-
-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support for OpenSSH's certificate system #108
Comments
I don’t see a clear path to implementation give how unique the OpenSSH certificates are. Curious if anyone else has input. |
I got putty-cac 0.78 to work with openssh certs, at least for CAPI certs (tested with a PIV-I card), so it may just work the same with PKCS certs (HSM via PKCS11).
I think this is fine when working with directly with putty.exe, but it won't work when using plink and pageant. The next step would be to add a way in pageant to associate a key with an openssh cert in a persistent way and let putty use it in the same way as putty.exe does. Eventually perhaps even take the openssh cert directly from a SAN value (type uri, value of urn:example:{base64 encoded cert} or something) or a custom extension in the X509 certificate matching the key, either in CAPI or in the HSM (find by label with object type certificate) |
As of version 0.78, putty supports OpenSSH's certificate system (in PuTTY Configuration, from Connection -> SSH -> Auth -> Credentials -> Certificate to use with the privatekey).
Is there any way to use this kind of cert while corresponding private key is stored in an HSM?
The text was updated successfully, but these errors were encountered: