Wanted: smartcard with ECDSA support

Douglas E Engert deengert at gmail.com
Wed Apr 1 00:10:08 AEDT 2015



On 3/31/2015 4:23 AM, Thomas Calderon wrote:
> Hi list,
>
> I have no idea if Damien Miller had the time to work on that.
>
> I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
> This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
> required interfaces to override the signature function pointer for ECDSA.
> The only limitation is that the OpenSSL API misses some cleanup function
> (finish, for instance), hence I have yet to find a way to properly free the
> PKCS#11 resources.

OpenSC, engine_opensc and libp11 versions on github can use OpenSSL-1.0.2 with ECDSA.
They have the similar problems with memory leaks and ECDSA. But they do work,
if you can live with the memory leaks,for example to sign a certificate request
with ECDSA.

>
> Is this a contribution you might be interested in ?

Any OpenSSL code to call PKCS#11 directly and eliminate the need for the engine_opensc
would welcome.

>
>
> Cheers,
>
> Thomas Calderon
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

-- 

  Douglas E. Engert  <DEEngert at gmail.com>



More information about the openssh-unix-dev mailing list