Re: Current status of PKCS#11 ECDSA support

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, Oct 18, 2017 at 3:13 PM, Roland Bracewell Shoemaker <roland@xxxxxxx>
wrote:

> What is the current status on work to add support for PKCS#11 ECDSA keys?
> I’ve been using a version of the patch that has been sitting around on the
> bug tracker [1] for ~2 years now without much movement and am wondering if
> this is ever going to make it into a release.
>

Hello. I'm the author of the patch. In addition to some comments in the bug
tracker, I've had several email expressing interest in the patch and/or
reporting success using it.

Is this a case of there being existing issues with that implementation
> without anyone interested in resolving them/pushing forward to get this
> patch merged or are there other extant issues that are preventing this from
> happening?
>

I think that there is some interest. I'm guessing there is a lack of
bandwidth for maintainers to review it.

As hardware based tokens are gaining popularity (not to mention things like
> the built in secure enclave like chips in many newer devices) along with
> the increase in usage of ECDSA keys this would be a really nice thing to
> have baked into mainline releases instead of having to tell people to go
> merge a random patch and build OpenSSH themselves.
>

Hey that's my patch you're talking about :). But I do agree with you it
would be nice to have it added.

If there is anything I can do to help push this along let me know!
>

I'm still interested in improving / fixing the patch to get it included.

I just uploaded a patch that applies cleanly to 7.6p1 and re-tested it with
LibreSSL 2.5.5 and OpenSSL 1.0.2l.

Sincerely,
-- 
Mathias Brossard
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux