hi.
there are two projects supporting smartcard use in openssh (that i'm
aware of): muscle (www.linuxnet.com) and citi
(www.citi.umich.edu/projects/smartcard). the citi code is included
in openssh 3.0.2p1 (didn't check older versions).
the muscle code uses the RSA meth attribute.
take a look at openssl/rsa.h:
...
typedef struct rsa_st RSA;
...
struct rsa_st
{
/* The first parameter is used to pickup errors where
* this is passed instead of aEVP_PKEY, it is
* set to 0 */
int pad;
int version;
RSA_METHOD *meth;
...
however the citi code included in openssh requires the engine version
of openssl with such an openssl/rsa.h:
...
typedef struct rsa_st RSA;
...
struct rsa_st
{
/* The first parameter is used to pickup errors where
* this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
int version;
#if 0
RSA_METHOD *meth;
#else
struct engine_st *engine;
#endif
...
so, this structure has only either meth or engine, but never both.
as a result, i can only compile and use either the muscle projects
solution (muscelFramework with openssh-ce, musclecard, pcsc-lite,
some driver, a javacard 2.1 and the muscle applet, all with openssl
without the engine), or i can use the citi solution (openssh 3.0.2p1,
libsectok, todos driver, schluberger javacard 2.0, the citi applet,
with openssl-engine).
so, if anyone has a nice idea, how i can use try both at the same time,
without haveing to openssl versions, this would be nice.
Else, may i suggest to update documentation to reflect such problems,
like openssh/README.smartcard in the openssh sourcecode, the openssl
faq [MISC] 6, README and openssh-ce/INSTALL from muscleFramework.
regards, andreas
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
