[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
Douglas E Engert
deengert at gmail.com
Fri Oct 9 00:00:07 AEDT 2015
On 10/8/2015 4:49 AM, Simon Josefsson wrote:
> Mathias Brossard <mathias at brossard.org> writes:
>
>> Hi,
>>
>> I have made a patch for enabling the use of ECDSA keys in the PKCS#11
>> support of ssh-agent which will be of interest to other users.
>
> Nice! What would it take to add support for Ed25519 too? Do we need to
> allocate any new PKCS#11 identifiers?
Yes, and PKCS#11 allows for *_VENDOR_SUPPLIED identifiers. But using these can
get out of hand. Best to try and get them in the standard. OASIS controls the
standard From 14 April 2015:
http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html
2.40 does not define Ed25519.
> The Gnuk smartcard supports
> Ed25519 but I don't know if it is common to use it with OpenSSH through
> PKCS#11 (I would expect it to be used with OpenSSH through GnuPG's
> gpg-agent). At least it might be useful as a test case.
>
> /Simon
>
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssh-unix-dev
mailing list