search for: pkcs11_open_session

Displaying 7 results from an estimated 7 matches for "pkcs11_open_session".

2019 Apr 05
2
Call for testing: OpenSSH 8.0
..., I have only one comment, but I plan to run more tests in our > environment. There is also changed semantics of the ssh-keygen when listing keys from PKCS#11 modules. In the past, it was not needed to enter a PIN for this, but now. At least, it is not consistent with a comment in the function pkcs11_open_session(), which says 727 * if pin == NULL we delay login until key use Being logged in before listing keys prevents bug #2430, but as a side effect, even the ssh can not list keys before login and if the configuration contains a PKCS#11 module, the user is always prompted for a PIN, which is not very...
2019 Apr 24
2
Call for testing: OpenSSH 8.0
...rote: > > > There is also changed semantics of the ssh-keygen when listing keys > > from PKCS#11 modules. In the past, it was not needed to enter a PIN > > for > > this, but now. > > > > At least, it is not consistent with a comment in the function > > pkcs11_open_session(), which says > > > > 727 * if pin == NULL we delay login until key use > > > > Being logged in before listing keys prevents bug #2430, but as a > > side > > effect, even the ssh can not list keys before login and if the > > configuration contains a PKC...
2023 Nov 19
2
[Bug 3635] New: ssh-add -s always asks for PKCS#11 PIN
...KCS#11 library as follows. 1. pkcs11_add_provider [3][4] is called, which calls pkcs11_register_provider [5] 2. pkcs11_register_provider performs some sanity checks and setting up, and then tries to derive keys for the slots available [6] 3. For deriving keys a PKCS#11 session is opened by calling pkcs11_open_session [7]. pkcs11_open_session checks if the CKF_LOGIN_REQUIRED flag is set [8] and fails if it is set but no PIN was provided. 4. After establishing a session pkcs11_fetch_keys is called [9], to derive keys 5. If it was not possible to derive at least one key and no login took place yet and the session...
2016 Dec 24
30
[Bug 2652] New: PKCS11 login skipped if login required and no pin set
https://bugzilla.mindrot.org/show_bug.cgi?id=2652 Bug ID: 2652 Summary: PKCS11 login skipped if login required and no pin set Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Smartcard Assignee:
2015 Jul 20
5
[Bug 2432] New: ssh-keygen and tools should be able to get public part directly from private key (portability)
https://bugzilla.mindrot.org/show_bug.cgi?id=2432 Bug ID: 2432 Summary: ssh-keygen and tools should be able to get public part directly from private key (portability) Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement
2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet
2019 Mar 27
26
Call for testing: OpenSSH 8.0
Hi, OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at