Hi, On Sunday, 26. July 2015 16:52:18 you wrote: > Add support to load additional certificates > for already loaded private keys. Useful > if the private key is on a PKCS#11 hardware token. > > The private keys inside ssh-agent are now using a refcount > to share the private parts between "Identities". > The reason for this change was that the PKCS#11 code > might have redirected ("wrap") the RSA functions to a hardware token. > We don't want to mess with those internals. > > Tested with an OpenGPG card. Patch developed against 6.9p > and applies to original 6.9, too. > > Please CC: comments. > > Signed-off-by: Thomas Jarosch <thomas.jarosch@xxxxxxxxxxxxx> any comment on this? Is the concept sound or did I take the wrong turn here? If upstream considers this the way to go, I can try to split up the patch into smaller pieces like this: - sshkey.c: Add "int sshkey_is_private(const struct sshkey *)" function - ssh-agent: Transition to private key refcounting - ssh-agent: Implement private key "shadowing" - ssh-add: Add support to add plain certificates Thanks in advance, Thomas _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev