Displaying 7 results from an estimated 7 matches for "process_add_smartcard_key".
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
...-pkcs11.so": agent
refused operation
In a separate terminal:
$ ./ssh-agent -d
SSH_AUTH_SOCK=/tmp/ssh-RORElJeiiHBc/agent.21116; export SSH_AUTH_SOCK;
echo Agent pid 21116;
debug2: fd 3 setting O_NONBLOCK
debug2: fd 4 setting O_NONBLOCK
debug1: process_message: socket 1 (fd=4) type 20
debug1: process_add_smartcard_key: add
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
debug1: pkcs11_start_helper: starting /usr/local/libexec/ssh-pkcs11-helper -vvv
debug1: process_add
debug1: provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so:
manufacturerID <OpenSC Project> cryptokiVersion 2.20
libraryDescription <OpenSC s...
2023 Sep 11
20
[Bug 3613] New: Unable to sign using certificates and PKCS#11
...fig/git/config failed: agent refused operation
```
though the `-f` option seems to be ignored and the `ssh-agent` looks
for an RSA-CERT when only RSA keys are loaded:
```
debug1: new_socket: type = CONNECTION
debug2: fd 4 setting O_NONBLOCK
debug1: process_message: socket 1 (fd=4) type 20
debug2: process_add_smartcard_key: entering
debug1: process_add_smartcard_key: add
/usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0
debug1: process_add
debug1: provider /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0:
manufacturerID <PKCS#11 Kit> cryptokiVersion 2.40 libraryDescription
<PKCS#11 Kit Proxy Module> libraryVersi...
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the
openssl provider transition. What will happen in openssl 3.0.0 is
that providers become active and will accept keys via URI. The
current file mechanisms will still be available but internally it will
become a file URI. To support the provider interface, openssl will
have to accept keys by URI instead of file and may
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...+
+ success = 1;
if ((id = lookup_identity(k, version)) == NULL) {
id = xcalloc(1, sizeof(Identity));
- id->key = k;
+ id->idkey = refkey_new(k);
TAILQ_INSERT_TAIL(&tab->idlist, id, next);
/* Increment the number of identities. */
tab->nentries++;
@@ -774,7 +853,7 @@ process_add_smartcard_key(SocketEntry *e
tab = idtab_lookup(version);
if (lookup_identity(k, version) == NULL) {
id = xcalloc(1, sizeof(Identity));
- id->key = k;
+ id->idkey = refkey_new(k);
id->provider = xstrdup(provider);
id->comment = xstrdup(provider); /* XXX */
id->death = dea...
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2015 Sep 25
24
[Bug 2472] New: Add support to load additional certificates
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Bug ID: 2472
Summary: Add support to load additional certificates
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs at
2020 Jan 30
6
[PATCH 1/2] Add support for openssl engine based keys
...gine);
+ free(file);
+ /* open code send_status because need to return actual error */
+ if (sshbuf_put_u32(e->output, 1) != 0 ||
+ sshbuf_put_u8(e->output, r) != 0)
+ fatal("%s: buffer error", __func__);
+}
+#endif /* USE_OPENSSL_ENGINE */
+
#ifdef ENABLE_PKCS11
static void
process_add_smartcard_key(SocketEntry *e)
@@ -860,6 +937,12 @@ process_message(u_int socknum)
process_remove_smartcard_key(e);
break;
#endif /* ENABLE_PKCS11 */
+#ifdef USE_OPENSSL_ENGINE
+ case SSH_AGENTC_ADD_ENGINE_KEY:
+ case SSH_AGENTC_ADD_ENGINE_KEY_CONSTRAINED:
+ process_add_engine_key(e);
+ break;
+#endif /*...