[Bug 2429] New: ssh-keygen ignores keys that have CKA_ID == 0
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jul 16 00:29:24 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2429
Bug ID: 2429
Summary: ssh-keygen ignores keys that have CKA_ID == 0
Product: Portable OpenSSH
Version: 6.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Smartcard
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2670
--> https://bugzilla.mindrot.org/attachment.cgi?id=2670&action=edit
Do not require to return ID from token
Based on our investigation of Smart Cart usability with openSSH we
found several minor problems that were filled in our red hat bugzilla
[1]. The another is problem again with softHSM. It is returning empty
ID, which is not handled by keygen correctly.
The length check was added based on the bug #1773. It is fine to skip
certificates that have empty values. But requiring non-empty ID is not
preferred way because:
* the ID is not used anywhere in ssh-keygen
* some tokens do not provide ID
The example is again softHSM2 token, which returns ID length of zero
and in current ssh-keygen is silently ignored.
This token has also the need to login, before even public key can be
accessed (not rare example), but it will be described in other report,
since it will require more changes.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1241873
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list