PKCS#11merge

Alon Bar-Lev alon.barlev at gmail.com
Tue Sep 25 07:40:14 EST 2007


Hello OpenSSH developers,

I maintain external patch for PKCS#11 smartcard support into
OpenSSH[1] , many users already apply and use this patch.

I wish to know if anyone is interesting in working toward merging this
into mainline.

I had some discussion with Damien Miller, but then he disappeared.

Having standard smartcard interface will enable many users to have
more secure environment, without the need to acquire card of specific
vendor.

In order to merge it cleanly, we should also discuss a modification
for the agent protocol. As smartcards are dynamic in nature, there
should be an option for the agent to ask the caller to provide
information, for example "Insert token <xxx>" or "Please enter
passphrase for token <xxx>". Current implementation does not modify
the agent protocol but execute dialog from within the agent.

Best Regards,
Alon Bar-Lev

[1] http://alon.barlev.googlepages.com/openssh-pkcs11


More information about the openssh-unix-dev mailing list