Displaying 20 results from an estimated 2000 matches similar to: "[Bug 2638] New: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects"
2018 Feb 26
3
Outstanding PKCS#11 issues
Hello everyone,
as you could have noticed over the years, there are several bugs for
PKCS#11 improvement and integration which are slipping under the radar
for several releases, but the most painful ones are constantly updated
by community to build, work and make our lives better.
I wrote some of the patches, provided feedback to others, or offered
other help here on mailing list, but did not
2020 Feb 24
4
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote:
> As a side note, OpenSC is looking at issues with using tokens vs
> separate
> readers and smart cards. The code paths in PKCS#11 differ. Removing a
> card
> from a reader leaves the pkcs#11 slot still available. Removing a
> token (Yubikey)
> removes both the reader and and its builtin smart card. Firefox has a
>
2017 Apr 24
5
PKCS#11 URIs in OpenSSH
Hello all,
as PKCS#11 URI became standard (RFC 7512), it would be good to be able
to specify the keys using this notation in openssh.
So far I implemented the minimal subset of this standard allowing to
specify the URI for the ssh tool, in ssh_config and to work with
ssh-agent. It does not bring any new dependency, provides unit and
regress tests (while fixing agent-pkcs11 regress test).
The
2015 Sep 28
33
[Bug 2474] New: Enabling ECDSA in PKCS#11 support for ssh-agent
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Bug ID: 2474
Summary: Enabling ECDSA in PKCS#11 support for ssh-agent
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs
2018 Jul 31
11
[Bug 2890] New: ssh-agent should not fail after removing and inserting smart card
https://bugzilla.mindrot.org/show_bug.cgi?id=2890
Bug ID: 2890
Summary: ssh-agent should not fail after removing and inserting
smart card
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
Hi all,
Thanks for all your hard work! I was particularly excited to see
FIDO/U2F support in the latest release.
I'd like to make the following bug report in ssh-agent's PKCS#11 support:
Steps to reproduce:
1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key.
2. Add that key to ssh-agent.
3. Remove that key from ssh-agent.
4. Add that key to ssh-agent.
Expected results:
2005 Oct 05
2
ssh-agent add PKCS#11 support
Hello,
PKCS#11 is a standard API interface that can be used in
order to access cryptographic tokens. You can find the
specification at
http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most
smartcard and other cryptographic device vendors support
PKCS#11, opensc also provides PKCS#11 interface.
I can easily make the scard.c, scard-opensc.c and
ssh-agent.c support PKCS#11.
PKCS#11 is
2005 Nov 01
3
PKCS#11 support for openssh
Hello OpenSSH developers,
A week ago I've posted a patch that enables openssh to work
with PKCS#11 tokens.
I didn't receive any comments regarding the patch or reply
to my questions.
In current software world, providing a security product that
does not support standard interface for external
cryptographic hardware makes the product obsolete.
Please comment my patch, so I can know
2007 Sep 25
9
OpenSSH PKCS#11merge
[[Sending again, as for some strange reason it is not accepted]]
Hello OpenSSH developers,
I maintain external patch for PKCS#11 smartcard support into
OpenSSH[1] , many users already apply and use this patch.
I wish to know if anyone is interesting in working toward merging this
into mainline.
I had some discussion with Damien Miller, but then he disappeared.
Having standard smartcard
2018 Aug 13
8
Why still no PKCS#11 ECC key support in OpenSSH ?
On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
> Lack of time on the Open Source projects is understandable, and not uncommon.
>
> However, PKCS11 has been in the codebase practically forever - the ECC
> patches that I saw did not alter the API or such. It is especially
> non-invasive when digital signature is concerned.
>
> Considering how long those patches have
2003 Jun 10
6
[Bug 591] use PKCS#15 private key label as a comment in case of OpenSC
http://bugzilla.mindrot.org/show_bug.cgi?id=591
Summary: use PKCS#15 private key label as a comment in case of
OpenSC
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Smartcard
AssignedTo:
2015 Mar 17
2
[patch] Updated patch for pkcs#11 smartcard readers that have a protected PIN path
Some smartcard readers have keypad to enter the PIN securely (i.e. such that it cannot be intercepted by a rogue (ssh) binary.
PKCS#11 allows for enforcing this in hardware. Below patch allows for SSH to make use of this; against head/master as of today.
Dw.
commit 7f0250a8ae6c639a19d4e1e24fc112d5e2e1249a
Author: Dirk-Willem van Gulik <dirkx at webweaving.org>
Date: Tue Mar 17
2016 Oct 27
11
[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635
Bug ID: 2635
Summary: Unable to use SSH Agent and user level PKCS11Provider
configuration directive
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2014 Jan 28
1
safenet eToken 5100 pkcs11 bug(?)
Guys, I am not able to get it run. I can not say where is the problem but it seams that the openssh client is not able to get list of rsa key from token. See two logs from pkcs11-spy. one is for "ssh -I" the second is for "pkcs11-tool -O"
In the second log there is private_key visible or offered in the first one is not.
I use openssh 6.4 version on Linux or Mac.
Log from
2016 Dec 24
30
[Bug 2652] New: PKCS11 login skipped if login required and no pin set
https://bugzilla.mindrot.org/show_bug.cgi?id=2652
Bug ID: 2652
Summary: PKCS11 login skipped if login required and no pin set
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Smartcard
Assignee:
2010 Mar 17
20
[Bug 1736] New: OpenSSH doesn't seem to work with my MuscleCard PKCS#11 library
https://bugzilla.mindrot.org/show_bug.cgi?id=1736
Summary: OpenSSH doesn't seem to work with my MuscleCard
PKCS#11 library
Product: Portable OpenSSH
Version: 5.4p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo:
2006 May 27
2
[ANNOUNCE] PKCS#11 support in OpenSSH 4.3p2 (version 0.11)
Hello,
The version 0.11 of "PKCS#11 support in OpenSSH" is published.
Changes:
1. Updated against OpenSSH 4.3p2.
2. Modified against Roumen Petrov's X.509 patch (version
5.4), so self-signed certificates are treated by the X.509
patch now.
3. Added --pkcs11-x509-force-ssh if X.509 patch applied,
until some issues with the X.509 patch are resolved.
4. Fixed issues with gcc-2.
You
2020 Aug 26
10
[Bug 3202] New: Ed25519 key on HSM is not getting listed in ssh-add -l command
https://bugzilla.mindrot.org/show_bug.cgi?id=3202
Bug ID: 3202
Summary: Ed25519 key on HSM is not getting listed in ssh-add -l
command
Product: Portable OpenSSH
Version: 8.2p1
Hardware: ARM64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-add
2005 Oct 22
2
openssh PKCS#11 support
Hello All,
As I promised, I've completed and initial patch for openssh
PKCS#11 support. The same framework is used also by openvpn.
I want to help everyone who assisted during development.
This patch is based on the X.509 patch from
http://roumenpetrov.info/openssh/ written by Rumen Petrov,
supporting PKCS#11 without X.509 looks like a bad idea.
*So the first question is: What is the
2005 Oct 11
0
openssh and pkcs#11
Hello Andreas,
On 10/11/05, Andreas Jellinghaus <aj at dungeon.inka.de> wrote:
> Peter Koch pointed me to your posting on openssh-devel mailing list.
I am very glad that he did.
> I'm one of the opensc people, and from my point of view your idea
> is a good one. The current openssh-opensc code has a number of issues,
> for example the ssh-agent does not test the pin