Re: PKCS#11 URIs in OpenSSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



PKCS11 URI support is a very good thing to add.

I’d like the PRs separated – e.g., one for PKCS11 URI, and one for ALWAYS_AUTHENTICATE.

— 
Regards,
Uri


On 4/24/17, 8:26 AM, "openssh-unix-dev on behalf of Jakub Jelen" <openssh-unix-dev-bounces+uri=ll.mit.edu@xxxxxxxxxxx on behalf of jjelen@xxxxxxxxxx> wrote:

    Hello all,
    as PKCS#11 URI became standard (RFC 7512), it would be good to be able 
    to specify the keys using this notation in openssh.
    
    So far I implemented the minimal subset of this standard allowing to 
    specify the URI for the ssh tool, in ssh_config and to work with 
    ssh-agent. It does not bring any new dependency, provides unit and 
    regress tests (while fixing agent-pkcs11 regress test).
    
    The code is on github and ready for comments/reviews (some details will 
    need to be adjusted):
    
    https://github.com/openssh/openssh-portable/compare/master...Jakuje:jjelen-pkcs11
    
    I will fill a bugzilla later. I would be grateful for your ideas, 
    comments or reviews for this feature.
    
    Other useful parts of RFC, that could be implemented would be a way to 
    provide a PIN or a PIN source for the token, other ways of providing 
    module-path (module-name).
    
    Regards,
    -- 
    Jakub Jelen
    Software Engineer
    Security Technologies
    Red Hat
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@xxxxxxxxxxx
    https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
    

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux