Re: PKCS#11 keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Dear Douglas,

Everything is fine with methods. But I'm speaking about the variables
rsa_idx and ec_key_idx, sorry for being unclear.
They serve as handles in a global OpenSSL table and identify a pkcs11_data
associated with a particular key, don't they?

On Sat, Feb 13, 2021 at 3:07 PM Douglas E Engert <deengert@xxxxxxxxx> wrote:

> These lines are for METHODS, i.e. RSA_METHOD and EC_KEY_METHOD. RSA keys
> can share an RSA_METHOD,
> and EC keys can share an EC_KEY_METHOD.  A method can be copied, for
> example an OpenSSL engine
> for using PKCS11, would then provide the routines in the method to not use
> the default software version
> of RSA signature or decrypting operations, but use PKCS11 to have these
> operations done on the token or smart card.
> So for RSA keys on the token, all these keys would share a copied and
> modified RSA_METHOD PKCS11 method
> where the rsa_idx in these keys is used to point to key specific data such
> as PkCS11 slot and KeyIDs.
>
>
>
> On 2/12/2021 10:31 AM, Dmitry Belyavskiy wrote:
> > Hello,
> >
> > Do I correctly understand that there can't be more than one key of each
> > type of PKCS#11?
> >
> > The lines
> >
> https://github.com/openssh/openssh-portable/blame/1bb130ed34721d46452529d094d9bbf045607d79/ssh-pkcs11.c#L191-L196
> > seem to use the global variables for RSA/ECDSA pkcs11-related data
> > structures.
> >
> > Many thanks!
> >
>
> --
>
>   Douglas E. Engert  <DEEngert@xxxxxxxxx>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>

-- 
Dmitry Belyavskiy
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux