Hello,

While WinCrypt does recognise the certificates from Windows' Certificate Store, I cannot manage to actually authenticate.

After putting the [CN]-cert.pub file in my User Folder, I can execute "ssh-add -v -T [CN]-cert.pub" and I was prompted by Windows for my PIN, and afterwards I get a notification that says "Authentication Success" (no text in cmd). BUT, if I execute the same command twice, I get the error "Agent signature failed for [CN]-cert.pub: agent refused operation".

Regardless if I first try the ssh-add test first or not, when I try to ssh into the server, I get "debug1: Server accepts key: [CN]-cert.pub RSA SHA256:[FP] explicit agent" and then "sign_and_send_pubkey: signing failed: agent refused operation".

To check whether ssh can actually communicate through the named pipe, I checked with the regular ssh-agent service disabled and WinCrypt closed and I got an error, which I assume means that, since I don't get errors when WinCrypt is running, the communication through the pipe exists.

Any pointers as to what's the problem here?

Thanks in advance! This is an awesome piece of code right there and a much-needed keychain for Windows!

P.S.: I am not using a YubiKey, but a SmartCard-HSM, but I don't think that there are any clues pointing to that being the problem.