Re: (OT) CoolKey build environment and packaging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Alon Bar-Lev wrote:
On 1/25/07, Todd Denniston <Todd.Denniston@xxxxxxxxxxxxxxxxxx> wrote:
Although I have not used OpenVPN and GnuPG with it, I have used coolkey with OpenSSH. It was with Coolkey that I got your patches to OpenSSH (ssh-agent)
to work, back in October.

It is great to hear!
So the other ones will probably work too :)

Thank you for the update!

Your welcome.

Question, are ssh-agent and gnupg-pkcs11-scd different enough that the functionality of gnupg-pkcs11-scd could not be integrated into ssh-agent, i.e., give ssh-agent the gpg-agent interface too?

It would just be nice to have one agent handling the card. When the pcsc-lite and coolkeys libs are not compiled with threading it is annoying to have to input the PIN all the time, but IIRC on the muscle list there has been some discussion of the insecurity of /var/run/pcscd.* (readable by any user on the system after the card has it's PIN, IIRC). My thinking is /tmp/ssh-RAND/agent-#### is, at least from a file system perspective, more locked to the particular user... to bad coolkeys could not use it to provide to all the NSS apps (oh no! circular ref!).

Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux