PuTTY wish smartcard-auth
summary: PuTTY could use RSA keys held on smartcards
class: wish: This is a request for an enhancement.
difficulty: taxing: Needs external things we don't have (standards, users etc)
priority: low: We aren't sure whether to fix this or not.
It's been suggested that PuTTY could use RSA keys held on a smartcard for
authentication. This would require interfacing with smartcard APIs and
suchlike, and might be an application for the MDPI.
Alternatively, it might be better to integrate smartcard support into
an SSH agent, either as part of Pageant or as a plug-in replacement for it.
After all, the purpose of a smartcard is to generate cryptographic signatures
on demand, which is what an SSH agent does too.
Some patches we've seen (links are on our
Patches against PuTTY/Pageant 0.55 to use PKCS#11 libraries (tested with
These patches can be found in
opensc-project.org's contrib directory.
There is a packaged version called the Smart Card Bundle.
Patch with extended key file format that uses external (PuTTY-specific?)
A compiled binary called PuTTYcard can also be found in
opensc-project.org's contrib directory,
although confusingly it apparently doesn't use OpenSC.
... which was replaced by a directly smartcard-enabled Pageant.
- PuTTY SC uses PKCS#11.
If you want to comment on this web site, see the