HostKey in hardware?
Arthur Mesh
amesh at juniper.net
Wed Nov 28 17:49:15 EST 2012
On Wed, Nov 28, 2012 at 05:03:27PM +1100, Damien Miller wrote:
> HostKeyPKCS11 /path/to/pkcs11.so /path/to/hostkey.pub
>
> Which would load only the key specified by hostkey.pub from the token.
>
> What do you think?
That should work, but may not be the most optimal way. One may argue
that a better approach is to query for a specific Key Identifier, or
CKA_ID in pkcs11 speak. One may use C_FindObjects() to query for key
objects with particular CKA_ID.
--
Arthur Mesh <amesh at juniper.net>
Juniper Networks
+1 408 936-4968
More information about the openssh-unix-dev
mailing list