[ssh_x509] PKIX-SSH release 11.1

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue Dec 19 21:03:30 EET 2017


Hello,

I would like to announce immediate availability of new release - 11.1.

This release includes some improvements:
- Protected authentication path for EC-keys
   Use of RSA keys stored on a secure token supports protected 
authentication path (pinpad reader). Unfortunately functionality was not 
implemented for EC-keys. With refactoring PKCS#11 login functionality 
protected authentication path is available for EC-keys as well.

- print public key for externally stored identities
   Now ssh-keygen command option -y, that print an public key to stdout, 
accepts keyfile name in enhanced identity format.
   Remark: PKIX-SSH could use externally stored identities - for mode 
details see description of IdentityFile in manual page ssh_config(5). In 
brief if identity name start with "engine:" instead from file identity 
load is redirected to "loadable cryptographic module" (engine). Prefix 
"store:" could be used if cryptographic library supports ossl_store(7) 
functionality (upcoming OpenSSL functionality).

- build fixes
   Build system is modernized to use more recent scripts. Also duplicate 
dependency objects or libraries are removed.

Regards,
Roumen Petrov




More information about the ssh_x509 mailing list