Wanted: smartcard with ECDSA support

Damien Miller djm at mindrot.org
Wed Apr 1 10:14:21 AEDT 2015


On Tue, 31 Mar 2015, Thomas Calderon wrote:

> Hi list,
> 
> I have no idea if Damien Miller had the time to work on that.
> 
> I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
> This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
> required interfaces to override the signature function pointer for ECDSA.
> The only limitation is that the OpenSSL API misses some cleanup function
> (finish, for instance), hence I have yet to find a way to properly free the
> PKCS#11 resources.
> 
> Is this a contribution you might be interested in ?

There's another ECDSA-for-PKCS#11 patch floating around too, but yes.

I never found ECDSA-capable smartcards. Donations of a couple are
still welcome.

-d


More information about the openssh-unix-dev mailing list