similar to: Thanks on 6.5

Hi Tony, Have you solved this problem yet?I took another approach and used CACkey which supportsUS Government PIV cards including the CAC.? In my case I set it up on Linux Mint but there is an rpm version of CACKey for 32 or 64 bit Centos.Here is the process I went through. - setup CAC card by following instructions on: https://help.ubuntu.com/community/CommonAccessCard sudo apt-get install

So, it *seems* to be working, pretty much. I needed to install opensc, openct pcsc-lite, pcsc-lite-openct, and ctapi-common will be installed as a dependency. I *removed* coolkey and esc, which depended on it. 100% of the time, they misidentifed the new/current US federal ID PIV-II cards as coolkey cards, and popped up this "phone home" window, then a "manage smartcards"

CentOS 7, In firefox -> privacy & security -> certificates -> security devices i am trying to load the pkcs11 modules, but get the error unable to load. I am following the directions at https://piv.idmanagement.gov/engineering/firefox/ I have installed opensc and openssl-pkcs11, which contains /usr/lib64/openssl/engines/pkcs11.so and am using that is the module Has anybody here

> -----Original Message----- > From: m.roth at 5-cent.us [mailto:m.roth at 5-cent.us] > Sent: Friday, July 22, 2016 4:15 PM > To: CentOS mailing list > Subject: Re: [CentOS] CentOS 6.7->6.8, ssh-add issue, followup, more info > > m.roth at 5-cent.us wrote: > > Folks, > > > > I am perplexed. I updated my workstation at work Wed before I left, > >

[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard

Folks, I am perplexed. I updated my workstation at work Wed before I left, from 6.7 to 6.8. Then, yesterday, I went to use ssh-add -s libcoolkeypk11.so, which I've done many times before to add the certs from my PIV card... and 100% of the time if fails, letting me SSH_AGENT_FAILURE, cannot add card. Now, using a script called sccr, which uses my public and private key to generate a

Hi all, Thanks for all your hard work! I was particularly excited to see FIDO/U2F support in the latest release. I'd like to make the following bug report in ssh-agent's PKCS#11 support: Steps to reproduce: 1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key. 2. Add that key to ssh-agent. 3. Remove that key from ssh-agent. 4. Add that key to ssh-agent. Expected results:

Can anyone help with getting the new DoD CACs (Smart Card) to work in CentOS 6.6? I don't use it for console logins, only for email and .mil web sites. I recently had to get a new DoD CAC (Smart Card) when one of the buildings I work in upgraded their security system. My old CAC was working fine prior to this for signing and encrypting email and for authenticating to various DoD (.mil) sites

On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > Lack of time on the Open Source projects is understandable, and not uncommon. > > However, PKCS11 has been in the codebase practically forever - the ECC > patches that I saw did not alter the API or such. It is especially > non-invasive when digital signature is concerned. > > Considering how long those patches have

https://bugzilla.mindrot.org/show_bug.cgi?id=2635 Bug ID: 2635 Summary: Unable to use SSH Agent and user level PKCS11Provider configuration directive Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2890 Bug ID: 2890 Summary: ssh-agent should not fail after removing and inserting smart card Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote: > As a side note, OpenSC is looking at issues with using tokens vs > separate > readers and smart cards. The code paths in PKCS#11 differ. Removing a > card > from a reader leaves the pkcs#11 slot still available. Removing a > token (Yubikey) > removes both the reader and and its builtin smart card. Firefox has a >

What I?m saying is that TPM should be able to behave like a PKCS#11 token. Loading TPM keys is similar to provisioning a PKCS#11 token (and hopefully needs to be done as rarely). The normal use of a TPM seems to be operating on the keys already installed ? rather than loading keys in every time you need to do something. TPM, like other hardware tokens, was designed for storing things (keys)

Hello everyone, as you could have noticed over the years, there are several bugs for PKCS#11 improvement and integration which are slipping under the radar for several releases, but the most painful ones are constantly updated by community to build, work and make our lives better. I wrote some of the patches, provided feedback to others, or offered other help here on mailing list, but did not

On Thu, 2014-12-04 at 11:30 -0500, m.roth at 5-cent.us wrote: > Cal Webster wrote: > > On Thu, 2014-12-04 at 08:08 -0500, mark wrote: > >> On 12/03/14 17:34, Cal Webster wrote: > >> > Can anyone help with getting the new DoD CACs (Smart Card) to work in > >> > CentOS 6.6? I don't use it for console logins, only for email and .mil > >> > web

What's happening: I put my "SmartCard" in the reader, and the Coolkey phone home window pops up. I close it, and the SmartCard manager window pops up, saying it's not initialized. Neither of these should be happening with these cards (US federal gov't issue, not DoD). Googling, I find <https://rhn.redhat.com/errata/RHBA-2010-0068.html>, and in that, it says (in part):

https://bugzilla.mindrot.org/show_bug.cgi?id=2432 Bug ID: 2432 Summary: ssh-keygen and tools should be able to get public part directly from private key (portability) Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement

On Thu, 2014-12-04 at 08:08 -0500, mark wrote: > On 12/03/14 17:34, Cal Webster wrote: > > Can anyone help with getting the new DoD CACs (Smart Card) to work in > > CentOS 6.6? I don't use it for console logins, only for email and .mil > > web sites. > > > > I recently had to get a new DoD CAC (Smart Card) when one of the > > buildings I work in upgraded

I thought DoD used RHEL and not Centos, or did Centos did approved DADEMS recently? On Wed, Dec 3, 2014 at 5:34 PM, Cal Webster <cwebster at ec.rr.com> wrote: > Can anyone help with getting the new DoD CACs (Smart Card) to work in > CentOS 6.6? I don't use it for console logins, only for email and .mil > web sites. > > I recently had to get a new DoD CAC (Smart Card) when

> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Cal Webster > Sent: Wednesday, December 03, 2014 17:35 > To: CentOS List > Subject: [CentOS] Firefox fails to authenticate .mil sites > with New DoD CAC > > Can anyone help with getting the new DoD CACs (Smart Card) to work in > CentOS 6.6? I