Wanted: smartcard with ECDSA support

Douglas E Engert deengert at gmail.com
Fri Jan 31 13:37:20 EST 2014



On 1/30/2014 6:28 PM, Damien Miller wrote:
> Hi,
>
> I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA
> keys, but have so far been unable to find anyone who can sell me
> a smartcard that supports it.
>
> They certainly exist - AFAIK it's required by the US PIV standard,
> but obtaining cards that support it in single digit quantities
> seems all but impossible.


Also ask on the OpenSC list: opensc-devel at lists.sourceforge.net


Oberthur has cards (including PIV but is reluctant to sell in small quantities.)

They do have the ID-ONE Evaluation kit with 5 PIV cards, a combo fingerprint
reader and smartcard reader. $1000 (We have one at work, but I cant find it
online.)

NIST has a test suite of 16 PIV cards some of which have EC keys,
but you can not update them.
http://csrc.nist.gov/groups/SNS/piv/testcards.html

(I have used all three of the above to develop the OpenSC PIV EC support.)

CardContact is working on the SmartCard-HSM that has EC.

Yubico has a PIV applet on their device. It is in beta but does not have ECC yet.

https://store.yubico.com/store/catalog/product_info.php?cPath=21&products_id=88

>
> Can anybody on this list help? I'd want 2-6 cards/tokens that support
> ECDSA in the NIST p256 curve and ideally RSA and DSA too.
>
> Cheers,
> Damien
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

-- 

  Douglas E. Engert  <DEEngert at gmail.com>



More information about the openssh-unix-dev mailing list