Hi Marc, seems to me that the FAQ is out of date; openssh private keys are in RSA format, which can easily be stored on a smart card/token. You can then use this key with its corresponding SSH public part using Alon Bar-Lev's openssh patch. I must add that I have not tried this myself ;-)
cheers, JJK Marc W. Abel wrote: > Good morning all, > > I apologize in advance if what I ask has been recently discussed. I'm a > newcomer, and it appears that I would have to download several dozen > tarballs to get up to speed on this list. > > ------------------------------------------------------------ > >From the FAQ at http://www.opensc-project.org/faq.html > > "Can I store my ssh private key on a smart card? > > "Most people prefer to use a smart card with a key that was generated on > the card and cannot ever leave it. In fact everyone seems to do that. So > while it might be technically possible to convert a private key in ssh > format into pem format and then store it on a smart card, until now no > one wrote such a code, so you can't. If you really need it, please ask > on the mailing list...." > ------------------------------------------------------------ > > Is this to say the card cannot accept any externally generated private > keys? > > I would be uncomfortable letting any closed-source application, such as > firmware on a card, generate a key for me. Even more so, as I read that > many cards have no hardware random number generator and in essence > generate keys from their serial numbers. This feels like walking > directly into a trap. > > I am a "Global War on Terror" surveillee, and I am uncomfortably > accustomed to being monitored for thinly veiled political reasons. > > Another excellent reason for not generating a key on a card is that I > cannot have a backup. I can hide a backup key securely... that is, if > the NSA didn't generate the key for me in the first place. > > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
