Displaying 20 results from an estimated 1000 matches similar to: "[Bug 2817] New: Add support for PKCS#11 URIs (RFC 7512)"
2015 Mar 17
2
[patch] Updated patch for pkcs#11 smartcard readers that have a protected PIN path
Some smartcard readers have keypad to enter the PIN securely (i.e. such that it cannot be intercepted by a rogue (ssh) binary.
PKCS#11 allows for enforcing this in hardware. Below patch allows for SSH to make use of this; against head/master as of today.
Dw.
commit 7f0250a8ae6c639a19d4e1e24fc112d5e2e1249a
Author: Dirk-Willem van Gulik <dirkx at webweaving.org>
Date: Tue Mar 17
2017 Apr 24
5
PKCS#11 URIs in OpenSSH
Hello all,
as PKCS#11 URI became standard (RFC 7512), it would be good to be able
to specify the keys using this notation in openssh.
So far I implemented the minimal subset of this standard allowing to
specify the URI for the ssh tool, in ssh_config and to work with
ssh-agent. It does not bring any new dependency, provides unit and
regress tests (while fixing agent-pkcs11 regress test).
The
2018 Feb 26
3
Outstanding PKCS#11 issues
Hello everyone,
as you could have noticed over the years, there are several bugs for
PKCS#11 improvement and integration which are slipping under the radar
for several releases, but the most painful ones are constantly updated
by community to build, work and make our lives better.
I wrote some of the patches, provided feedback to others, or offered
other help here on mailing list, but did not
2023 Jun 22
2
[Bug 3583] New: server-sig-algs reports incorrect list of algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3583
Bug ID: 3583
Summary: server-sig-algs reports incorrect list of algorithms
Product: Portable OpenSSH
Version: 8.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2014 May 07
7
[Bug 2240] New: Secure PIN entry for smartcards through the keypad on the reader (patch)
https://bugzilla.mindrot.org/show_bug.cgi?id=2240
Bug ID: 2240
Summary: Secure PIN entry for smartcards through the keypad on
the reader (patch)
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2013 Dec 16
15
[Bug 2185] New: Allow entering the PIN via reader pinpad
https://bugzilla.mindrot.org/show_bug.cgi?id=2185
Bug ID: 2185
Summary: Allow entering the PIN via reader pinpad
Product: Portable OpenSSH
Version: 6.4p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Smartcard
Assignee: unassigned-bugs at
2020 Feb 24
4
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote:
> As a side note, OpenSC is looking at issues with using tokens vs
> separate
> readers and smart cards. The code paths in PKCS#11 differ. Removing a
> card
> from a reader leaves the pkcs#11 slot still available. Removing a
> token (Yubikey)
> removes both the reader and and its builtin smart card. Firefox has a
>
2024 Sep 23
1
[PATCH] sshd: Add pkcs11 support for HostKey.
Hello,
OpenSSH supports PKCS#11 on the client side, but that does not extend to
the server side. I would like to bring PKCS#11 support to sshd.
I am working on embedded Linux systems with integrated HSM. The sshd
host key is stored on the HSM. To have sshd using that key, we rely on
the following chain:
sshd -> OpenSSL -> OpenSSL Engine -> HSM Having
PKCS#11 support in sshd, would
2015 Oct 08
2
[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
On 10/8/2015 4:49 AM, Simon Josefsson wrote:
> Mathias Brossard <mathias at brossard.org> writes:
>
>> Hi,
>>
>> I have made a patch for enabling the use of ECDSA keys in the PKCS#11
>> support of ssh-agent which will be of interest to other users.
>
> Nice! What would it take to add support for Ed25519 too? Do we need to
> allocate any new PKCS#11
2015 Oct 08
3
[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
Thomas Calderon <calderon.thomas at gmail.com> writes:
> Hi,
>
> There is no need to add new mechanism identifiers to use specific curves.
>
> This can be done already using the CKM_ECDSA mechanism parameters (see
> CKA_ECDSA_PARAMS
> in the standard).
> Given that the underlying HW or SW tokens supports Ed25519 curves, then you
> could leverage it even with
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
Hi all,
Thanks for all your hard work! I was particularly excited to see
FIDO/U2F support in the latest release.
I'd like to make the following bug report in ssh-agent's PKCS#11 support:
Steps to reproduce:
1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key.
2. Add that key to ssh-agent.
3. Remove that key from ssh-agent.
4. Add that key to ssh-agent.
Expected results:
2005 Oct 22
2
openssh PKCS#11 support
Hello All,
As I promised, I've completed and initial patch for openssh
PKCS#11 support. The same framework is used also by openvpn.
I want to help everyone who assisted during development.
This patch is based on the X.509 patch from
http://roumenpetrov.info/openssh/ written by Rumen Petrov,
supporting PKCS#11 without X.509 looks like a bad idea.
*So the first question is: What is the
2018 Aug 13
3
Why still no PKCS#11 ECC key support in OpenSSH ?
On Sun, 12 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
> Tone aside, let me second what Bob said. OpenSSH maintainers seem to
> be able to find time for many updates and upgrades - but ECC support
> over PKCS#11 appears to repulse them for more than two years (I don't
> care to check for exactly how many more).
There's no "repulsion" involved, just a lack of
2023 Nov 19
2
[Bug 3635] New: ssh-add -s always asks for PKCS#11 PIN
https://bugzilla.mindrot.org/show_bug.cgi?id=3635
Bug ID: 3635
Summary: ssh-add -s always asks for PKCS#11 PIN
Product: Portable OpenSSH
Version: 9.0p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-add
Assignee: unassigned-bugs at
2013 Oct 16
5
[Bug 1908] Extract the public key from certificate on pkcs#11
https://bugzilla.mindrot.org/show_bug.cgi?id=1908
Markus Friedl <markus at openbsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |markus at openbsd.org
Attachment #2054|0 |1
is obsolete|
2023 Sep 11
21
[Bug 3613] New: Unable to sign using certificates and PKCS#11
https://bugzilla.mindrot.org/show_bug.cgi?id=3613
Bug ID: 3613
Summary: Unable to sign using certificates and PKCS#11
Product: Portable OpenSSH
Version: 8.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee:
2017 Dec 07
5
[Bug 2808] New: Unable to add certificates to agent when using PKCS#11 backed keys.
https://bugzilla.mindrot.org/show_bug.cgi?id=2808
Bug ID: 2808
Summary: Unable to add certificates to agent when using PKCS#11
backed keys.
Product: Portable OpenSSH
Version: 7.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2016 Nov 11
10
[Bug 2638] New: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects
https://bugzilla.mindrot.org/show_bug.cgi?id=2638
Bug ID: 2638
Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the
private objects
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
2010 Mar 17
20
[Bug 1736] New: OpenSSH doesn't seem to work with my MuscleCard PKCS#11 library
https://bugzilla.mindrot.org/show_bug.cgi?id=1736
Summary: OpenSSH doesn't seem to work with my MuscleCard
PKCS#11 library
Product: Portable OpenSSH
Version: 5.4p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo:
2018 Aug 13
8
Why still no PKCS#11 ECC key support in OpenSSH ?
On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
> Lack of time on the Open Source projects is understandable, and not uncommon.
>
> However, PKCS11 has been in the codebase practically forever - the ECC
> patches that I saw did not alter the API or such. It is especially
> non-invasive when digital signature is concerned.
>
> Considering how long those patches have