Displaying 4 results from an estimated 4 matches for "pkcs11_fetch_keys".
2023 Nov 19
2
[Bug 3635] New: ssh-add -s always asks for PKCS#11 PIN
...ing up,
and then tries to derive keys for the slots available [6]
3. For deriving keys a PKCS#11 session is opened by calling
pkcs11_open_session [7]. pkcs11_open_session checks if the
CKF_LOGIN_REQUIRED flag is set [8] and fails if it is set but no PIN
was provided.
4. After establishing a session pkcs11_fetch_keys is called [9], to
derive keys
5. If it was not possible to derive at least one key and no login took
place yet and the session is interactive, pkcs11_login_slot [10] is
called to perform a login.
pkcs11_login_slot checks for the CKF_PROTECTED_AUTHENTICATION_PATH
flag [11] and allows the PIN entr...
2023 Sep 11
21
[Bug 3613] New: Unable to sign using certificates and PKCS#11
...2.40 libraryDescription
<PKCS#11 Kit Proxy Module> libraryVersion 1.1
debug1: provider /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 slot 0:
label <YubiKey PIV #19258332> manufacturerID <Yubico (www.yubico.com)>
model <YubiKey YK5> serial <19258332> flags 0x40d
debug2: pkcs11_fetch_keys: provider
/usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 slot 0: RSA
SHA256:vRdQ4M0pBHf4Cb4pqxFGVTeJmqRTzRusvXxu7vRrjNk
debug1: have 1 keys
debug2: pkcs11_fetch_keys: provider
/usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 slot 0: RSA
SHA256:54W0/9rkv84M3pwsFa7qvWkCeQGbkWlwSkvk1fcsrV0
debug1: have 2...
2010 Jun 02
4
[Bug 1773] New: PKCS#11 authentication fails with "xmalloc: zero size" for some certificates.
...lloc error when using pkcs11 for auth
I've been trying to use an Aladdin eToken PRO 64k (4.2) USB smart card
for public key ssh authentication (using the -I option with the PKCS11
library for the eToken), but OpenSSH would abort with the message:
xmalloc: zero size
I tracked this down to the pkcs11_fetch_keys function in ssh-pkcs11.c,
and discovered that C_GetAttributeValue returns a ulValueLen of 0 for
some of the attributes for some of my certificates. I believe that
this may be being caused by some CA certificates that I also have on
the eToken, which are stored without their private keys.
The atta...
2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list,
I have no idea if Damien Miller had the time to work on that.
I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
required interfaces to override the signature function pointer for ECDSA.
The only limitation is that the OpenSSL API misses some cleanup function
(finish, for instance), hence I have yet