If you want to use OpenSC with Cygwin OpenSSH utilities, such as ssh-agent or ssh, then OpenSC has to be compiled for Cygwin. To do this follow these steps:
When building OpenSC we're going to be running the reconfiguration step of the OpenSC build process. One side effect is that this step may try to incorporate additional features that are detected in your current Cygwin installation, which can complicate the package dependencies. So these instructions are based on starting from a fresh Cygwin installation. Thus:
- Remove all versions of bash, gcc, peagent, git, etc.
- Clear PATH var of any ref to other make or gcc utils etc.
- Temporarily unset CYGWIN environment variable while building and installing. Currently having CYGWIN set causes make install to fail in the install-exec-hook stage.
- Go to https://cygwin.com/install.html.
- Run setup-x86_64.exe & save it for running later.
- Install to c:\cygwin64.
- Select All Users.
- Save packages to a convenient location, e.g. D:\cygwin-packages.
- Select mirror etc.
By default the base packages will be ready to be downloaded and installed, but before exiting setup, also select the following extra packages:
- Category/Devel/autoconf: Wrapper scripts for autoconf commands.
- Category/Devel/autoconf2.5: Current version of the automatic config script builder.
- Category/Devel/automake: Wrapper for multiple versions of Automake.
- Category/Devel/automake1.15: a tool for generating GNU compliant Makefiles.
- Category/Devel/gcc-core: GNU Compiler Collection (C, OpenMP).
- Category/Devel/gcc-g++: GNU Compiler Collection (C++).
- Category/Devel/git: Distributed version control system.
- Category/Devel/libtool: Generic lib support script.
- Category/Devel/make: The GNU version of the 'make' utility.
- Category/Devel/pkg-config: Package compiling configuration utility.
- Category/Libs/libreadline-devel: GNU readline and history libraries.
- Category/Libs/zlib-devel: gzip de/compression library.
- Category/Net/libssl-devel or openssl-devel: A general purpose cryptography toolkit...
- Category/System/procps-ng: System and process monitoring utils - such as pkill. [Optional]
Finish off and have the Cygwin GUI install all these + create desktop icon for Cygwin64 Terminal.
Note: installing the above also causes the following to be installed:
- Category/Net/openssh: The OpenSSH server and client programs.
- Category/Libs/libopenssl100: A general purpose crypto toolkit.
- Plus others.
- From within a Cygwin terminal, get source for OpenSC via:
$ cd /usr/src
$ git clone https://github.com/OpenSC/OpenSC.git
$ cd OpenSC
-
Check the version of configure.ac does not define CRYPTOKI_FORCE_WIN32.
So, edit configure.ac and comment out (#) line at (approx) 107, that looks like:
CPPFLAGS="$... -DCRYPTOKI_FORCE_WIN32"
-
Then perform commands:
$ ./bootstrap
$ ./configure --disable-strict
$ make
$ make install
$ pkcs11-tool --test
Or list objects:
$ pkcs11-tool -O
- Start ssh-agent via:
$ eval $(ssh-agent -s)
- Check current identities, should be none:
$ ssh-add -L
- Now add identities from smart card:
$ ssh-add -s /usr/local/lib/pkcs11/opensc-pkcs11.dll
- Check identities were added, this should list a bunch of keys depending what's on the smart card:
$ ssh-add -L