gcr lacks SSH import capabilities
Submitted by Hashem Nasarat
Link to original bug (#705225)
Description
While the ssh-store module tracks the existence of SSH keyfiles in ~/.ssh, importing ssh private key files fails. This results in high-level errors in programs like seahorse and gnome-keyring-3 which both utilize the gcr crypto-widget library.
Implementing this feature will require modifying the ssh-store module to add specific cryptoki functions to handle such requests from higher levels of the application stack. Specifically, two pkcs functions
- module_class->add_token_and
- module_class->store_token_object need to be overridden in the derived class GkmSshModule within gnome-keyring/pkcs11/ssh-store/gkm-ssh-module.c
This function can be implemented in a similar fashion to the one in the GkmGnome2Storage module.
Additionally, the ssh-store module may need to notify the ssh-agent component of gnome-keyring of a new available ssh-key.
Already I have custom code running in gkm_gnome2_storage_create () when an ssh-key is imported.
However, I'm currently blocked on finding the code that determines which PKCS#11 module (gnome2 or ssh) responds to the request from high-level access. I believe the function is related to the gkm_module_register_factory () call, but I am unsure.