On Wed, Dec 11, 2013 at 11:53 PM, Damien Miller <djm at mindrot.org> wrote:
> On Wed, 11 Dec 2013, Benjamin Fras wrote:
>
>>
>> Hi,
>> This is the output of the pkcs11-tool using the safenet-lib
>> pkcs11-tool --module /usr/lib/libeToken.so -O
>> Using slot 0 with a present token (0x0)
>> Certificate Object, type = X.509 cert
>> label: 411ef289-88cf-4f38-89b1-5e8691f6cb8a
>> ID: 1f67fd84c675af27
>> Certificate Object, type = X.509 cert
>> label: {E670E946-633C-4956-83B0-5EB67A3A5EAE}
>> ID: e93a991dca5b2939
>
> This is the problem - the released versions only handle plain keys. E.g.
>
> [djm at demiurge ~]$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -O
> Using slot 2 with a present token (0x5)
> Public Key Object; RSA 2048 bits
> label: Private Key
> ID: 71c719db35ffd0f8087710e57722a3d82f630e58
> Usage: encrypt, verify, wrap
> Certificate Object, type = X.509 cert
> label: Certificate
> ID: 71c719db35ffd0f8087710e57722a3d82f630e58
>
> Markus added support for extracting a public key from a certificate only
> recently.
This was supported long ago in the external patch[1] along with other
required functionality.
I hope that in time (10 years or so) we match the functionality.
But it is good we are going at the right direction.
Regards,
Alon Bar-Lev
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=1371
>
> -d
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
