Bug 1908 - Extract the public key from certificate on pkcs#11
Summary: Extract the public key from certificate on pkcs#11
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Smartcard (show other bugs)
Version: 5.8p2
Hardware: All All
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2011-05-19 20:29 AEST by Laurent Barbe
Modified: 2016-08-02 10:41 AEST (History)
2 users (show)

See Also:

Attachments
Patch for extract the pubkey from cert on pkcs#11 (4.74 KB, patch)
2011-06-04 03:50 AEST, Laurent Barbe 		no flags Details | Diff
updated patch for extracting the pubkey from x509 via pkcs#11 (4.97 KB, patch)
2013-10-17 02:17 AEDT, Markus Friedl 		no flags Details | Diff
extract pub key from x509 via pkcs11, skip duplicates (5.16 KB, patch)
2013-11-01 18:59 AEDT, Markus Friedl 		djm: ok+
Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Laurent Barbe 2011-05-19 20:29:01 AEST 
Some token not allow access the public key object.
(It does not even exist at all on some token...)
This patch add search on CKO_CERTIFICATE to retrieve public key from certificates.
Must be optimized...
Tested with SafeNet 72K eToken.
Comment 1 Damien Miller 2011-06-03 10:25:04 AEST 
It looks like you forgot to attach the patch. Could you please try again?
Comment 2 Laurent Barbe 2011-06-04 03:50:46 AEST 
Created attachment 2054 [details]
Patch for extract the pubkey from cert on pkcs#11
Comment 3 Markus Friedl 2013-10-17 02:17:03 AEDT 
Created attachment 2354 [details]
updated patch for extracting the pubkey from x509 via pkcs#11
Comment 4 Damien Miller 2013-10-17 10:10:44 AEDT 
Might a token offer a key in bare form and as a certificate? If so, should it check for an identical key in the array before appending it? 

Later, it would be nice to be able to extract an OpenSSH certificate from an extension section of the X.509 certificate so we could store our certs on the card too.
Comment 5 Markus Friedl 2013-11-01 18:59:30 AEDT 
Created attachment 2370 [details]
extract pub key from x509 via pkcs11, skip duplicates
Comment 6 Damien Miller 2013-11-01 19:09:32 AEDT 
Comment on attachment 2370 [details]
extract pub key from x509 via pkcs11, skip duplicates

Looks good!
Comment 7 Markus Friedl 2013-11-03 07:09:11 AEDT 
(In reply to Damien Miller from comment #6)
> Comment on attachment 2370 [details]
> extract pub key from x509 via pkcs11, skip duplicates
> 
> Looks good!

I've committed the patch to openbsd....
Comment 8 Damien Miller 2015-04-17 14:54:59 AEST 
this was committed some time back
Comment 9 Damien Miller 2016-08-02 10:41:29 AEST 
Close all resolved bugs after 7.3p1 release