search for: softhsm2

https://bugzilla.mindrot.org/show_bug.cgi?id=2430 Bug ID: 2430 Summary: ssh-keygen should allow to login before reading public key from smart card Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

...s not handled by keygen correctly. The length check was added based on the bug #1773. It is fine to skip certificates that have empty values. But requiring non-empty ID is not preferred way because: * the ID is not used anywhere in ssh-keygen * some tokens do not provide ID The example is again softHSM2 token, which returns ID length of zero and in current ssh-keygen is silently ignored. This token has also the need to login, before even public key can be accessed (not rare example), but it will be described in other report, since it will require more changes. [1] https://bugzilla.redhat.com/sho...

https://bugzilla.mindrot.org/show_bug.cgi?id=2638 Bug ID: 2638 Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement

On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > Lack of time on the Open Source projects is understandable, and not uncommon. > > However, PKCS11 has been in the codebase practically forever - the ECC > patches that I saw did not alter the API or such. It is especially > non-invasive when digital signature is concerned. > > Considering how long those patches have

https://bugzilla.mindrot.org/show_bug.cgi?id=2474 Bug ID: 2474 Summary: Enabling ECDSA in PKCS#11 support for ssh-agent Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs