Displaying 20 results from an estimated 464 matches for "pkcs11".
2010 Apr 10
3
pkcs11-helper-devel is needed
how could i install pkcs11 on 64 cent os 5.4 :S it always asking me for
pkcs11-helper but i've already installing
[root at vpn VpnSetup]# rpmbuild -tb openvpn-2.1.1.tar.gz
hata: Failed build dependencies:
pkcs11-helper-devel is needed by openvpn-2.1.1-1.x86_64
[root at vpn VpnSetup]# rpm -ivh pkcs11-helper-d...
2006 Oct 31
0
PSARC 2005/572 PKCS#11 v2.20
...1 v2.20 support for the Crypto Framework
6287425 residual bzero''s in hmac part of sha2
6287428 add sha2 to the i.kcfconfbase upgrade script
Files:
create: usr/src/common/crypto/blowfish/blowfish_cbc_crypt.c
create: usr/src/common/crypto/blowfish/blowfish_cbc_crypt.h
create: usr/src/lib/pkcs11/pkcs11_softtoken/common/softBlowfishCrypt.c
update: usr/src/cmd/cmd-crypto/digest/digest.c
update: usr/src/common/crypto/blowfish/Makefile
update: usr/src/common/crypto/blowfish/blowfish_impl.c
update: usr/src/common/crypto/rsa/rsa_impl.c
update: usr/src/common/crypto/rsa/rsa_impl.h
update: u...
[Bug 3561] New: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11
2023 Apr 10
6
[Bug 3561] New: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11
https://bugzilla.mindrot.org/show_bug.cgi?id=3561
Bug ID: 3561
Summary: Open SSH does not support 1-byte structure packing on
non-windows systems for PKCS11
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: do...
2016 Oct 27
11
[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635
Bug ID: 2635
Summary: Unable to use SSH Agent and user level PKCS11Provider
configuration directive
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bug...
2016 Nov 16
2
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
I find this approach very bad in general.?
PKCS#11 standard says that *private* keys should not be accessible without authentication. *Public* keys and certificates of course can and should be accessible with no authentication.
SoftHSM misinterpreted this originally (older pkcs11 documents were less clear :), but they rectified this mistake. We should not repeat it.?
Sent?from?my?BlackBerry?10?smartphone?on?the Verizon?Wireless?4G?LTE?network.
? Original Message ?
From: Juha-Matti Tapio
Sent: Wednesday, November 16, 2016 04:35
To: openssh-unix-dev at mindrot.org
Subject: [...
2006 Feb 12
0
[ANNOUNCE] PKCS#11 support in OpenSSH 4.3p2 (version 0.07)
...or
prompting card insert... Don't be confused, it only expects
ok or cancel, attached is a simple scripts that uses KDE and
.NET in order to display these dialogs.
You can view full usage by:
$ ssh-agent /bin/sh
$ ssh-add -h
A common scenario is the following:
$ ssh-agent /bin/sh
$ ssh-add --pkcs11-ask-pin `which openssh-kde-dialogs.sh`
$ ssh-add --pkcs11-add-provider --pkcs11-provider
/usr/lib/pkcs11/MyProvider.so
$ ssh-add --pkcs11-add-id --pkcs11-slot-type label
--pkcs11-slot "MyToken" --pkcs11-id-type subject --pkcs11-id
"/C=XX/CN=YY"
$ ssh myhost
In order to see avai...
2016 Nov 16
3
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
Some HSM's such as Safenet Network HSM do not allow searching for keys
unauthenticated. To support such devices provide a mechanism for users
to provide a pin code that is always used to automatically log in to
the HSM when using PKCS11.
The pin code is read from a file specified by the environment variable
SSH_PKCS11_PINFILE if it is set.
Tested against Safenet Network HSM.
---
ssh-pkcs11.c | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index aaf712d..f75b20...
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
I know OpenSSH currently supports PKCS11 devices (such as smartcards)
for publickey authentication, but I would love to see PKCS11 extended
further. It is currently possible to perform PKCS11 certificate
authentication, via pam_krb5.so (on Linux at least and likely something
similar on other *NIX) which allows smartcard auth to a Kerbero...
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
...an SSH key.
2. Add that key to ssh-agent.
3. Remove that key from ssh-agent.
4. Add that key to ssh-agent.
Expected results:
Key is successfully added to ssh-agent.
Actual results:
ssh-add fails with "agent refused operation".
I've looked at the code, and it appears that register_pkcs11_provider
(https://github.com/openssh/openssh-portable/blob/master/ssh-pkcs11.c#L1470)
fails if a PKCS#11 provider already exists. However, PKCS#11 providers
are never unloaded. There is a pkcs11_del_provider but it is never called.
That means that after deleting a key, there is no way to re-add it...
2017 Jan 03
2
DEFAULT_PKCS11_WHITELIST on 64-bit Linux systems
On 12/30/2016 02:40 AM, Damien Miller wrote:
> On Wed, 28 Dec 2016, Iain Morgan wrote:
>
>> Hello,
>>
>> On RHEL 6/amd64, the stock value for DEFAULT_PKCS11_WHITELIST is not
>> very useful. On such systems, /usr/lib64/* would need to be added to the
>> pattern list. Although users can specify the -P option every time they
>> launch ssh-agent, it might be nice to provide a means to specify a
>> default whitelist at build-time.
&g...
2020 Apr 02
2
firefox unable to load pkcs11 module
CentOS 7, In firefox -> privacy & security -> certificates -> security
devices
i am trying to load the pkcs11 modules, but get the error unable to load.
I am following the directions at
https://piv.idmanagement.gov/engineering/firefox/
I have installed opensc and openssl-pkcs11, which
contains /usr/lib64/openssl/engines/pkcs11.so
and am using that is the module
Has anybody here done that, and can offer...
2010 Apr 08
1
ssh-add -s /usr/lib/opensc-pkcs11.so does not work
Dear friends,
First, thanks for helping me on ssh default option for smartcards. I
recompiled SSH from CVS and it seems to work.
I still have problems with:
ssh-add -s /usr/lib/opensc-pkcs11.so
Enter passphrase for PKCS#11: (I enter PIN code)
SSH_AGENT_FAILURE
Could not add card: /usr/lib/opensc-pkcs11.so
pkcs11-tool --slot 1 -O
Public Key Object; RSA 2048 bits
label: Public Key
ID: 7645d913d5***********54816ff02324c23a7ebf4
Usage: none
Certificate Object, typ...
2016 Dec 24
30
[Bug 2652] New: PKCS11 login skipped if login required and no pin set
https://bugzilla.mindrot.org/show_bug.cgi?id=2652
Bug ID: 2652
Summary: PKCS11 login skipped if login required and no pin set
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Smartcard
Assignee: unassigned-bu...
2018 Jan 05
11
[Bug 2817] New: Add support for PKCS#11 URIs (RFC 7512)
...at redhat.com
Created attachment 3111
--> https://bugzilla.mindrot.org/attachment.cgi?id=3111&action=edit
PKCS#11 URI (RFC7512) support
There is a series of patches adding a support for PKCS#11 URIs [1] with
testsuite and improving the existing tests to be actually run against a
software pkcs11 module.
What is currently done:
* Print PKCS#11 URIs from ssh-keygen
* Accept PKCS#11 URIs in -i argument to ssh
* Allow PKCS#11 URI specification in ssh_config
* Fallback to p11-kit-proxy
* PKCS#11 URI support for ssh-add and ssh-agent
* internal representation is PKCS#11 URI
Currently re...
2006 May 27
2
[ANNOUNCE] PKCS#11 support in OpenSSH 4.3p2 (version 0.11)
Hello,
The version 0.11 of "PKCS#11 support in OpenSSH" is published.
Changes:
1. Updated against OpenSSH 4.3p2.
2. Modified against Roumen Petrov's X.509 patch (version
5.4), so self-signed certificates are treated by the X.509
patch now.
3. Added --pkcs11-x509-force-ssh if X.509 patch applied,
until some issues with the X.509 patch are resolved.
4. Fixed issues with gcc-2.
You can grab the new version from
http://alon.barlev.googlepages.com/openssh-pkcs11.
I will be glad to receive any feedback regarding this patch,
so I will be able to adjust it...
2018 Aug 13
8
Why still no PKCS#11 ECC key support in OpenSSH ?
On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
> Lack of time on the Open Source projects is understandable, and not uncommon.
>
> However, PKCS11 has been in the codebase practically forever - the ECC
> patches that I saw did not alter the API or such. It is especially
> non-invasive when digital signature is concerned.
>
> Considering how long those patches have been sitting in the queue, and
> the continued interest among th...
2007 Jan 05
0
Announce: PKCS#11 support version 0.18 in OpenSSH 4.5p1
Hi All,
The version of "PKCS#11 support in OpenSSH" is ready for download.
On download page http://alon.barlev.googlepages.com/openssh-pkcs11 you
can find a patch for OpenSSH 4.5p1.
Most of PKCS#11 code is now moved to a standalone library which I call
pkcs11-helper, this library is used by all projects that I added
PKCS#11 support into. The library can be downloaded from:
http://www.opensc-project.org/pkcs11-helper
As a result the...
2010 Apr 06
3
Using OpenSSH with smart cards HOWTO
On Tue, 2010-04-06 at 15:52 +0300, Lars Nooden wrote:
> You might wish to focus on sftp instead of scp.
Okay, I will have a look.
I had some problems:
1) I would like to store smart card information
-o PKCS11Provider=/usr/lib/opensc-pkcs11.so
in /etc/ssh/ssh-config. Is it possible?
2) ssh-add -s does not seem to work.
Read:
http://www.gooze.eu/howto/using-openssh-scp-with-smart-cards-pkcs11/using-ssh-authentication-agent-ssh-add-with
Can anyone help with these issues.
Kind regards,
Jean-Michel
2005 Oct 22
2
openssh PKCS#11 support
...Current implementation uses the askpin program also for
promoting card insert... Don't be confused, it only expects
ok or cancel. If we continue in merge I will also allow
select a different program for card prompt.
A common scenario is the following:
$ ssh-agent xterm ->
$ ssh-add --pkcs11-ask-pin `which x11-ssh-askpass`
$ ssh-add --pkcs11-add-provider --pkcs11-provider
/usr/lib/pkcs11/MyProvider.so
$ ssh-add --pkcs11-add-id --pkcs11-slot-type label
--pkcs11-slot "MyToken" --pkcs11-id-type subject --pkcs11-id
"/C=XX/CN=YY"
$ ssh myhost
In order to see...
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
...ng used this phase
> is performed on local machine, once TGT is available, the remaining of
> the interaction is kerberos only.
>
> Regards,
> Alon
>
> On Wed, Dec 19, 2018 at 1:10 AM mailto428496 <mailto628496 at cox.net> wrote:
>> I know OpenSSH currently supports PKCS11 devices (such as smartcards)
>> for publickey authentication, but I would love to see PKCS11 extended
>> further. It is currently possible to perform PKCS11 certificate
>> authentication, via pam_krb5.so (on Linux at least and likely something
>> similar on other *NIX) whic...