PKCS#11 URIs in OpenSSH
Jakub Jelen
jjelen at redhat.com
Tue Jun 13 23:04:51 AEST 2017
On 04/24/2017 02:26 PM, Jakub Jelen wrote:
> Hello all,
> as PKCS#11 URI became standard (RFC 7512), it would be good to be able
> to specify the keys using this notation in openssh.
>
> So far I implemented the minimal subset of this standard allowing to
> specify the URI for the ssh tool, in ssh_config and to work with
> ssh-agent. It does not bring any new dependency, provides unit and
> regress tests (while fixing agent-pkcs11 regress test).
>
> The code is on github and ready for comments/reviews (some details will
> need to be adjusted):
>
> https://github.com/openssh/openssh-portable/compare/master...Jakuje:jjelen-pkcs11
>
>
> I will fill a bugzilla later. I would be grateful for your ideas,
> comments or reviews for this feature.
>
> Other useful parts of RFC, that could be implemented would be a way to
> provide a PIN or a PIN source for the token, other ways of providing
> module-path (module-name).
>
> Regards,
Hello all,
I fixed one issue and added a configure option to pick up default
p11-kit-proxy path from pkg-config instead of hardcoded value.
https://github.com/openssh/openssh-portable/compare/master...Jakuje:jjelen-pkcs11
Did anyone had a time to review this change? Are you interested in this
feature?
Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
More information about the openssh-unix-dev
mailing list