Re: [PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 





On 10/8/2015 4:49 AM, Simon Josefsson wrote:
Mathias Brossard <mathias@xxxxxxxxxxxx> writes:

Hi,

I have made a patch for enabling the use of ECDSA keys in the PKCS#11
support of ssh-agent which will be of interest to other users.

Nice!  What would it take to add support for Ed25519 too?  Do we need to
allocate any new PKCS#11 identifiers?

Yes, and PKCS#11 allows for *_VENDOR_SUPPLIED identifiers. But using these can
get out of hand. Best to try and get them in the standard. OASIS controls the
standard From 14 April 2015:

 http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html

2.40 does not define Ed25519.

The Gnuk smartcard supports
Ed25519 but I don't know if it is common to use it with OpenSSH through
PKCS#11 (I would expect it to be used with OpenSSH through GnuPG's
gpg-agent).  At least it might be useful as a test case.

/Simon



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


--

 Douglas E. Engert  <DEEngert@xxxxxxxxx>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux