OpenSSH PKCS#11merge

Alon Bar-Lev alon.barlev at gmail.com
Mon Dec 31 09:41:13 EST 2007


Hello,

Thanks for Ben help I released a new version of PKCS#11 patch, available from:
http://alon.barlev.googlepages.com/openssh-pkcs11

Most of the work is *BSD coding styles, I also allocated short options
for the parameters, as I understand now that long options are not
valid and configuration file for the agent will not be available.

There is an agentless configuration now, mainly to be OpenSC
compatible. This is none recommended as it loads all available keys of
a provided into ssh, and will prompt for passphrase every time ssh is
executed.

I hope we will be able to resolve the last issue... How the agent
protocol can support dynamic nature of hardware cryptography... Or if
there any other suggestions of how the expected behavior might be.

Best Regards,
Alon Bar-Lev.

---

ChangeLog:

20071229
 - (alonbl) Indent file to meet BSD styles.
 - (alonbl) Modify parameters (again) to meet BSD styles.
   I truly regret that I keep modifying the parameters, I believe
   this is not the last time, as I don't have full cooperation of
   upstream.
   Get provider keys:
        Old:
                ssh-add --pkcs11-show-ids ...
        New:
                ssh-keygen -K provider_info
   Add key:
        Old:
                ssh-add --pkcs11-add-id ...
        New:
                ssh-add -I id [session_cache [cert_file]]

   Agentless operation (not recommended, OpenSC compatibility):
        New:
                ssh -# provider_info ...

   Because I don't wish to add more switches, I added a format
   for provider information:
        lib[:prot_auth[:private_mode[:cert_is_private]]]
   For most implementations specify only the library name.
 - Rebase with openssh-4.7p1.
 - (alonbl) Release 0.20


More information about the openssh-unix-dev mailing list