Am Montag, 12. März 2018, 22:55:35 CET schrieb James Bottomley: Hi James, > > ECDSA is not implemented currently in the kernel crypto API. > > an ECDSA signature is produced as a ECDH operation using the DSA > algorithm instead of KDFe, so it's trivial with what we have; signature > verification involves a separate point addition but we have all the > primitives for this in crypto/ecc.c so adding it isn't really > difficult, is it? No, it is not. There even was a patch posted about a year ago to add ECDSA. But it was rejected due to missing in-kernel users. I guess that patch could be reactivated. Ciao Stephan