similar to: ssh-keygen with libpkcs11.so can't work (Nan)

Hi, I'm trying the new feature "ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token". According to the manpage, I should use "-D" option. And I had a problem with this option. root at ubuntu-desktop[/home/adam/temp7]#ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id id_rsa.pub dlopen libpkcs11.so failed: libpkcs11.so:

Author: izick Repository: /hg/zfs-crypto/gate Revision: f7c96af91f148327ba792c8fbcb9e49897664f9c Log message: PSARC 2005/572 PKCS#11 v2.20 4920408 PKCS#11 v2.20 support for the Crypto Framework 6287425 residual bzero''s in hmac part of sha2 6287428 add sha2 to the i.kcfconfbase upgrade script Files: create: usr/src/common/crypto/blowfish/blowfish_cbc_crypt.c create:

Author: darrenm Repository: /hg/zfs-crypto/gate Revision: 14d7bfad76ad917e7df568c6739d34eba6b60a33 Log message: 6368332 libpkcs11 should report that it is v2.20 not v2.11 Files: update: usr/src/lib/pkcs11/libpkcs11/common/pkcs11Conf.c update: usr/src/lib/pkcs11/libpkcs11/common/pkcs11Global.h

Author: Darren Moffat <darrenm at opensolaris.org> Repository: /hg/zfs-crypto/zfs-crypto-gate Latest revision: ec659b717bdb149af4dc7a2ac1bc1c152d859b02 Total changesets: 1 Log message: Fix mismerge for libcryptoutil & libpkcs11 Files: update: usr/src/lib/libcryptoutil/common/cryptoutil.h update: usr/src/lib/libcryptoutil/common/mapfile-vers update:

https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Bug ID: 2817 Summary: Add support for PKCS#11 URIs (RFC 7512) Product: Portable OpenSSH Version: 7.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Smartcard Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2075 Bug ID: 2075 Summary: [PATCH] Enable key pair generation on a PCKS#11 device Classification: Unclassified Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:

Hello everyone, as you could have noticed over the years, there are several bugs for PKCS#11 improvement and integration which are slipping under the radar for several releases, but the most painful ones are constantly updated by community to build, work and make our lives better. I wrote some of the patches, provided feedback to others, or offered other help here on mailing list, but did not

https://bugzilla.mindrot.org/show_bug.cgi?id=1929 Bug #: 1929 Summary: ssh-keygen fails to build because PKCS11 is not available Classification: Unclassified Product: Portable OpenSSH Version: 5.8p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

https://bugzilla.mindrot.org/show_bug.cgi?id=2430 Bug ID: 2430 Summary: ssh-keygen should allow to login before reading public key from smart card Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

OpenSSH 8.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

OpenSSH 9.4 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

Compiled on OpenIndiana using GCC 11 :; SunOS 5.11 illumos-2e79e00041 illumos Although snapshot was downloaded, it shows 9.3 version: :; ssh -V OpenSSH_9.3p1-snap20230809, OpenSSL 1.1.1v? 1 Aug 2023 Thanks and regards. On 31.07.2023 08:12, Damien Miller wrote: > Hi, > > OpenSSH 9.4 is almost ready for release, so we would appreciate testing > on as many platforms and systems as

On Sat, 2019-04-06 at 03:20 +1100, Damien Miller wrote: > On Fri, 5 Apr 2019, Jakub Jelen wrote: > > > There is also changed semantics of the ssh-keygen when listing keys > > from PKCS#11 modules. In the past, it was not needed to enter a PIN > > for > > this, but now. > > > > At least, it is not consistent with a comment in the function > >

Hello, The version 0.11 of "PKCS#11 support in OpenSSH" is published. Changes: 1. Updated against OpenSSH 4.3p2. 2. Modified against Roumen Petrov's X.509 patch (version 5.4), so self-signed certificates are treated by the X.509 patch now. 3. Added --pkcs11-x509-force-ssh if X.509 patch applied, until some issues with the X.509 patch are resolved. 4. Fixed issues with gcc-2. You

https://bugzilla.mindrot.org/show_bug.cgi?id=2427 Bug ID: 2427 Summary: ssh keygen is trying to read uninitialized slots on smart card (and is failing) Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

Author: mcpowers Repository: /hg/zfs-crypto/gate Revision: 96cccf53906cb9bb5a733b8ca426f5f511392252 Log message: PSARC 2006/214 Crypto Framework random number API/SPI update 6374503 C_SeedRandom is too slow causing poor performance with Apache/OpenSSL when using pkcs11 Files: update: usr/src/lib/pkcs11/libpkcs11/common/metaGeneral.c update: usr/src/lib/pkcs11/libpkcs11/common/metaGlobal.h

Hello All, As I promised, I've completed and initial patch for openssh PKCS#11 support. The same framework is used also by openvpn. I want to help everyone who assisted during development. This patch is based on the X.509 patch from http://roumenpetrov.info/openssh/ written by Rumen Petrov, supporting PKCS#11 without X.509 looks like a bad idea. *So the first question is: What is the

Dear friends, First, thanks for helping me on ssh default option for smartcards. I recompiled SSH from CVS and it seems to work. I still have problems with: ssh-add -s /usr/lib/opensc-pkcs11.so Enter passphrase for PKCS#11: (I enter PIN code) SSH_AGENT_FAILURE Could not add card: /usr/lib/opensc-pkcs11.so pkcs11-tool --slot 1 -O Public Key Object; RSA 2048 bits label: Public Key ID:

Hi, OpenSSH 9.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

ssh-keygen already supports importing and exporting ssh keys using various formats. The "-m PEM" which should have been the easiest to be used with various of external application expects PKCS#1 encoded key, while many applications use SubjectPublicKeyInfo encoded key. This change adds SubjectPublicKeyInfo support, to ease integration with applications. Examples: ## convert