X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=0.9 required=5.0 	tests=BAYES_20,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SARE_MSGID_LONG45,TW_PK,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: sourceware.org
MIME-Version: 1.0
Date: Fri, 2 Apr 2010 23:48:57 -0700
Message-ID: <z2wd16ee5ea1004022348ze1e732f3u17670eb70aa27e58@mail.gmail.com>
Subject: Cygwin openssh 5.4p1 & pkcs problems
From: John Cavanaugh <cavanaughwww+open AT gmail DOT com>
To: cygwin AT cygwin DOT com
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Regarding one of the emails to the cygwin list


Changes since OpenSSH 5.3
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Features:

....

=A0* Remove the libsectok/OpenSC-based smartcard code and add support for
=A0 PKCS#11 tokens. This support is automatically enabled on all
=A0 platforms that support dlopen(3) and was inspired by patches written
=A0 by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages.

....


I dont know if you have tried this, but i was unable to get this to
work with my smartcard. =A0 And I would *love* for it to work.

cavanaug AT jc-8730w:~$ ssh-keygen -D ActivClient/acpkcs211.dll
dlopen ActivClient/acpkcs211.dll failed: No such file or directory
cannot read public key from pkcs11
cavanaug AT jc-8730w:~$ cd ActivClient/
cavanaug AT jc-8730w:~/ActivClient$ ssh-keygen -D acpkcs211.dll
no keys
cannot read public key from pkcs11

Seems like both the dlopen code has issues finding the libraries and
even once found it doesnt seem able to load keys.

=46rom the whatever its worth dept. =A0I have been able to get putty (CAC
custom build) to use this pkcs dll to load my cert from.

FYI. =A0If you dont have hardware, it looks like one vendor is offering
free equipment to open source devs.
http://www.gooze.eu/feitian-pki-free-software-developer-card

--
John Cavanaugh

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple