[Bug 2075] [PATCH] Enable key pair generation on a PCKS#11 device
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 23 02:06:34 AEDT 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2075
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jjelen at redhat.com
--- Comment #2 from Jakub Jelen <jjelen at redhat.com> ---
Using ssh-keygen to generate keys on PKCS#11 device is interesting
idea, that I would clearly welcome to avoid using many other tools to
generate keys on smart cards.
But I don't think referring to this key using external file is a way to
go. Can it be done without it? It would simplify the patch by a great
deal.
Also I don't think that the generated key should have the CKA_DECRYPT
attribute set, if it should be used for SSH.
Otherwise, the key-generation changes look reasonable.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list