Re: Using rsa-sha2-256 with a YubiKey or a different smart card

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 2019-01-25 at 01:23 +0300, Yegor Ievlev wrote:
> Is it currently possible to use rsa-sha2-256 or rsa-sha2-512 with a
> key stored on a PIV or OpenPGP smart card, like a YubiKey? OpenSC
> itself appears to support SHA-2 signatures, but I can't find
> information about SSH support.

Yes, it works fine with my Yubikey 4 (certainly PIV and I also think
that OpenPGP worked).

>From OpenSC point of view, the SHA2 is not a problem, because OpenSSH
already passes in the hash so internally, it is just the same
CKM_RSA_PKCS PKCS#11 mechanism with longer data (32 or 64 bytes instead
of 20 bytes used for SHA1).

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux