Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make PrivateKeyFile an implementation of IPrivateKeySource to make room for other key sources #577

Closed
wants to merge 7 commits into from
Closed

Make PrivateKeyFile an implementation of IPrivateKeySource to make room for other key sources #577

wants to merge 7 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Aug 11, 2019

Hello,

I am planning to add support for TPM/SmartCard-based private key authentication to SSH.NET (please see #576).
TPM/SmartCard-based private key authentication is a new authentication method in which the private key is stored in a special hardware (outside of the filesystem), reinforcing client-side security by preventing anyone (even intruders w/o certain privileges) from stealing the private key.

This PR does not involve the functionality itself, but it includes the only breaking change to the API, which is why I opened this PR.
Specifically, I want to create a new interface IPrivateKeySource which is implemented by PrivateKeyFile so that in the future, PrivateKeyCng (which represents a private key stored somewhere else) could be handled transparently.
The rest of the changes required to implement TPM/SmartCard authentication is not going to impact the public API at all, just adding new classes and new files.

If this change is deemed unacceptable, I will try to come up with another way to pass the new kind of private keys to the API.

Thank you in advance.

@darkoperator
Copy link

darkoperator commented Aug 11, 2019 via email

@ghost
Copy link
Author

ghost commented Aug 11, 2019

@darkoperator I'm sorry I forgot to clarify that. This feature is going to be exclusively available to .NET 3.5 due to the use of P/Invoke. I must think of a way to perform tests without problems, but apart from the changes in this PR, users on the other platforms will not notice any changes in the API.

@ghost ghost mentioned this pull request Aug 12, 2019
Open
@ghost
Copy link
Author

ghost commented Aug 12, 2019

If anyone is interested, I posted a link to a repo in #576 which contains a demo in which a private key from TPM/Smartcard is used to log in to a remote host.

@drieseng
Copy link
Member

Please provide a small text fragment that describes this change, so that we can include it in the release notes.

Thx!

@ghost
Copy link
Author

ghost commented Aug 13, 2019

@drieseng I'm new and I am not sure if I'm doing this right, does this suffice? Thank you.

Added a public interface IPrivateKeySource to enable authentication by plugins.

@poizan42
Copy link

What about alternatively just replace all usages of PrivateKeyFile with HostAlgorithm? The only accessible field in PrivateKeyFile is the HostAlgorithm anyways, and HostAlgorithm is already extensible.

@IgorMilavec IgorMilavec mentioned this pull request Feb 20, 2022
Merged
@IgorMilavec
Copy link
Collaborator

@sadlame #794 has been merged, can you please check if this PR can be closed.

@WojciechNagorski
Copy link
Collaborator

@sadlame PR needs refreshing.

@Rob-Hague Rob-Hague closed this Apr 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@darkoperator @drieseng @poizan42 @IgorMilavec @WojciechNagorski @Rob-Hague