On 1/30/2014 6:28 PM, Damien Miller wrote:
Hi, I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA keys, but have so far been unable to find anyone who can sell me a smartcard that supports it. They certainly exist - AFAIK it's required by the US PIV standard, but obtaining cards that support it in single digit quantities seems all but impossible.
Also ask on the OpenSC list: opensc-devel@xxxxxxxxxxxxxxxxxxxxx Oberthur has cards (including PIV but is reluctant to sell in small quantities.) They do have the ID-ONE Evaluation kit with 5 PIV cards, a combo fingerprint reader and smartcard reader. $1000 (We have one at work, but I cant find it online.) NIST has a test suite of 16 PIV cards some of which have EC keys, but you can not update them. http://csrc.nist.gov/groups/SNS/piv/testcards.html (I have used all three of the above to develop the OpenSC PIV EC support.) CardContact is working on the SmartCard-HSM that has EC. Yubico has a PIV applet on their device. It is in beta but does not have ECC yet. https://store.yubico.com/store/catalog/product_info.php?cPath=21&products_id=88
Can anybody on this list help? I'd want 2-6 cards/tokens that support ECDSA in the NIST p256 curve and ideally RSA and DSA too. Cheers, Damien _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
-- Douglas E. Engert <DEEngert@xxxxxxxxx> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev