Re: PKCS#11 URIs in OpenSSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 04/24/2017 02:26 PM, Jakub Jelen wrote:
Hello all,
as PKCS#11 URI became standard (RFC 7512), it would be good to be able to specify the keys using this notation in openssh.

So far I implemented the minimal subset of this standard allowing to specify the URI for the ssh tool, in ssh_config and to work with ssh-agent. It does not bring any new dependency, provides unit and regress tests (while fixing agent-pkcs11 regress test).

The code is on github and ready for comments/reviews (some details will need to be adjusted):

https://github.com/openssh/openssh-portable/compare/master...Jakuje:jjelen-pkcs11

I will fill a bugzilla later. I would be grateful for your ideas, comments or reviews for this feature.

Other useful parts of RFC, that could be implemented would be a way to provide a PIN or a PIN source for the token, other ways of providing module-path (module-name).

Regards,

Hello all,
I fixed one issue and added a configure option to pick up default p11-kit-proxy path from pkg-config instead of hardcoded value.

https://github.com/openssh/openssh-portable/compare/master...Jakuje:jjelen-pkcs11

Did anyone had a time to review this change? Are you interested in this feature?

Regards,

--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux