Dear Douglas, Everything is fine with methods. But I'm speaking about the variables rsa_idx and ec_key_idx, sorry for being unclear. They serve as handles in a global OpenSSL table and identify a pkcs11_data associated with a particular key, don't they? On Sat, Feb 13, 2021 at 3:07 PM Douglas E Engert <deengert@xxxxxxxxx> wrote: > These lines are for METHODS, i.e. RSA_METHOD and EC_KEY_METHOD. RSA keys > can share an RSA_METHOD, > and EC keys can share an EC_KEY_METHOD. A method can be copied, for > example an OpenSSL engine > for using PKCS11, would then provide the routines in the method to not use > the default software version > of RSA signature or decrypting operations, but use PKCS11 to have these > operations done on the token or smart card. > So for RSA keys on the token, all these keys would share a copied and > modified RSA_METHOD PKCS11 method > where the rsa_idx in these keys is used to point to key specific data such > as PkCS11 slot and KeyIDs. > > > > On 2/12/2021 10:31 AM, Dmitry Belyavskiy wrote: > > Hello, > > > > Do I correctly understand that there can't be more than one key of each > > type of PKCS#11? > > > > The lines > > > https://github.com/openssh/openssh-portable/blame/1bb130ed34721d46452529d094d9bbf045607d79/ssh-pkcs11.c#L191-L196 > > seem to use the global variables for RSA/ECDSA pkcs11-related data > > structures. > > > > Many thanks! > > > > -- > > Douglas E. Engert <DEEngert@xxxxxxxxx> > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > -- Dmitry Belyavskiy _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
