OpenSC smartcard access should use raw public keys, not X.509 certificates
alon.barlev at gmail.com
Fri Aug 1 15:32:36 EST 2008
This is incorrect.
The public key object is not always available on smartcards.
Basic configuration is having private key + X.509 certificate on card.
This is why the PKCS#11 patch  also don't assume public key existence.
On 8/1/08, Daniel Kahn Gillmor <dkg-openssh.com at fifthhorseman.net> wrote:
> > The OpenSC smartcard framework supports access to both raw public
> > keys and X.509 certificates on crypto tokens. When OpenSSH is
> > compiled --with-opensc, it currently looks for X.509 certificates on
> > any smartcard it uses. But OpenSSH itself uses raw public keys (and
> > not X.509), so requiring the presence of an X.509 cert on the
> > smartcard is unnecessary and potentially problematic.
> Any word on the patch i offered to fix this problem? The original
> message can be found here:
> I've now opened it as a bug in the mindrot bugzilla as well:
> The patch is a narrow one, and affects only those folks who compile
> --with-opensc. Is there anything i can do to encourage adoption of
> Thanks for all the great work. I'm excited about 5.1!
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
More information about the openssh-unix-dev