[Bug 2075] New: [PATCH] Enable key pair generation on a PCKS#11 device

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Mar 7 06:01:29 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2075

            Bug ID: 2075
           Summary: [PATCH] Enable key pair generation on a PCKS#11 device
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: rmcilroy at google.com

Created attachment 2225
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2225&action=edit
Pkcs11 key-pair generation patch

This patch enables ssh-keygen to generate an RSA public/private key
pair on a PKCS#11 device (such as a TPM).  Once the keys have been
created on the PKCS#11 device, the public identity file is created as
normal, but a new private key format is introduced to signal that the
key needs to be loaded from an external device.  

My plan is to augment this pkcs11 private key identity file format to
enable automatic loading of the external key (e.g., without setting
PKCS11Provider or using the -I option), but I wanted to run this by
people first.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list