search for: pkcs15

I began playing with smartcard support and enabled this in openssh-3.5p1 on linux. The -U (upload) option unfortunately doesn't work yet with ssh-keygen: $ ssh-keygen -U 0 Enter file in which the key is (/home/user/.ssh/id_rsa): key uploading not yet supported Is there a tool to upload an openssh rsa key to a smart card so that I can use it with ssh -I later on? Should I just upload it as a

...mpute_signature: returning with: Security status not satisfied card-etoken.c:175:etoken_check_sw: required access right not granted card-etoken.c:631:do_compute_signature: returning with: Security status not satisfied sec.c:53:sc_compute_signature: returning with: Security status not satisfied pkcs15-sec.c:285:sc_pkcs15_compute_signature: sc_compute_signature() failed: Security status not satisfied sc_pkcs15_compute_signature() failed: Security status not satisfied ssh_rsa_sign: RSA_sign failed: error:00000000:lib(0):func(0):reason(0) This is happen because openssh never prompt for the pin....

...n move it away, it's a blank window. Pull out the card, and *some* of the time, it pops up the window showing no certs, having never asked for a PIN. The rest of the time, firefox crashes, hard. I know the pcscd part works - I used it via a script this morning from the command line, as does pkcs15-tool from the command line. Anyone got any clues? Maybe I should downgrade (if I can) firefox? mark

...a blank window. Pull out the card, and *some* of the > time, it pops up the window showing no certs, having never asked for a > PIN. The rest of the time, firefox crashes, hard. > > I know the pcscd part works - I used it via a script this morning from > the command line, as does pkcs15-tool from the command line. > > Anyone got any clues? Maybe I should downgrade (if I can) firefox? > Additional info: I tried bringing up firefox with two other profiles. One didn't have coolkey as a security device, but when I tried to add it, it responded with "cannot add mod...

...certificate (i.e. public key). For example some cards OSs do not support signing and decryption with one private key object => if you want to use the same key for signing and decryption you need two copies of the key (one for signing and one for decryption). Currently scard-opensc.c uses the sc_pkcs15_find_prkey_by_id function to get the private key object (specified by the pkcs15 id) but this function returns only the first private key object found. It would be better to use the sc_pkcs15_find_prkey_by_id_usage function and search for a private key with the desired capability (see attached patc...

...n (not subscribed, please CC) to ask if it's planned to add "identity selection" when using a PKCS#11 provider. To be more clear: I have a (working) reader+smartcard, handled by PKCS11Provider /usr/lib/opensc-pkcs11.so statement in config file. Card is "formatted" w/ "pkcs15-init -C", and got a couple PINs, some mail certs and some keypairs added. Seems it works as expected *IF* the only (or first) on-card keypair is the one to be used for SSH. If it's after other keys/certs there's no way (I know of) to avoid testing all the preceeding keys (that's r...

...; submitter 486747 ! Bug#486747: pbuilder-uml should not always copy in /etc/resolv.conf, hostname, hosts. Changed Bug submitter from Daniel Kahn Gillmor <dkg-debian.org at fifthhorseman.net> to Daniel Kahn Gillmor <dkg at fifthhorseman.net>. > submitter 487159 ! Bug#487159: opensc: pkcs15-init --store-pin prompts about undocumented transport keys Changed Bug submitter from Daniel Kahn Gillmor <dkg-debian.org at fifthhorseman.net> to Daniel Kahn Gillmor <dkg at fifthhorseman.net>. > submitter 487191 ! Bug#487191: opensc: pkcs15-tool --store-certificate expects the key...

Hello OpenSSH developers, A week ago I've posted a patch that enables openssh to work with PKCS#11 tokens. I didn't receive any comments regarding the patch or reply to my questions. In current software world, providing a security product that does not support standard interface for external cryptographic hardware makes the product obsolete. Please comment my patch, so I can know

Hi, The 4.4p1 release is approaching now, so we are now asking people to actively test snapshots or CVS and report back to the mailing list. Snapshots are available from http://www.mindrot.org/openssh_snap or from any of the mirrors listed on http://www.openssh.org/portable.html The latter page also includes instructions for checking out portable OpenSSH via anonymous CVS. This release