On 8/13/2018 3:02 PM, Damien Miller wrote:
If someone can recommend hardware and some instructions on how to set it up that will only improve the changes of this happening sooner.
One source is the set of NIST PIV Test cards. They are ready to use. Each card has a different set of keys, certificates and objects. Some have RSA keys and some ECC keys. Note: each set is a copy of the master set. So don't use them in a production environment. They are not cheap, but are ready to use for testing. https://www.nist.gov/srd/nist-special-database-33 More about the test cards themselves: https://csrc.nist.gov/Projects/PIV/NIST-Personal-Identity-Verification-Test-Cards The OpenSC PKCS11 can use these cards. As noted by others, you could use the Yubico Yubikey, that has a PIV applet on the card. But you must generate keys and certificates for the card. Yubikey supports RSA and ECC keys.
-d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev .
-- Douglas E. Engert <DEEngert@xxxxxxxxx> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev