similar to: features

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:19.openssl Security Advisory The FreeBSD Project Topic: Incorrect PKCS#1 v1.5 padding validation in crypto(3) Category: contrib Module: openssl

Author: izick Repository: /hg/zfs-crypto/gate Revision: f7c96af91f148327ba792c8fbcb9e49897664f9c Log message: PSARC 2005/572 PKCS#11 v2.20 4920408 PKCS#11 v2.20 support for the Crypto Framework 6287425 residual bzero''s in hmac part of sha2 6287428 add sha2 to the i.kcfconfbase upgrade script Files: create: usr/src/common/crypto/blowfish/blowfish_cbc_crypt.c create:

Author: pwernau Repository: /hg/zfs-crypto/gate Revision: ba16e4a9c5255b467f2d29663976000f863c3b71 Log message: PSARC 2005/501 ikecert PKCS#11 object migration and linkage 6219636 ikecert(1m) needs to tie IKE certificate slots to existing PKCS#11 objects 6220119 ikecert certlocal migrate disk key to PKCS#11 token 6232671 Can''t add a certificate to a keystore with ikecert(1m) 6303764 IKE

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:06.openssl Security Advisory The FreeBSD Project Topic: OpenSSL timing-based SSL/TLS attack Category: crypto Module: openssl Announced:

Hello, I'm writing from OpenSC project (OpenSSH used to include OpenSC support for smart cards, it has been removed now and PKCS#11 is used instead, whish is nice), we're planning to have a "Security / hardware crypto keys" themed devroom at FOSDEM next year. Are people on this list interested in participating, and trying to tackle the problem of "Why OpenSSH does not work

Hello all, first, if this is disallowed by the rules for this list (I'm a bit uncertain..), then please forgive me. I am working for a company doing services for the credit card industry. Among other things, we specialize in authentication systems (3-D Secure) for internet-based trade, and are subject to very strict security requirements (obviously). The relevant systems are all

On Thu, 2014-12-04 at 08:08 -0500, mark wrote: > On 12/03/14 17:34, Cal Webster wrote: > > Can anyone help with getting the new DoD CACs (Smart Card) to work in > > CentOS 6.6? I don't use it for console logins, only for email and .mil > > web sites. > > > > I recently had to get a new DoD CAC (Smart Card) when one of the > > buildings I work in upgraded

How about using the existing OpenSSH client's PKCS#11 support to isolate keying material in a dedicated process? A similar approach, "Practical key privilege separation using Caml Crush", was discussed at FOSDEM'15 with a focus on Heatbleed [1][2] but the ideas and principles are the same. Now this is easily done using the following available components: - SoftHSM to store

This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl), so openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and communicate with the crypto cards during ssh login. 1. The flock and ipc are allowed only for s390 architecture. They are needed for openCryptoki project (PKCS#11 implementation), as the ibmpkcs11 engine makes use of openCryptoki. For more information,

I thought DoD used RHEL and not Centos, or did Centos did approved DADEMS recently? On Wed, Dec 3, 2014 at 5:34 PM, Cal Webster <cwebster at ec.rr.com> wrote: > Can anyone help with getting the new DoD CACs (Smart Card) to work in > CentOS 6.6? I don't use it for console logins, only for email and .mil > web sites. > > I recently had to get a new DoD CAC (Smart Card) when

> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Cal Webster > Sent: Wednesday, December 03, 2014 17:35 > To: CentOS List > Subject: [CentOS] Firefox fails to authenticate .mil sites > with New DoD CAC > > Can anyone help with getting the new DoD CACs (Smart Card) to work in > CentOS 6.6? I

Hi Is there any work being done on implementing IM/SIMPLE support for SIP on Asterisk? Like a presence server? rdgs, /Staffan Kerker

https://bugzilla.mindrot.org/show_bug.cgi?id=3635 Bug ID: 3635 Summary: ssh-add -s always asks for PKCS#11 PIN Product: Portable OpenSSH Version: 9.0p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add Assignee: unassigned-bugs at

Hello, PKCS#11 is a standard API interface that can be used in order to access cryptographic tokens. You can find the specification at http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most smartcard and other cryptographic device vendors support PKCS#11, opensc also provides PKCS#11 interface. I can easily make the scard.c, scard-opensc.c and ssh-agent.c support PKCS#11. PKCS#11 is

Hello Andreas, On 10/11/05, Andreas Jellinghaus <aj at dungeon.inka.de> wrote: > Peter Koch pointed me to your posting on openssh-devel mailing list. I am very glad that he did. > I'm one of the opensc people, and from my point of view your idea > is a good one. The current openssh-opensc code has a number of issues, > for example the ssh-agent does not test the pin

Hi All, The version of "PKCS#11 support in OpenSSH" is ready for download. On download page http://alon.barlev.googlepages.com/openssh-pkcs11 you can find a patch for OpenSSH 4.5p1. Most of PKCS#11 code is now moved to a standalone library which I call pkcs11-helper, this library is used by all projects that I added PKCS#11 support into. The library can be downloaded from:

Hello, OpenSSH supports PKCS#11 on the client side, but that does not extend to the server side. I would like to bring PKCS#11 support to sshd. I am working on embedded Linux systems with integrated HSM. The sshd host key is stored on the HSM. To have sshd using that key, we rely on the following chain: sshd -> OpenSSL -> OpenSSL Engine -> HSM Having PKCS#11 support in sshd, would

Hello All, As I promised, I've completed and initial patch for openssh PKCS#11 support. The same framework is used also by openvpn. I want to help everyone who assisted during development. This patch is based on the X.509 patch from http://roumenpetrov.info/openssh/ written by Rumen Petrov, supporting PKCS#11 without X.509 looks like a bad idea. *So the first question is: What is the

https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Bug ID: 2817 Summary: Add support for PKCS#11 URIs (RFC 7512) Product: Portable OpenSSH Version: 7.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Smartcard Assignee: unassigned-bugs at

Hello, The version 0.07 of "PKCS#11 support in OpenSSH" is published. Changes: 1. Updated against OpenSSH 4.3p1. 2. Ignore '\r' at password prompt, cygwin/win32 password prompt support. 3. Workaround for iKey PKCS#11 provider bug. 4. Some minor cleanups. 5. Allow clean merge of Roumen Petrov's X.509 patch (version 5.3) after this one. [[[ The patch-set is too large for