[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent

Douglas E Engert deengert at gmail.com
Fri Oct 9 08:14:47 AEDT 2015

On 10/8/2015 12:29 PM, Damien Miller wrote:
> On Thu, 8 Oct 2015, Douglas E Engert wrote:
>> Then what is:
>> Ed25519
>> defined here:
>>   https://www.gnu.org/prep/standards/html_node/OID-Allocations.html
>> The whole idea of namedCurve was you did not have to pass in the parameters,
>> and PKIX certificates only allow namedCurve.
> Ed25519 is a different algorithm to ECDSA, not just a different curve.

Then can you comment on what Thomas Calderon said:

 > This can be done already using the CKM_ECDSA mechanism parameters (see CKA_ECDSA_PARAMS in the standard).
 > Given that the underlying HW or SW tokens supports Ed25519 curves, then you could leverage it even with version 2.20 of the PKCS#11 standard.

> -d


  Douglas E. Engert  <DEEngert at gmail.com>

More information about the openssh-unix-dev mailing list