Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 12-22-2019, 12:52 AM
zibadun zibadun is offline
Registered User
 
Join Date: Dec 2017
Posts: 7
PIV with ECDSA P256 certificate not accepted for public key

Hi
I have a PIV with ecdsa certificate (NIST P 256). It does not seem to be listed as available auth options for the public key. If I regenerate a certificate with RSA 2048 everything works fine.

Am I doing something wrong or ecdsa (and ed25519) is not yet supported by SecureCRT? I have v8.5.4 at the moment.
Reply With Quote
  #2  
Old 12-23-2019, 08:53 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,104
Hi zibadun,

Certs *signed* with ecdsa algorithm (which is what I think you mean) is supported as of v8.7, currently in public beta release:

Changes in SecureCRT 8.7 (Pre-Beta) -- September 20, 2019
---------------------------------------------------------
  • Added support for x509v3-ecdsa-sha2 algorithms per RFC 6187 for Pkcs #11.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 12-23-2019, 06:04 PM
zibadun zibadun is offline
Registered User
 
Join Date: Dec 2017
Posts: 7
I mean the certificates which contains the ECDSA public and private keys.

I just tried the beta version and it did not give me an option to use this certificate

https://i.imgur.com/oGs8awt.png
Reply With Quote
  #4  
Old 12-24-2019, 08:07 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,104
Hi Zibadun,

It's often useful to see trace options output which provides debugging information that may help us better understand the problem that you're experiencing.

To enable trace options output:
  • First, open SecureCRT's main File pull-down menu and select Trace Options. If you open the File pull down menu again you should see a checkmark next to Trace Options, indicating that troubleshooting output is now enabled.
  • Next, connect to the remote machine. With trace options enabled, you will notice debugging information displayed in the terminal window that isn't normally there by default when SecureCRT is attempting to establish a connection, and at certain times throughout the lifetime of the connection.
  • Once the problem occurs, please right-click inside the terminal window and choose Select All, then right-click again and choose Copy to transfer the information to the clipboard.
  • Finally, open a text editor, paste the information from the clipboard into the editor program, and save it as a text file.
Since trace options can contain sensitive information, feel free to send it as an attachment via email to support@vandyke.com. Please reference "Attn Brenda - Forum Thread #14020" in the subject line.

NOTICE: The requested troubleshooting data may include sensitive information (usernames, passwords, publicly-accessible host names or IP addresses, etc.).

Please redact sensitive information that would not be appropriate for email communication prior to sending the requested information.

If there is sensitive information that must be conveyed in order to provide a complete picture of the scenario you're facing, please let us know and we will set up a secure upload mechanism that can be used.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #5  
Old 12-26-2019, 12:15 AM
zibadun zibadun is offline
Registered User
 
Join Date: Dec 2017
Posts: 7
Hi

just some more info.

Putty CAC https://github.com/NoMoreFood/putty-cac/releases
is able to use this NIST P 256 curve certificate with no prob.

the public key from the certificate looks like this:

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAulRj088m753z+K7FAOMLfvGH9xntVm8YD981UChjnpTzZK wYamfy3C5aE+rgHLRuafj+MbDiLthbJ3QwJiZmo= CAPI:4c3468d4b995bc2018c2f455693a17afff144bc6 CN=zb
Reply With Quote
  #6  
Old 12-26-2019, 10:02 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,104
Hi zibadun,

I will need the requested Trace Options output to move forward.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #7  
Old 12-26-2019, 03:39 PM
zibadun zibadun is offline
Registered User
 
Join Date: Dec 2017
Posts: 7
Hi Brenda

there is nothing for me to trace because the ECDSA certificate does not even show up in the list to chose from as the public key authentication method. I can see only certificates with the RSA keys
Reply With Quote
  #8  
Old 12-27-2019, 11:21 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,104
Hi zibadun,

I see now. That is still an open feature request.

I have added this thread to a feature request in our product enhancement database to add support for x.509 ECDSA certificates (RFC 6239). Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct email notification, send an email to support@vandyke.com and include Feature Request - Forum Thread #14020 in the subject line or use this form from the support page of our website.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 09:09 PM.