Re: [PATCH] ssh-agent: Add support to load additional certificates

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

This seems like a resonable idea.

Could you please attach this to a bug at https://bugzilla.mindrot.org/ ?
This will ensure it won't get lost. 

On Thu, 13 Aug 2015, Thomas Jarosch wrote:

> Hi,
> 
> On Sunday, 26. July 2015 16:52:18 you wrote:
> > Add support to load additional certificates
> > for already loaded private keys. Useful
> > if the private key is on a PKCS#11 hardware token.
> > 
> > The private keys inside ssh-agent are now using a refcount
> > to share the private parts between "Identities".
> > The reason for this change was that the PKCS#11 code
> > might have redirected ("wrap") the RSA functions to a hardware token.
> > We don't want to mess with those internals.
> > 
> > Tested with an OpenGPG card. Patch developed against 6.9p
> > and applies to original 6.9, too.
> > 
> > Please CC: comments.
> > 
> > Signed-off-by: Thomas Jarosch <thomas.jarosch@xxxxxxxxxxxxx>
> 
> any comment on this?
> 
> Is the concept sound or did I take the wrong turn here?
> 
> If upstream considers this the way to go, I can try
> to split up the patch into smaller pieces like this:
> 
> - sshkey.c: Add "int sshkey_is_private(const struct sshkey *)" function
> - ssh-agent: Transition to private key refcounting
> - ssh-agent: Implement private key "shadowing"
> - ssh-add: Add support to add plain certificates
> 
> Thanks in advance,
> Thomas
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux