[Bug 2429] New: ssh-keygen ignores keys that have CKA_ID == 0

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jul 16 00:29:24 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2429

            Bug ID: 2429
           Summary: ssh-keygen ignores keys that have CKA_ID == 0
           Product: Portable OpenSSH
           Version: 6.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Smartcard
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 2670
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2670&action=edit
Do not require to return ID from token

Based on our investigation of Smart Cart usability with openSSH we
found several minor problems that were filled in our red hat bugzilla
[1]. The another is problem again with softHSM. It is returning empty
ID, which is not handled by keygen correctly.

The length check was added based on the bug #1773. It is fine to skip
certificates that have empty values. But requiring non-empty ID is not
preferred way because:
 * the ID is not used anywhere in ssh-keygen
 * some tokens do not provide ID

The example is again softHSM2 token, which returns ID length of zero
and in current ssh-keygen is silently ignored.
This token has also the need to login, before even public key can be
accessed (not rare example), but it will be described in other report,
since it will require more changes.


[1] https://bugzilla.redhat.com/show_bug.cgi?id=1241873

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list