Am Samstag, 29. März 2008 12:59:25 schrieb Jim Rees: > The very first implementation of ssh with smart cards was done by Naomaru > Itoi here at CITI many years ago and did load an external private key > instead of generating the key pair on the card. A descendant of that code > is shipped today with the OpenBSD version of OpenSSH. Even though I worked > on the code, it's been so many years I can't remember what we did about the > openssh -> pem conversion problem. The code is still in the source tree if > anyone wants to investigate. I wouldn't count on it still working.
the openssh format (or at least the public key file) is plain simple, so I guess writing a converter should easy. with an opensc head I't also like to point out: openssh is one of very few applications that use smart cards / opensc without pkcs#11 layer. pkcs#11 applications usualy look for a certificate and then for the private key associated with it. so even if you convert some rsa public/private key pair and store it on a smart card, you need to create a certificate for that key and store it on the card too - at least for all the other applications. thats why starting with a certificate etc. is easier for most. Regards, Andreas p.s. self signed certificate is completely ok, only server config e.g. apache is more difficult with that. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
