[Bug 2075] [PATCH] Enable key pair generation on a PCKS#11 device

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 23 02:06:34 AEDT 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2075

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #2 from Jakub Jelen <jjelen at redhat.com> ---
Using ssh-keygen to generate keys on PKCS#11 device is interesting
idea, that I would clearly welcome to avoid using many other tools to
generate keys on smart cards.

But I don't think referring to this key using external file is a way to
go. Can it be done without it? It would simplify the patch by a great
deal.

Also I don't think that the generated key should have the CKA_DECRYPT
attribute set, if it should be used for SSH.

Otherwise, the key-generation changes look reasonable.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list