Timothy J Miller wrote:
> On Mar 31, 2008, at 9:49 AM, Douglas E. Engert wrote:
>
>> PIV is really an application on a card, and there are currently 4
>> NIST approved cards. 800-73 defines the application that needs to be
>> stanadardized for end user use.
>
> I've heard that there's at least
On Mar 31, 2008, at 9:42 AM, Andreas Jellinghaus wrote:
I thought: both. thanks for letting me know there is a way to
convert public
key files at least. secsh is the ssh 1 format? openssh has a
different format
these days, I guess that will be version 2?
To be honest, I have no idea. I t
On Mar 31, 2008, at 9:49 AM, Douglas E. Engert wrote:
PIV is really an application on a card, and there are currently 4
NIST approved cards. 800-73 defines the application that needs to be
stanadardized for end user use.
I've heard that there's at least one card provider that's going to
impl
Timothy J Miller wrote:
> I should point out that this is bad practice for keys used for data
> encryption, as loss or damage of the card can result in loss of the
> protected data. US DoD, for example, generates the signature keys on
> card, but encryption keys off-card and securely inje
Am Montag, 31. März 2008 15:46:28 schrieb Timothy J Miller:
> Public or private? The req command will happily read secsh format,
> e.g.:
>
> openssl req -key ~/.ssh/id_rsa -new | openssl req -pubkey
>
> This will convert a secsh formatted pubkey into PEM (you can just give
> the default responses
On Mar 29, 2008, at 4:56 AM, Andreas Jellinghaus wrote:
> RSA is not a format. openssh has a format (actually two different
> ones, check
> your .ssh/authorized_keys file for public keys for example), and PEM
> is a
> format (from the x.509/openssl world). there is no tool to convert
> opens
Am Samstag, 29. März 2008 12:59:25 schrieb Jim Rees:
> The very first implementation of ssh with smart cards was done by Naomaru
> Itoi here at CITI many years ago and did load an external private key
> instead of generating the key pair on the card. A descendant of that code
> is shipped today wi
The very first implementation of ssh with smart cards was done by Naomaru
Itoi here at CITI many years ago and did load an external private key
instead of generating the key pair on the card. A descendant of that code
is shipped today with the OpenBSD version of OpenSSH. Even though I worked
on t
Am Donnerstag, 27. März 2008 15:23:59 schrieb Timothy J Miller:
> I should point out that this is bad practice for keys used for data
> encryption, as loss or damage of the card can result in loss of the
> protected data. US DoD, for example, generates the signature keys on
> card, but encryption
Am Donnerstag, 27. März 2008 15:16:31 schrieb Jan Just Keijser:
> Hi Marc,
>
> seems to me that the FAQ is out of date; openssh private keys are in RSA
> format, which can easily be stored on a smart card/token. You can then
> use this key with its corresponding SSH public part using Alon Bar-Lev's
Hi Marc,
Am Donnerstag, 27. März 2008 14:50:33 schrieb Marc W. Abel:
> Is this to say the card cannot accept any externally generated private
> keys?
no. there is no tool to convert RSA keys in openssh format to RSA keys in pem
format. that shouldn't be difficult to implement, but so far noone n
Thanks for all the very kind and helpful responses!
Responding to Timothy's humor, I am in fact VERY pro-U.S. Government.
More than I can reveal in this forum. But with that said, sometimes
mistakes are made and sometimes policies and I do not agree. One thing
I can reveal, as it's general knowl
Hi Marc:
> From the FAQ at http://www.opensc-project.org/faq.html
>
> "Can I store my ssh private key on a smart card?
>
> "Most people prefer to use a smart card with a key that was generated on
> the card and cannot ever leave it. In fact everyone seems to do that. So
> while it might be tech
On Mar 27, 2008, at 8:50 AM, Marc W. Abel wrote:
>
> From the FAQ at http://www.opensc-project.org/faq.html
>
> "Can I store my ssh private key on a smart card?
>
> "Most people prefer to use a smart card with a key that was
> generate
Hi Marc,
seems to me that the FAQ is out of date; openssh private keys are in RSA
format, which can easily be stored on a smart card/token. You can then
use this key with its corresponding SSH public part using Alon Bar-Lev's
openssh patch. I must add that I have not tried this myself ;-)
chee
Good morning all,
I apologize in advance if what I ask has been recently discussed. I'm a
newcomer, and it appears that I would have to download several dozen
tarballs to get up to speed on this list.
>From the FAQ at http://www.opensc
16 matches
Mail list logo
