[Bug 2432] ssh-keygen and tools should be able to get public part directly from private key (portability)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jul 23 17:28:24 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2432

--- Comment #1 from Jakub Jelen <jjelen at redhat.com> ---
Created attachment 2677
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2677&action=edit
read public part from private key in (not only in ssh-keygen).

First approach for reading private keys doesn't look too much painful. 


As I stated before, we need to have interactive login in ssh-keygen,
which is the first part of the patch.

Second thing is that I extracted interactive prompt for PIN from
pkcs11_rsa_private_encrypt into its own function pkcs11_do_login.

I use this function in pkcs11_open_session if I don't have pin provided
and the pkcs11 session is interactive. The failure is not fatal, since
in many cases you can proceed also without login.

The last thing is the filter itself, where I added filter for
CKA_PRIVATE_KEY. with according attributes. The rest is handled by
existing code since attributes are the same as for public keys.


Future possible improvement or modification can be the switch in
ssh-keygen that would force this interactive login (by default would be
0) to make the user experience the same:
+       pkcs11_init(force_login);

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list