ssh-agent add PKCS#11 support
Alon Bar-Lev
alon.barlev at gmail.com
Wed Oct 5 11:14:57 EST 2005
Hello,
PKCS#11 is a standard API interface that can be used in
order to access cryptographic tokens. You can find the
specification at
http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most
smartcard and other cryptographic device vendors support
PKCS#11, opensc also provides PKCS#11 interface.
I can easily make the scard.c, scard-opensc.c and
ssh-agent.c support PKCS#11.
PKCS#11 is much more portable, standard, used standard than
the current opensc implementation.
I just written the PKCS#11 support for the openvpn project,
and I think openssh can also benefit from the same
implementation.
Are you interested in merging PKCS#11 support? I don't won't
to create a separate branch. After implementing the PKCS#11
support you can drop the opensc code, users can use the
opensc PKCS#11 provider in order to access their keys.
Does the current implementation of ssh-agent is the final
one? I am asking this before I implement code that may be
dramatically changed (For example, support X509 and PKIX).
Best Regards,
Alon Bar-Lev.
More information about the openssh-unix-dev
mailing list