similar to: Crypto certificates in 1.1.11

I suggest deprecating proprietary SSH certificates and move to X.509 certificates. The reasons why I suggest this change are: X.509 certificates are the standard on the web, SSH certificates provide no way to revoke compromised certificates, and SSH certificates haven't seen significant adoption, It's also a bad idea to roll your own crypto, and own certificate format seems like an example

Hi All, The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1 you can found diff for OpenSSH versions 4.4p1. What's new: * specific diff of 5.5 for OpenSSH 4.4p1 Because of OpenSSH source code changes, like include statements and new server option

Hi, I have a question regarding the binary format of the certificates generated with ssh-keygen, in particular when the critical options of source-address or force-command are present and the correspondence to the certificate format specifications such as http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD . It appears that the string values of the source-address

https://bugzilla.mindrot.org/show_bug.cgi?id=1498 Summary: OpenSC smartcard access should use raw public keys, not X.509 certificates Classification: Unclassified Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Keywords: patch Severity: normal

Hello, Can someone point me to what I should do to install the missing files? I am trying to generate self-signed certificates using mkcert.sh but I get the following error: $ /usr/local/share/dovecot/mkcert.sh error on line -1 of ./dovecot-openssl.cnf} 6213:error:02001002:system library:fopen:No such file or

On Tue, 29 Nov 2016 09:25:49 +0000 Stefan Hajnoczi <stefanha at redhat.com> wrote: > On Tue, Nov 29, 2016 at 08:22:58AM +0000, Gonglei (Arei) wrote: > > Hi, > > > > > > > > +source "drivers/crypto/virtio/Kconfig" > > > > > > + > > > > > > endif # CRYPTO_HW > > > > > > diff --git

On Tue, 29 Nov 2016 09:25:49 +0000 Stefan Hajnoczi <stefanha at redhat.com> wrote: > On Tue, Nov 29, 2016 at 08:22:58AM +0000, Gonglei (Arei) wrote: > > Hi, > > > > > > > > +source "drivers/crypto/virtio/Kconfig" > > > > > > + > > > > > > endif # CRYPTO_HW > > > > > > diff --git

> Am 29.05.2017 um 14:41 schrieb Robert Moskowitz <rgm at htt-consult.com>: > > > > On 05/29/2017 06:46 AM, Leon Fauster wrote: >>> Am 29.05.2017 um 05:46 schrieb Robert Moskowitz <rgm at htt-consult.com>: >>> >>> >>> >>> On 05/28/2017 06:57 PM, Rob Kampen wrote: >>>> On 28/05/17 23:56, Leon Fauster wrote:

Hi, > > > > +source "drivers/crypto/virtio/Kconfig" > > > > + > > > > endif # CRYPTO_HW > > > > diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile > > > > index ad7250f..bc53cb8 100644 > > > > --- a/drivers/crypto/Makefile > > > > +++ b/drivers/crypto/Makefile > > > > @@ -32,3

> Am 29.05.2017 um 05:46 schrieb Robert Moskowitz <rgm at htt-consult.com>: > > > > On 05/28/2017 06:57 PM, Rob Kampen wrote: >> On 28/05/17 23:56, Leon Fauster wrote: >>>> Am 28.05.2017 um 12:16 schrieb Robert Moskowitz <rgm at htt-consult.com>: >>>> >>>> >>>> >>>> On 05/28/2017 04:24 AM, Tony

Hi, > > > > +source "drivers/crypto/virtio/Kconfig" > > > > + > > > > endif # CRYPTO_HW > > > > diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile > > > > index ad7250f..bc53cb8 100644 > > > > --- a/drivers/crypto/Makefile > > > > +++ b/drivers/crypto/Makefile > > > > @@ -32,3

On Thu, Dec 01, 2016 at 02:27:19AM +0000, Gonglei (Arei) wrote: > > On Tue, Nov 29, 2016 at 08:48:14PM +0800, Gonglei wrote: > > > diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c > > b/drivers/crypto/virtio/virtio_crypto_algs.c > > > new file mode 100644 > > > index 0000000..08b077f > > > --- /dev/null > > > +++

On Thu, Dec 01, 2016 at 02:27:19AM +0000, Gonglei (Arei) wrote: > > On Tue, Nov 29, 2016 at 08:48:14PM +0800, Gonglei wrote: > > > diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c > > b/drivers/crypto/virtio/virtio_crypto_algs.c > > > new file mode 100644 > > > index 0000000..08b077f > > > --- /dev/null > > > +++

Can you implement revocation support? On Fri, May 25, 2018 at 6:55 AM, Damien Miller <djm at mindrot.org> wrote: > No way, sorry. > > The OpenSSH certificate format was significantly motivated by X.509's > syntactic and semantic complexity, and the consequent attack surface in > the sensitive pre-authentication paths of our code. We're very happy to > be able to

<20200123101000.GB24255 at Red> References: <20200526031956.1897-3-longpeng2 at huawei.com> <20200123101000.GB24255 at Red> Hi [This is an automated email] This commit has been processed because it contains a "Fixes:" tag fixing commit: dbaf0624ffa5 ("crypto: add virtio-crypto driver"). The bot has tested the following trees: v5.6.14, v5.4.42, v4.19.124,

Hi Corentin, Thank you for this new version which I have testes successfully with the stm32 hash & cryp drivers. As a general comment on this patchset, I would say that it does not cover all async requests: typically I need (for the pending stm32 cryp driver uprade) to use CryptoEngine to process AEAD requests which is not covered here. Could you please consider adding the

On 03/01/18 21:11, Corentin Labbe wrote: > This patch convert the stm32-cryp driver to the new crypto engine API. > Signed-off-by: Corentin Labbe <clabbe.montjoie at gmail.com> > --- > drivers/crypto/stm32/stm32-cryp.c | 21 ++++++++++++++++----- > 1 file changed, 16 insertions(+), 5 deletions(-) > > diff --git a/drivers/crypto/stm32/stm32-cryp.c

Some hardware accelerators (like intel aseni or the s390 cpacf functions) have lower priorities than virtio crypto, and those drivers are faster than the same in the host via virtio. So let's lower the priority of virtio-crypto's algorithm, make it's higher than sofeware implimentations but lower than the hardware ones. Suggested-by: Christian Borntraeger <borntraeger at

Some hardware accelerators (like intel aseni or the s390 cpacf functions) have lower priorities than virtio crypto, and those drivers are faster than the same in the host via virtio. So let's lower the priority of virtio-crypto's algorithm, make it's higher than sofeware implimentations but lower than the hardware ones. Suggested-by: Christian Borntraeger <borntraeger at

Hi Freebies!! I know F-BSD 4.8 supports a framework in the kernel to use crypto functions from hifn crypto cards. Is there any of these cards that support custom crypto? What is the best route to go if I want to support IPSec (and maybe other) crypto functions but with custom crypto algorithms? Any info or ideas will be appreciated. Thanks Peut