_op_init':
scard-opensc.c:176: warning: implicit declaration of function 'strcmp'
scard-opensc.c:188: warning: implicit declaration of function 'strlen'...
2010 Apr 08
6
[Bug 1751] New: ssh-add -s /usr/lib/opensc-pkcs11.so does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=1751
Summary: ssh-add -s /usr/lib/opensc-pkcs11.so does not work
Product: Portable OpenSSH
Version: 5.4p1
Platform: amd64
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo: unassigned-bugs at mindrot.org...
2003 Jun 10
6
[Bug 591] use PKCS#15 private key label as a comment in case of OpenSC
http://bugzilla.mindrot.org/show_bug.cgi?id=591
Summary: use PKCS#15 private key label as a comment in case of
OpenSC
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Smartcard
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: larsch...
2003 Jul 23
1
[Bug 621] scard-opensc.c: more than one private key object for a certificate
http://bugzilla.mindrot.org/show_bug.cgi?id=621
Summary: scard-opensc.c: more than one private key object for a
certificate
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard...