On Fri, 2019-01-25 at 01:23 +0300, Yegor Ievlev wrote: > Is it currently possible to use rsa-sha2-256 or rsa-sha2-512 with a > key stored on a PIV or OpenPGP smart card, like a YubiKey? OpenSC > itself appears to support SHA-2 signatures, but I can't find > information about SSH support. Yes, it works fine with my Yubikey 4 (certainly PIV and I also think that OpenPGP worked). >From OpenSC point of view, the SHA2 is not a problem, because OpenSSH already passes in the hash so internally, it is just the same CKM_RSA_PKCS PKCS#11 mechanism with longer data (32 or 64 bytes instead of 20 bytes used for SHA1). Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev