Displaying 20 results from an estimated 1000 matches similar to: "Wanted: smartcard with ECDSA support"
2018 Aug 13
8
Why still no PKCS#11 ECC key support in OpenSSH ?
On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
> Lack of time on the Open Source projects is understandable, and not uncommon.
>
> However, PKCS11 has been in the codebase practically forever - the ECC
> patches that I saw did not alter the API or such. It is especially
> non-invasive when digital signature is concerned.
>
> Considering how long those patches have
2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list,
I have no idea if Damien Miller had the time to work on that.
I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
required interfaces to override the signature function pointer for ECDSA.
The only limitation is that the OpenSSL API misses some cleanup function
(finish, for instance), hence I have yet
2016 Nov 11
10
[Bug 2638] New: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects
https://bugzilla.mindrot.org/show_bug.cgi?id=2638
Bug ID: 2638
Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the
private objects
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
2007 Sep 25
9
OpenSSH PKCS#11merge
[[Sending again, as for some strange reason it is not accepted]]
Hello OpenSSH developers,
I maintain external patch for PKCS#11 smartcard support into
OpenSSH[1] , many users already apply and use this patch.
I wish to know if anyone is interesting in working toward merging this
into mainline.
I had some discussion with Damien Miller, but then he disappeared.
Having standard smartcard
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
Hi all,
Thanks for all your hard work! I was particularly excited to see
FIDO/U2F support in the latest release.
I'd like to make the following bug report in ssh-agent's PKCS#11 support:
Steps to reproduce:
1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key.
2. Add that key to ssh-agent.
3. Remove that key from ssh-agent.
4. Add that key to ssh-agent.
Expected results:
2010 Dec 15
1
Smart cards, mostly solved
So, it *seems* to be working, pretty much. I needed to install
opensc, openct pcsc-lite, pcsc-lite-openct, and ctapi-common will be
installed as a dependency.
I *removed* coolkey and esc, which depended on it. 100% of the time, they
misidentifed the new/current US federal ID PIV-II cards as coolkey cards,
and popped up this "phone home" window, then a "manage smartcards"
2020 Apr 02
2
firefox unable to load pkcs11 module
CentOS 7, In firefox -> privacy & security -> certificates -> security
devices
i am trying to load the pkcs11 modules, but get the error unable to load.
I am following the directions at
https://piv.idmanagement.gov/engineering/firefox/
I have installed opensc and openssl-pkcs11, which
contains /usr/lib64/openssl/engines/pkcs11.so
and am using that is the module
Has anybody here
2020 Feb 18
2
Resident keys?
On Feb 17, 2020, at 9:45 PM, Damien Miller <djm at mindrot.org> wrote:
> On Mon, 17 Feb 2020, Ron Frederick wrote:
>> I?m trying out the ?resident key? functionality in OpenSSH 8.2, and
>> I?m having trouble getting it to find keys that I?ve created.
>>
>> I?m trying to create a new resident key using:
>>
>> ssh-keygen -O resident -t ed25519-sk -f
2016 Oct 27
11
[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635
Bug ID: 2635
Summary: Unable to use SSH Agent and user level PKCS11Provider
configuration directive
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2020 Jul 10
3
OpenSSH not requesting PIN code for YubiKey
I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it
works. However, it does not do PIN enforcement at SSH login. It only
requests the PIN during the set-up process (when the key is being
generated). Is that the way it's supposed to work?
Frank
2020 Jun 26
14
[Bug 3188] New: Problems creating a second ecdsa-sk key for a second Yubikey
https://bugzilla.mindrot.org/show_bug.cgi?id=3188
Bug ID: 3188
Summary: Problems creating a second ecdsa-sk key for a second
Yubikey
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
2020 Apr 05
1
firefox unable to load pkcs11 module
Hi Tony,
Have you solved this problem yet?I took another approach and used CACkey which supportsUS Government PIV cards including the CAC.? In my case I set it up on Linux Mint but there is an rpm version of CACKey for 32 or 64 bit Centos.Here is the process I went through.
- setup CAC card by following instructions on:
https://help.ubuntu.com/community/CommonAccessCard
sudo apt-get install
2018 Jul 31
11
[Bug 2890] New: ssh-agent should not fail after removing and inserting smart card
https://bugzilla.mindrot.org/show_bug.cgi?id=2890
Bug ID: 2890
Summary: ssh-agent should not fail after removing and inserting
smart card
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2005 Apr 02
3
OpenSSH and Smartcard
Hi,
I am not sure if this the right place for the question. Sorry if not ...
My System:
SuSE 9.2
OpenSSH 3.9p1
I have trouble to use a Smartcard with openssh. If i try to connect
directly to the Smartcard, it fails:
ssh -I 0:45 localhost
card-etoken.c:175:etoken_check_sw: required access right not granted
card-etoken.c:631:do_compute_signature: returning with: Security status
not satisfied
2005 Mar 11
2
Dynamic smartcard support?
Hi all, and thanks for everyone's work on the 4.0 release!
There's been recent discussion on the OpenSC mailing list about
getting better/updated smartcard support into OpenSSH.
Originating from an OpenSSH package maintainer's desire to keep
dependencies to a minimum, the idea to load OpenSC dynamically
popped up. Now the question is whether this is an approach that
would be favored
2002 Oct 17
2
playing with smartcard: rsa key upload?
I began playing with smartcard support and enabled this in openssh-3.5p1
on linux.
The -U (upload) option unfortunately doesn't work yet with ssh-keygen:
$ ssh-keygen -U 0
Enter file in which the key is (/home/user/.ssh/id_rsa):
key uploading not yet supported
Is there a tool to upload an openssh rsa key to a smart card so that I can
use it with ssh -I later on? Should I just upload it as a
2020 Feb 18
2
Resident keys?
Hello,
I?m trying out the ?resident key? functionality in OpenSSH 8.2, and I?m having trouble getting it to find keys that I?ve created.
I?m trying to create a new resident key using:
ssh-keygen -O resident -t ed25519-sk -f <filename>
This creates a key, but I?m not actually sure it is creating a ?resident? key, as when I try to dump out the resident keys with either ?ssh-keygen -K?
2008 Aug 16
21
[Bug 1506] New: rationalize agent behavior on smartcard removal/reattachment
https://bugzilla.mindrot.org/show_bug.cgi?id=1506
Summary: rationalize agent behavior on smartcard
removal/reattachment
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo:
2019 Jan 17
3
[patch 1/2] use chacha20 from openssl (1.1.0+) when possible
On some cpu's optimized chacha implementation in openssl (1.1.0+) is
notably faster (and on others it is just faster) than generic C
implementation in openssh.
Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses
different scheme (with padding/etc - see rfc8439) and it looks it is not
possible to use in openssh.
OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,
2008 Jun 20
2
OpenSC smartcard access should use raw public keys, not X.509 certificates
A non-text attachment was scrubbed...
Name: use-public-keys-instead-of-certs-with-opensc.patch
Type: text/x-diff
Size: 5512 bytes
Desc: enable the use of raw public keys on OpenSC-supported
smartcards
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not