similar to: [Bug 577] bug (wrong flag) in sc_private_decrypt (scard-opensc.c)

http://bugzilla.mindrot.org/show_bug.cgi?id=584 Summary: scard-opensc.c doesn't work without PIN Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hi, I think there's a small bug in sc_private_decrypt in scard-opensc.c (see attached patch). The 'flags' parameter in the sc_pkcs15_decipher function call should be set to SC_ALGORITHM_RSA_PAD_PKCS1 and not to 0. If flags == 0 then sc_pkcs15_decipher uses RSA raw as a default method which has (at least) two drawbacks a) not all cards support RSA raw and b) sc_pkcs15_decipher does not

http://bugzilla.mindrot.org/show_bug.cgi?id=589 Summary: scard-opensc.c: load only those keys for which there's a private key Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard

http://bugzilla.mindrot.org/show_bug.cgi?id=621 Summary: scard-opensc.c: more than one private key object for a certificate Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=591 Summary: use PKCS#15 private key label as a comment in case of OpenSC Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard AssignedTo:

Hi, sorry, I'm not on the list, so please answer directly. I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6 with Gemplus 410 and 430 smartcard readers and Schlumberger cryptoflex smartcards. I used openssh-3.2.2p1 but the relevant file scard-opensc.c is unchanged in 3.4. RSA authentication to a remote host running opensshd did not work with the smartcard. Investigating the problem

I'm attaching a patch to allow ssh client to get a pin from the command line when using a smartcard. Most of it is from a patch by Danny De Cock <godot () ulyssis ! org>, but I've used the ssh read_passphrase function instead. Any errors are mine, I'm sure. This enables ssh -I 0 to use a pin-protected smartcard via opensc. Thanks, Kevin Stefanik -------------- next part

http://bugzilla.mindrot.org/show_bug.cgi?id=221 ------- Additional Comments From markus at openbsd.org 2002-04-18 02:04 ------- Created an attachment (id=81) readme patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

This patch modifies the simple menu com32 program to include integrated load progress. It also adds new options to the simple menu configuration MENU LOADMSG -- allows the user to specify the text to display when loading MENU LOADMSGROW -- controls where the text is written Example configuration: MENU LOADMSG Booting MENU LOADMSGROW 25 It works with my setup, please let me know if you find

Some smartcard readers have keypad to enter the PIN securely (i.e. such that it cannot be intercepted by a rogue (ssh) binary. PKCS#11 allows for enforcing this in hardware. Below patch allows for SSH to make use of this; against head/master as of today. Dw. commit 7f0250a8ae6c639a19d4e1e24fc112d5e2e1249a Author: Dirk-Willem van Gulik <dirkx at webweaving.org> Date: Tue Mar 17

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

Some HSM's such as Safenet Network HSM do not allow searching for keys unauthenticated. To support such devices provide a mechanism for users to provide a pin code that is always used to automatically log in to the HSM when using PKCS11. The pin code is read from a file specified by the environment variable SSH_PKCS11_PINFILE if it is set. Tested against Safenet Network HSM. ---

I find this approach very bad in general.? PKCS#11 standard says that *private* keys should not be accessible without authentication. *Public* keys and certificates of course can and should be accessible with no authentication. SoftHSM misinterpreted this originally (older pkcs11 documents were less clear :), but they rectified this mistake. We should not repeat it.?

Hello- I'm testing the current versions on UnixWare 2.x and have run into the following problems: After downloading the nightly snapshot, untar fails with "Directory Checksum error". Gunzip is successful, but the tar fails. Failing the snapshot extraction, I checked out a clean copy from the CVS. Configure fails when it hits the "/scard" directory, which is empty. I

Dear reader, we are using dovecot 2.2.7 and like it very much. Authentication is done via a checkpassword program that does two things: 1) check wether the client has connected via SSL using a client certificate 2) check wether the client is using a one time password generator Most of our users are using certificates that we have created ourself. These certificates contain a

A non-text attachment was scrubbed... Name: use-public-keys-instead-of-certs-with-opensc.patch Type: text/x-diff Size: 5512 bytes Desc: enable the use of raw public keys on OpenSC-supported smartcards Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not

http://bugzilla.mindrot.org/show_bug.cgi?id=221 Summary: updates for OpenSC support Product: Portable OpenSSH Version: -current Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: markus

Dear friends, First, thanks for helping me on ssh default option for smartcards. I recompiled SSH from CVS and it seems to work. I still have problems with: ssh-add -s /usr/lib/opensc-pkcs11.so Enter passphrase for PKCS#11: (I enter PIN code) SSH_AGENT_FAILURE Could not add card: /usr/lib/opensc-pkcs11.so pkcs11-tool --slot 1 -O Public Key Object; RSA 2048 bits label: Public Key ID:

I wasn't having much luck getting a key and certificate stored on a hardware token to work until I made this fix. The ssh_rsa_sign key was not using either overloading. I used the rsa.meth way, instead of the engine. With this patch ssh-add works. I'm working on getting ssh to take a PIN, but when I put in a call to read_passphrase in the appropriate place, it muddies the waters

OpenSC Release 0.8.0 ==================== We are pleased to announce the availability of OpenSC 0.8.0. OpenSC provides a set of libraries and utilities to access smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as mail encryption, authentication, and digital signature. OpenSC can be used with the following