[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent

Mathias Brossard mathias at brossard.org
Wed Oct 14 15:19:54 AEDT 2015

On Mon, Sep 28, 2015 at 1:17 AM, Mathias Brossard <mathias at brossard.org>

> I have made a patch for enabling the use of ECDSA keys in the PKCS#11
> support of ssh-agent which will be of interest to other users.
> I have tested it with P-256 keys. P-384 and P-521 should work
> out-of-the box. The code is ready for non-FIPS curves (named or
> explicit), but OpenSSH currently limits ECDSA to those 3 curves.

I've now been able to test the patch with 2 different smart-cards with
P-256 and a software token with P-256, P-384 and P-521.

> I added this patch and text as
> https://bugzilla.mindrot.org/show_bug.cgi?id=2474

The patch has been updated in the ticket with two bugs fixed.

Mathias Brossard

More information about the openssh-unix-dev mailing list