[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
Douglas E Engert
deengert at gmail.com
Fri Oct 9 08:14:47 AEDT 2015
On 10/8/2015 12:29 PM, Damien Miller wrote:
> On Thu, 8 Oct 2015, Douglas E Engert wrote:
>> Then what is:
>> 18.104.22.168.4.1.11591.15.1 Ed25519
>> defined here:
>> The whole idea of namedCurve was you did not have to pass in the parameters,
>> and PKIX certificates only allow namedCurve.
> Ed25519 is a different algorithm to ECDSA, not just a different curve.
Then can you comment on what Thomas Calderon said:
> This can be done already using the CKM_ECDSA mechanism parameters (see CKA_ECDSA_PARAMS in the standard).
> Given that the underlying HW or SW tokens supports Ed25519 curves, then you could leverage it even with version 2.20 of the PKCS#11 standard.
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssh-unix-dev