PuTTY wish smartcard-auth

This is a mirror. The primary PuTTY web site can be found here.

summary: PuTTY could use RSA keys held on smartcards
class: wish: This is a request for an enhancement.
difficulty: taxing: Needs external things we don't have (standards, users etc)
priority: low: We aren't sure whether to fix this or not.

It's been suggested that PuTTY could use RSA keys held on a smartcard for authentication. This would require interfacing with smartcard APIs and suchlike, and might be an application for the MDPI.

Alternatively, it might be better to integrate smartcard support into an SSH agent, either as part of Pageant or as a plug-in replacement for it. After all, the purpose of a smartcard is to generate cryptographic signatures on demand, which is what an SSH agent does too.

Some patches we've seen (links are on our Links page):

<200409231510.55383.kstef@mtppi.org>
Patches against PuTTY/Pageant 0.55 to use PKCS#11 libraries (tested with OpenSC)
These patches can be found in opensc-project.org's contrib directory. There is a packaged version called the Smart Card Bundle.
<300242548@web.de>
Patch with extended key file format that uses external (PuTTY-specific?) DLL
A compiled binary called PuTTYcard can also be found in opensc-project.org's contrib directory, although confusingly it apparently doesn't use OpenSC.
<1673247798@web.de>
... which was replaced by a directly smartcard-enabled Pageant.
PuTTY SC uses PKCS#11.

Audit trail for this wish.

If you want to comment on this web site, see the Feedback page.
(last revision of this bug record was at 2007-07-29 15:20:37 +0100)