[EMAIL PROTECTED] wrote: > > (update: first mail bounced, my froM: was wrong. then of course ther is > also a third openssh/smartcard implementation from opensc, will look > into this soon. then the fist try was also mailed to jim rees, > and the openssh and openssl people, so they know of the problem.) > > hi. > > there are two projects supporting smartcard use in openssh (that i'm > aware of): muscle (www.linuxnet.com) and citi > (www.citi.umich.edu/projects/smartcard). the citi code is included > in openssh 3.0.2p1 (didn't check older versions). > > the muscle code uses the RSA meth attribute. > take a look at openssl/rsa.h: > ... [snip] > > however the citi code included in openssh requires the engine version > of openssl with such an openssl/rsa.h: > ...
Just a quick comment about this. ENGINE is the way to go for future stuff. When OpenSSL 0.9.7 is released it will only use ENGINE. Having said that it isn't very hard to convert from the old RSA_METHOD stuff to the new ENGINE. ENGINE is (among other things) a wrapper for RSA_METHOD so you can just create an ENGINE with the current RSA_METHOD in it and set up keys to use the new ENGINE instead. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux ***************************************************************
