Re: [PATCH] ssh-agent: Add support to load additional certificates

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

On Sunday, 26. July 2015 16:52:18 you wrote:
> Add support to load additional certificates
> for already loaded private keys. Useful
> if the private key is on a PKCS#11 hardware token.
> 
> The private keys inside ssh-agent are now using a refcount
> to share the private parts between "Identities".
> The reason for this change was that the PKCS#11 code
> might have redirected ("wrap") the RSA functions to a hardware token.
> We don't want to mess with those internals.
> 
> Tested with an OpenGPG card. Patch developed against 6.9p
> and applies to original 6.9, too.
> 
> Please CC: comments.
> 
> Signed-off-by: Thomas Jarosch <thomas.jarosch@xxxxxxxxxxxxx>

any comment on this?

Is the concept sound or did I take the wrong turn here?

If upstream considers this the way to go, I can try
to split up the patch into smaller pieces like this:

- sshkey.c: Add "int sshkey_is_private(const struct sshkey *)" function
- ssh-agent: Transition to private key refcounting
- ssh-agent: Implement private key "shadowing"
- ssh-add: Add support to add plain certificates

Thanks in advance,
Thomas

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux