[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent

Douglas E Engert deengert at gmail.com
Fri Oct 9 08:14:47 AEDT 2015



On 10/8/2015 12:29 PM, Damien Miller wrote:
> On Thu, 8 Oct 2015, Douglas E Engert wrote:
>
>> Then what is:
>> 1.3.6.1.4.1.11591.15.1 Ed25519
>>
>> defined here:
>>   https://www.gnu.org/prep/standards/html_node/OID-Allocations.html
>>
>> The whole idea of namedCurve was you did not have to pass in the parameters,
>> and PKIX certificates only allow namedCurve.
>
> Ed25519 is a different algorithm to ECDSA, not just a different curve.

Then can you comment on what Thomas Calderon said:

 > This can be done already using the CKM_ECDSA mechanism parameters (see CKA_ECDSA_PARAMS in the standard).
 > Given that the underlying HW or SW tokens supports Ed25519 curves, then you could leverage it even with version 2.20 of the PKCS#11 standard.



>
> -d
>

-- 

  Douglas E. Engert  <DEEngert at gmail.com>



More information about the openssh-unix-dev mailing list