PuTTY wish smartcard-auth

This is a mirror. Follow this link to find the primary PuTTY web site.

summary: PuTTY could use RSA keys held on smartcards
class: wish: This is a request for an enhancement.
difficulty: taxing: Needs external things we don't have (standards, users etc)
priority: low: We aren't sure whether to fix this or not.

It's been suggested that PuTTY could use RSA keys held on a smartcard for authentication. This would require interfacing with smartcard APIs and suchlike, and might be an application for the MDPI.

Alternatively, it might be better to integrate smartcard support into an SSH agent, either as part of Pageant or as a plug-in replacement for it. After all, the purpose of a smartcard is to generate cryptographic signatures on demand, which is what an SSH agent does too.

Some patches we've seen (links are on our Links page):

<[email protected]>
Patches against PuTTY/Pageant 0.55 to use PKCS#11 libraries (tested with OpenSC)
These patches can be found in opensc-project.org's contrib directory. There is a packaged version called the Smart Card Bundle.
<[email protected]>
Patch with extended key file format that uses external (PuTTY-specific?) DLL
A compiled binary called PuTTYcard can also be found in opensc-project.org's contrib directory, although confusingly it apparently doesn't use OpenSC.
<[email protected]>
... which was replaced by a directly smartcard-enabled Pageant.
PuTTY SC uses PKCS#11.

If you want to comment on this web site, see the Feedback page.

Audit trail for this wish.

(last revision of this bug record was at 2017-04-28 16:52:45 +0100)