OpenSSH PKCS#11merge

Ben Lindstrom mouring at
Wed Jan 9 09:53:42 EST 2008

On Tue, 8 Jan 2008, Peter Stuge wrote:

>> I also splitted the patches so it will be clear what goes to where
>> and why.
>> Available for OpenSSH and Portable OpenSSH versions, and X.509
>> functionality.
> Cool! Have you made any research on pkcs#11 in OpenBSD? I asked
> around in #openbsd on freenode some time ago but noone there had
> heard any strong opinions either for or against it.
> OpenBSD has support for hardware crypto, but that's all in the kernel
> and I suppose applications all use whatever native API:s there are,
> which then may or may not be accelerated.
> Might be interesting to check out. OpenVPN supposedly can make use of
> the hw crypto acceleration. I don't know at all about the scope of
> OBSD hw crypto support. Perhaps a p11 wrapper for the OBSD native API
> would be useful. :)

IIRC, any application using OpenSSL with a supported encryption hardware 
gains the performance boost under OpenBSD.

I know I did some research a few years ago and almost picked up a Soekris 
with a VPN card.  Just started considering how much CPU cycles my home 
server uses and realized I wouldn't be happy with it.

- Ben

More information about the openssh-unix-dev mailing list