Alon Bar-Lev wrote:
On 1/25/07, Todd Denniston <Todd.Denniston@xxxxxxxxxxxxxxxxxx> wrote:
Although I have not used OpenVPN and GnuPG with it, I have used
coolkey with
OpenSSH. It was with Coolkey that I got your patches to OpenSSH
(ssh-agent)
to work, back in October.
It is great to hear!
So the other ones will probably work too :)
Thank you for the update!
Your welcome.
Question, are ssh-agent and gnupg-pkcs11-scd different enough that the
functionality of gnupg-pkcs11-scd could not be integrated into ssh-agent,
i.e., give ssh-agent the gpg-agent interface too?
It would just be nice to have one agent handling the card. When the pcsc-lite
and coolkeys libs are not compiled with threading it is annoying to have to
input the PIN all the time, but IIRC on the muscle list there has been some
discussion of the insecurity of /var/run/pcscd.* (readable by any user on the
system after the card has it's PIN, IIRC).
My thinking is /tmp/ssh-RAND/agent-#### is, at least from a file system
perspective, more locked to the particular user... to bad coolkeys could not
use it to provide to all the NSS apps (oh no! circular ref!).
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
