'Re: OpenSSH PKCS#11merge'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    Re: OpenSSH PKCS#11merge
From:       "Alon Bar-Lev" <alon.barlev () gmail ! com>
Date:       2007-12-31 14:53:43
Message-ID: 9e0cf0bf0712310653m63a51fd6v1220194d8dde82c4 () mail ! gmail ! com
[Download RAW message or body]

Update.

Installed OpenBSD, applied this patch (ignore all missing files)
Add pkcs11.c into lib/Makefile.
Compile using:
CFLAGS="-DENABLE_PKCS11" LDFLAGS="-lpkcs11-helper" make

And it compiles and seems to be running.

The problem is that I don't have a working smartcard environment on OpenBSD.
Can anyone help?

Best Regards,
Alon Bar-Lev.

On 12/31/07, Alon Bar-Lev <alon.barlev@gmail.com> wrote:
> Hello,
>
> Thanks for Ben help I released a new version of PKCS#11 patch, available from:
> http://alon.barlev.googlepages.com/openssh-pkcs11
>
> Most of the work is *BSD coding styles, I also allocated short options
> for the parameters, as I understand now that long options are not
> valid and configuration file for the agent will not be available.
>
> There is an agentless configuration now, mainly to be OpenSC
> compatible. This is none recommended as it loads all available keys of
> a provided into ssh, and will prompt for passphrase every time ssh is
> executed.
>
> I hope we will be able to resolve the last issue... How the agent
> protocol can support dynamic nature of hardware cryptography... Or if
> there any other suggestions of how the expected behavior might be.
>
> Best Regards,
> Alon Bar-Lev.
>
> ---
>
> ChangeLog:
>
> 20071229
>  - (alonbl) Indent file to meet BSD styles.
>  - (alonbl) Modify parameters (again) to meet BSD styles.
>    I truly regret that I keep modifying the parameters, I believe
>    this is not the last time, as I don't have full cooperation of
>    upstream.
>    Get provider keys:
>         Old:
>                 ssh-add --pkcs11-show-ids ...
>         New:
>                 ssh-keygen -K provider_info
>    Add key:
>         Old:
>                 ssh-add --pkcs11-add-id ...
>         New:
>                 ssh-add -I id [session_cache [cert_file]]
>
>    Agentless operation (not recommended, OpenSC compatibility):
>         New:
>                 ssh -# provider_info ...
>
>    Because I don't wish to add more switches, I added a format
>    for provider information:
>         lib[:prot_auth[:private_mode[:cert_is_private]]]
>    For most implementations specify only the library name.
>  - Rebase with openssh-4.7p1.
>  - (alonbl) Release 0.20
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread] 