[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
Douglas E Engert
deengert at gmail.com
Fri Oct 9 08:14:47 AEDT 2015
On 10/8/2015 12:29 PM, Damien Miller wrote:
> On Thu, 8 Oct 2015, Douglas E Engert wrote:
>
>> Then what is:
>> 1.3.6.1.4.1.11591.15.1 Ed25519
>>
>> defined here:
>> https://www.gnu.org/prep/standards/html_node/OID-Allocations.html
>>
>> The whole idea of namedCurve was you did not have to pass in the parameters,
>> and PKIX certificates only allow namedCurve.
>
> Ed25519 is a different algorithm to ECDSA, not just a different curve.
Then can you comment on what Thomas Calderon said:
> This can be done already using the CKM_ECDSA mechanism parameters (see CKA_ECDSA_PARAMS in the standard).
> Given that the underlying HW or SW tokens supports Ed25519 curves, then you could leverage it even with version 2.20 of the PKCS#11 standard.
>
> -d
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssh-unix-dev
mailing list