Wanted: smartcard with ECDSA support
Damien Miller
djm at mindrot.org
Wed Apr 1 10:14:21 AEDT 2015
On Tue, 31 Mar 2015, Thomas Calderon wrote:
> Hi list,
>
> I have no idea if Damien Miller had the time to work on that.
>
> I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
> This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
> required interfaces to override the signature function pointer for ECDSA.
> The only limitation is that the OpenSSL API misses some cleanup function
> (finish, for instance), hence I have yet to find a way to properly free the
> PKCS#11 resources.
>
> Is this a contribution you might be interested in ?
There's another ECDSA-for-PKCS#11 patch floating around too, but yes.
I never found ECDSA-capable smartcards. Donations of a couple are
still welcome.
-d
More information about the openssh-unix-dev
mailing list