https://bugzilla.mindrot.org/show_bug.cgi?id=2432
--- Comment #1 from Jakub Jelen <[email protected]> --- Created attachment 2677 --> https://bugzilla.mindrot.org/attachment.cgi?id=2677&action=edit read public part from private key in (not only in ssh-keygen). First approach for reading private keys doesn't look too much painful. As I stated before, we need to have interactive login in ssh-keygen, which is the first part of the patch. Second thing is that I extracted interactive prompt for PIN from pkcs11_rsa_private_encrypt into its own function pkcs11_do_login. I use this function in pkcs11_open_session if I don't have pin provided and the pkcs11 session is interactive. The failure is not fatal, since in many cases you can proceed also without login. The last thing is the filter itself, where I added filter for CKA_PRIVATE_KEY. with according attributes. The rest is handled by existing code since attributes are the same as for public keys. Future possible improvement or modification can be the switch in ssh-keygen that would force this interactive login (by default would be 0) to make the user experience the same: + pkcs11_init(force_login); -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
