[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hardware device

Subject: Re: Hardware device
From: Jakub Jelen <jjelen@xxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Wed, 7 Dec 2022 10:20:56 +0100
To: libssh@xxxxxxxxxx

On 12/5/22 14:38, Dennis Gnatowski wrote:

I am following the example from(https://developers.redhat.com/blog/2020/10/28/smart-cards-support-in-libssh#build_and_use_libssh_with_pkcs__11 <https://developers.redhat.com/blog/2020/10/28/smart-cards-support-in-libssh#build_and_use_libssh_with_pkcs__11>)
   int rc;
char priv_uri[1042] =“pkcs11:token=my-token;object=my-object;type=private?pin-value=1234”;
   rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, priv_uri);

   assert_int_equal(rc, SSH_OK)

   rc = ssh_userauth_publickey_auto(session, NULL, NULL);

but using:
char priv_uri[1042] ="pkcs11:object=SSH-key-acme?pin-value=####;manufacturer=IBM?module-path=/usr/lib64/pkcs11/PKCS11_API.so";

This does not look like a valid URI. There can be only one questionmark, path is separated by semicolons and query parts are separated byampersands so it should be something like:


pkcs11:object=SSH-key-acme;manufacturer=IBM?pin-value=####&module-path=/usr/lib64/pkcs11/PKCS11_API.so

see the uri syntax in https://datatracker.ietf.org/doc/html/rfc7512

Regards,
--
Jakub Jelen
Crypto Team, Security Engineering
Red Hat, Inc.

Follow-Ups:
RE: Hardware device	dennis@xxxxxxxxx

References:
Hardware device	Dennis Gnatowski <dennis@xxxxxxxxx>
Re: Hardware device	Jakub Jelen <jjelen@xxxxxxxxxx>
Re: Hardware device	Dennis Gnatowski <dennis@xxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org