On Wed, Oct 18, 2017 at 3:13 PM, Roland Bracewell Shoemaker <roland@xxxxxxx> wrote: > What is the current status on work to add support for PKCS#11 ECDSA keys? > I’ve been using a version of the patch that has been sitting around on the > bug tracker [1] for ~2 years now without much movement and am wondering if > this is ever going to make it into a release. > Hello. I'm the author of the patch. In addition to some comments in the bug tracker, I've had several email expressing interest in the patch and/or reporting success using it. Is this a case of there being existing issues with that implementation > without anyone interested in resolving them/pushing forward to get this > patch merged or are there other extant issues that are preventing this from > happening? > I think that there is some interest. I'm guessing there is a lack of bandwidth for maintainers to review it. As hardware based tokens are gaining popularity (not to mention things like > the built in secure enclave like chips in many newer devices) along with > the increase in usage of ECDSA keys this would be a really nice thing to > have baked into mainline releases instead of having to tell people to go > merge a random patch and build OpenSSH themselves. > Hey that's my patch you're talking about :). But I do agree with you it would be nice to have it added. If there is anything I can do to help push this along let me know! > I'm still interested in improving / fixing the patch to get it included. I just uploaded a patch that applies cleanly to 7.6p1 and re-tested it with LibreSSL 2.5.5 and OpenSSL 1.0.2l. Sincerely, -- Mathias Brossard _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
