HostKey in hardware?

Arthur Mesh amesh at
Wed Nov 28 17:49:15 EST 2012

On Wed, Nov 28, 2012 at 05:03:27PM +1100, Damien Miller wrote:
> HostKeyPKCS11 /path/to/ /path/to/
> Which would load only the key specified by from the token.
> What do you think?

That should work, but may not be the most optimal way. One may argue
that a better approach is to query for a specific Key Identifier, or
CKA_ID in pkcs11 speak. One may use C_FindObjects() to query for key
objects with particular CKA_ID.

Arthur Mesh <amesh at>
Juniper Networks
+1 408 936-4968

More information about the openssh-unix-dev mailing list