[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
Mathias Brossard
mathias at brossard.org
Wed Oct 14 15:19:54 AEDT 2015
On Mon, Sep 28, 2015 at 1:17 AM, Mathias Brossard <mathias at brossard.org>
wrote:
> I have made a patch for enabling the use of ECDSA keys in the PKCS#11
> support of ssh-agent which will be of interest to other users.
>
> I have tested it with P-256 keys. P-384 and P-521 should work
> out-of-the box. The code is ready for non-FIPS curves (named or
> explicit), but OpenSSH currently limits ECDSA to those 3 curves.
>
I've now been able to test the patch with 2 different smart-cards with
P-256 and a software token with P-256, P-384 and P-521.
> I added this patch and text as
> https://bugzilla.mindrot.org/show_bug.cgi?id=2474
>
The patch has been updated in the ticket with two bugs fixed.
Sincerely,
--
Mathias Brossard
More information about the openssh-unix-dev
mailing list