On 12/5/22 14:38, Dennis Gnatowski wrote:
I am following the example from
(https://developers.redhat.com/blog/2020/10/28/smart-cards-support-in-libssh#build_and_use_libssh_with_pkcs__11 <https://developers.redhat.com/blog/2020/10/28/smart-cards-support-in-libssh#build_and_use_libssh_with_pkcs__11>)
int rc;
char priv_uri[1042] =
“pkcs11:token=my-token;object=my-object;type=private?pin-value=1234”;
rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, priv_uri);
assert_int_equal(rc, SSH_OK)
rc = ssh_userauth_publickey_auto(session, NULL, NULL);
but using:
char priv_uri[1042] =
"pkcs11:object=SSH-key-acme?pin-value=####;manufacturer=IBM?module-path=/usr/lib64/pkcs11/PKCS11_API.so";
This does not look like a valid URI. There can be only one question
mark, path is separated by semicolons and query parts are separated by
ampersands so it should be something like:
pkcs11:object=SSH-key-acme;manufacturer=IBM?pin-value=####&module-path=/usr/lib64/pkcs11/PKCS11_API.so
see the uri syntax in https://datatracker.ietf.org/doc/html/rfc7512
Regards,
--
Jakub Jelen
Crypto Team, Security Engineering
Red Hat, Inc.
