Re: Why still no PKCS#11 ECC key support in OpenSSH ?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 




On 8/13/2018 3:02 PM, Damien Miller wrote:

If someone can recommend hardware and some instructions on how to
set it up that will only improve the changes of this happening sooner.


One source is the set of NIST PIV Test cards. They are ready to use.
Each card has a different set of keys, certificates and objects. Some have RSA keys
and some ECC keys. Note: each set is a copy of the master set. So don't use them
in a production environment. They are not cheap, but are ready to use for testing.

https://www.nist.gov/srd/nist-special-database-33

More about the test cards themselves:

https://csrc.nist.gov/Projects/PIV/NIST-Personal-Identity-Verification-Test-Cards

The OpenSC PKCS11 can use these cards. As noted by others, you could use the Yubico
Yubikey, that has a PIV applet on the card. But you must generate keys and
certificates for the card. Yubikey supports RSA and ECC keys.


-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
.


--

 Douglas E. Engert  <DEEngert@xxxxxxxxx>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux