Re: Request for generic engine support

--===============1361318603==
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha1; protocol="application/pgp-signature"

--=-=-=

On Thu 2008-05-08 22:36:00 -0400, Mccue, Richard Alan wrote:

> I'm not sure the device I'm working with fits well with the PKCS#11
> token interface. The device is a little more complicated than a
> smartcard. It can handle multiple private keys.

fwiw, the smartcards i'm most familiar with [0] can also handle
multiple private keys, and can dole out access to different ones based
on the request of the user, so i don't think what you're describing is
terribly different.

If your device has an opensc driver for it, have you tried enabling
--with-opensc in your openssh build? If you do that, you can either
use -I (from the ssh command line) to specify the smartcard device,
target it in your .ssh/config, or load the smartcard into your
ssh-agent [0]. All this has worked for openssh builds for several
years, afaict.

Regards,

--dkg

[0] the Axalto cryptoflex eGate holds 3 keys, notes at
http://lair.fifthhorseman.net/~dkg/egate/

the OpenPGP smartcard from g10code holds 3 keys as well,
notes at http://www.gnupg.org/howtos/card-howto/en/ch01.html

[1] load the first key from the smartcard into the agent with:
ssh-add -s 0

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQIVAwUBSCS4D8zS7ZTSFznpAQL3cw/+JkqIBXP3mRSG/OliYM9xDAThmQyU7bZu
A+x0BmI9JNbRG49CzuhLrac/v7g4rHN4hmjC6tlxmMN88kleqTKkFOturIEeXxiY
9NHxmJQKtlynTFocK+5Vk6IIYvXt30eHs2nQZyeaOaI/Qt7kGbeI9Jc+3PpjrJy8
LjEXp9K3WD91UabxHOmLEt/7uvAlOoTEIPVenVygyoDHvxXPaahTvh3Orpfoig7P
IrppIfdCbuidkio2T1R5huVKcztg9WIFd9w+siCcM/U11G2/yxR2Qo+sWY0VLLYf
2G8dn0VW/OJleFdaLFT/NOqPyfCNQ98KxxDoDWFtOdpKaOVXGez/swh9OCWE4cRn
17jBI1WxIQyOMjDzwYgHsfOwiEBynH1c/dBPy+gqJoF76vp7O1wjASce0SQiKM0J
eESQO25cyS6+DwJp2pNsNnROgDpU83Wo6rcDFc1rqN0s7R59Y1 8ITIjb5s5bjJP5
/K99RtDeUZX6z+LBSc2pfTupQ6zqNwoO3JDNFaiAQzEidJW12c6 F8AETTcCSxyBr
+RLhcPI/9i0c6JE0KIbadmuwUK/ATlfdjkJcz3y2NTJgiF488BXzI8UTE8RL+wr4
Pq/h4hPPKwoRvkZIPnA35MDXVlXZ8w1glLg0gM2VbIt6pz1m5HdHp v2Zps1AyRR/
eifPPteu7r8=
=T9fW
-----END PGP SIGNATURE-----
--=-=-=--

--===============1361318603==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev

--===============1361318603==--