On 12/3/22 17:46, Dennis Gnatowski wrote:
I’m trying to use the library with keys stored in a hardware device to
transfer file(s) via SFTP to a remote server.
I did get things working using the sftp client (Linux) with the “-i
<pkcs11 uri>” and “-o <PKCS11Provider=>” options.
This is OpenSSH, completely different implementation than libssh. But
the usage should be as close as possible.
I tried putting the PKCS11 URI in the SSH_OPTIONS_IDENTITY option with
no success.
What errors you got? Libssh 0.10.x should already have support for the
pkcs11 uris.
How do I specify or pass-in the PKCS11 Provider to the library?
In Fedora, the libssh is using p11-kit proxy, which groups all the
registered in p11-kit. Or you can pass the pkcs11 provider path through
the pkcs11 uri.
Regards,
--
Jakub Jelen
Crypto Team, Security Engineering
Red Hat, Inc.
