From c5161fe2fc7743840dcee23b3e8b2d89f6f79789 Mon Sep 17 00:00:00 2001 From: showipintbri <40892800+showipintbri@users.noreply.github.com> Date: Fri, 16 Dec 2022 20:05:03 -0500 Subject: [PATCH 1/2] Corrected Typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f5e75b4f..fe4239a1 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ PuTTY executables (putty.exe, pageant.exe, psftp.exe) support the following addi ### Certificates For the purposes of PuTTY CAC, the certificate is simply a convenient way to reference a private/public key pair. If you want to use PuTTY CAC to securely logon to your system and do not have access to a Certificate Authority (CA), the certificate can be self-signed. Conversely, PuTTY CAC can be used in conjunction with managed SSH servers to enforce multifactor authentication. This can be done by ensuring that the OpenSSH authorized_keys file only contains public keys associated with hardware tokens either procedurally or by creating an index of all issued certs and looking them up through OpenSSH directives like AuthorizedKeysCommand. ### Federal Information Processing Standards (FIPS) Compliance -The specific code used to interface with the hardware token utilizes the Microsoft cryptographic libraries which in turn are governed by system-level FIPS settings (see [Microsoft's website](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing)). Similarly, the hardware token that is used for signing authentication challenges is guaranteed to use FIPS compliant algorithms if the hardware key is FIPS certified; see the hardware token's manufacturer website for more information. PuTTY itself utilizes proprietary encryption and hashing one the SSH session is established which has not undergone evaluation for FIPS compliance or certification. +The specific code used to interface with the hardware token utilizes the Microsoft cryptographic libraries which in turn are governed by system-level FIPS settings (see [Microsoft's website](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing)). Similarly, the hardware token that is used for signing authentication challenges is guaranteed to use FIPS compliant algorithms if the hardware key is FIPS certified; see the hardware token's manufacturer website for more information. PuTTY itself utilizes proprietary encryption and hashing once the SSH session is established which has not undergone evaluation for FIPS compliance or certification. ## Notes On Building PuTTY CAC ### Prerequisites * Visual Studio 2022 with C++ Desktop Application Development From 3cf279e4a6cce9251de0481554f182f8f8153089 Mon Sep 17 00:00:00 2001 From: Bryan Berns Date: Thu, 26 Jan 2023 15:36:04 -0500 Subject: [PATCH 2/2] Note License In Readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index fe4239a1..e0317dff 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,8 @@ PuTTY CAC is maintained independently from the US Government by the open source You can download the latest release of PuTTY CAC here: https://github.com/NoMoreFood/putty-cac/releases +PuTTY CAC source code and binaries are free to use for any purpose. The license can be found here: https://github.com/NoMoreFood/putty-cac/blob/master/code/LICENCE + ## Prerequisites * Microsoft Windows 10 or Later * For CAPI support, an appropriate Windows smart card mini-driver must be installed. This is typically provided by the smart card manufacturer although many common hardware tokens are supported by OpenSC.