[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent

Douglas E Engert deengert at gmail.com
Fri Oct 9 00:00:07 AEDT 2015

On 10/8/2015 4:49 AM, Simon Josefsson wrote:
> Mathias Brossard <mathias at brossard.org> writes:
>> Hi,
>> I have made a patch for enabling the use of ECDSA keys in the PKCS#11
>> support of ssh-agent which will be of interest to other users.
> Nice!  What would it take to add support for Ed25519 too?  Do we need to
> allocate any new PKCS#11 identifiers?

Yes, and PKCS#11 allows for *_VENDOR_SUPPLIED identifiers. But using these can
get out of hand. Best to try and get them in the standard. OASIS controls the
standard From 14 April 2015:


2.40 does not define Ed25519.

> The Gnuk smartcard supports
> Ed25519 but I don't know if it is common to use it with OpenSSH through
> PKCS#11 (I would expect it to be used with OpenSSH through GnuPG's
> gpg-agent).  At least it might be useful as a test case.
> /Simon
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


  Douglas E. Engert  <DEEngert at gmail.com>

More information about the openssh-unix-dev mailing list