aj-sclinuxdungeon.inka.de wrote:
>
> (update: first mail bounced, my froM: was wrong. then of course ther is
> also a third openssh/smartcard implementation from opensc, will look
> into this soon. then the fist try was also mailed to jim rees,
> and the openssh and openssl people, so they know of the problem.)
>
> hi.
>
> there are two projects supporting smartcard use in openssh (that i'm
> aware of): muscle (www.linuxnet.com) and citi
> (www.citi.umich.edu/projects/smartcard). the citi code is included
> in openssh 3.0.2p1 (didn't check older versions).
>
> the muscle code uses the RSA meth attribute.
> take a look at openssl/rsa.h:
> ...
[snip]
>
> however the citi code included in openssh requires the engine version
> of openssl with such an openssl/rsa.h:
> ...

Just a quick comment about this. ENGINE is the way to go for future
stuff. When OpenSSL 0.9.7 is released it will only use ENGINE. Having
said that it isn't very hard to convert from the old RSA_METHOD stuff to
the new ENGINE. ENGINE is (among other things) a wrapper for RSA_METHOD
so you can just create an ENGINE with the current RSA_METHOD in it and
set up keys to use the new ENGINE instead.

Steve.

-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: shensondrh-consultancy.demon.co.uk 
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: stephen.hensongemplus.com PGP key: via homepage.
***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to majordomolinuxnet.com with
unsubscribe sclinux
***************************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]