(update: first mail bounced, my froM: was wrong. then of course ther is
also a third openssh/smartcard implementation from opensc, will look
into this soon. then the fist try was also mailed to jim rees,
and the openssh and openssl people, so they know of the problem.)
hi.
there are two projects supporting smartcard use in openssh (that i'm
aware of): muscle (www.linuxnet.com) and citi
(www.citi.umich.edu/projects/smartcard). the citi code is included
in openssh 3.0.2p1 (didn't check older versions).
the muscle code uses the RSA meth attribute.
take a look at openssl/rsa.h:
...
typedef struct rsa_st RSA;
...
struct rsa_st
{
/* The first parameter is used to pickup errors where
* this is passed instead of aEVP_PKEY, it is
* set to 0 */
int pad;
int version;
RSA_METHOD *meth;
...
however the citi code included in openssh requires the engine version
of openssl with such an openssl/rsa.h:
...
typedef struct rsa_st RSA;
...
struct rsa_st
{
/* The first parameter is used to pickup errors where
* this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
int version;
#if 0
RSA_METHOD *meth;
#else
struct engine_st *engine;
#endif
...
so, this structure has only either meth or engine, but never both.
as a result, i can only compile and use either the muscle projects
solution (muscelFramework with openssh-ce, musclecard, pcsc-lite,
some driver, a javacard 2.1 and the muscle applet, all with openssl
without the engine), or i can use the citi solution (openssh 3.0.2p1,
libsectok, todos driver, schluberger javacard 2.0, the citi applet,
with openssl-engine).
so, if anyone has a nice idea, how i can use try both at the same time,
without haveing to openssl versions, this would be nice.
Else, may i suggest to update documentation to reflect such problems,
like openssh/README.smartcard in the openssh sourcecode, the openssl
faq [MISC] 6, README and openssh-ce/INSTALL from muscleFramework.
regards, andreas
***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to [EMAIL PROTECTED] with
unsubscribe sclinux
***************************************************************
