- markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 9e59c16..7dc7697 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.80 2009/10/24 00:48:34 dtucker Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.81 2010/02/08 10:50:20 markus Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -37,7 +37,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: October 24 2009 $
+.Dd $Mdocdate: February 8 2010 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -201,9 +201,10 @@
This operation is only supported for RSA1 keys.
The program will prompt for the file containing the private keys, for
the passphrase if the key has one, and for the new comment.
-.It Fl D Ar reader
-Download the RSA public key stored in the smartcard in
-.Ar reader .
+.It Fl D Ar pkcs11
+Download the RSA public keys stored in the
+.Ar pkcs11
+provider.
.It Fl e
This option will read a private or public OpenSSH key file and
print the key in
@@ -313,9 +314,6 @@
or
.Dq dsa
for protocol version 2.
-.It Fl U Ar reader
-Upload an existing RSA private key into the smartcard in
-.Ar reader .
.It Fl v
Verbose mode.
Causes