certificates keys on pkcs11 devices
Manon Goo
lists at manon.de
Wed Dec 28 13:51:44 AEDT 2016
Hi,
I have not found any way to use a Certificate with ssh-agent when my Key is
stored on a pkcs11 device. I can add my key with
ssh-add -s /usr/local/lib/opensc-pkcs11.so
but
ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub
does not add the certificate to my agent. As far as I undestand, in
ssh-add.c line 580
if (pkcs11provider != NULL) {
if (update_card(agent_fd, !deleting, pkcs11provider) == -1)
ret = 1;
goto done;
}
does not check for additional (certifcate)-files files on the command line
and update_card neither does.
Is there any intention to change this?
Thanks in alot,
Manon
More information about the openssh-unix-dev
mailing list