search for: pkcs11_open_session

..., I have only one comment, but I plan to run more tests in our > environment. There is also changed semantics of the ssh-keygen when listing keys from PKCS#11 modules. In the past, it was not needed to enter a PIN for this, but now. At least, it is not consistent with a comment in the function pkcs11_open_session(), which says 727 * if pin == NULL we delay login until key use Being logged in before listing keys prevents bug #2430, but as a side effect, even the ssh can not list keys before login and if the configuration contains a PKCS#11 module, the user is always prompted for a PIN, which is not very...

...rote: > > > There is also changed semantics of the ssh-keygen when listing keys > > from PKCS#11 modules. In the past, it was not needed to enter a PIN > > for > > this, but now. > > > > At least, it is not consistent with a comment in the function > > pkcs11_open_session(), which says > > > > 727 * if pin == NULL we delay login until key use > > > > Being logged in before listing keys prevents bug #2430, but as a > > side > > effect, even the ssh can not list keys before login and if the > > configuration contains a PKC...

...KCS#11 library as follows. 1. pkcs11_add_provider [3][4] is called, which calls pkcs11_register_provider [5] 2. pkcs11_register_provider performs some sanity checks and setting up, and then tries to derive keys for the slots available [6] 3. For deriving keys a PKCS#11 session is opened by calling pkcs11_open_session [7]. pkcs11_open_session checks if the CKF_LOGIN_REQUIRED flag is set [8] and fails if it is set but no PIN was provided. 4. After establishing a session pkcs11_fetch_keys is called [9], to derive keys 5. If it was not possible to derive at least one key and no login took place yet and the session...

https://bugzilla.mindrot.org/show_bug.cgi?id=2652 Bug ID: 2652 Summary: PKCS11 login skipped if login required and no pin set Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Smartcard Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2432 Bug ID: 2432 Summary: ssh-keygen and tools should be able to get public part directly from private key (portability) Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

Hi, OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at