On Mon, Jul 18, 2016 at 06:42:14AM +0200, Rolf Sommerhalder wrote: > Hello, > > Has anyone a port of SoftHSM v2.1.x as a Work-In-Progress? >
I currently do not have such a port in progress. > > I am trying to use security/softhsm with SSH (ssh-key-gen, ssh-agent) > in -current, but failed to add private RSA keys in PKCS8 format to > SoftHSM 1.3.7: > > softhsm --init-token --slot 0 --label "myToken1" > ssh-keygen -e -m PKCS8 -f .ssh/id_rsa > .ssh/rsa.pem > softhsm --import .ssh/rsa.pem --slot 0 --label "myToken1" --id A1B2 --pin > 1234 > Decoding error: PKCS #8 private key decoding failed > Error: Perhaps wrong path to file, wrong file format, or wrong PIN to > file (--file-pin <PIN>). > > Before digging into sources, I thought it may be worth trying SoftHSM > 2.1.0 as PKCS#11 provider. > When following your steps I notice that the file generated by ssh-keygen includes the public key, not the private key. I believe this is the problem. I am not sure ssh-keygen support generating a PKCS8 private key (the description for -m does not mention it). Doing it with openssl (like described here: https://pthree.org/2013/05/27/strengthen-your-private-encrypted-ssh-keys/ generated a private key file which i manged to import with softhsm. Does this fix your problem? -- Patrik Lundin
