On 10/8/2015 4:49 AM, Simon Josefsson wrote:
Mathias Brossard <mathias@xxxxxxxxxxxx> writes:
Hi,
I have made a patch for enabling the use of ECDSA keys in the PKCS#11
support of ssh-agent which will be of interest to other users.
Nice! What would it take to add support for Ed25519 too? Do we need to
allocate any new PKCS#11 identifiers?
Yes, and PKCS#11 allows for *_VENDOR_SUPPLIED identifiers. But using these can
get out of hand. Best to try and get them in the standard. OASIS controls the
standard From 14 April 2015:
http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html
2.40 does not define Ed25519.
The Gnuk smartcard supports
Ed25519 but I don't know if it is common to use it with OpenSSH through
PKCS#11 (I would expect it to be used with OpenSSH through GnuPG's
gpg-agent). At least it might be useful as a test case.
/Simon
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Douglas E. Engert <DEEngert@xxxxxxxxx>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev