Current status of PKCS#11 ECDSA support

Roland Bracewell Shoemaker roland at eff.org
Thu Oct 19 09:13:22 AEDT 2017


Hey all,

What is the current status on work to add support for PKCS#11 ECDSA keys? I’ve been using a version of the patch that has been sitting around on the bug tracker [1] for ~2 years now without much movement and am wondering if this is ever going to make it into a release.

Is this a case of there being existing issues with that implementation without anyone interested in resolving them/pushing forward to get this patch merged or are there other extant issues that are preventing this from happening?

As hardware based tokens are gaining popularity (not to mention things like the built in secure enclave like chips in many newer devices) along with the increase in usage of ECDSA keys this would be a really nice thing to have baked into mainline releases instead of having to tell people to go merge a random patch and build OpenSSH themselves.

If there is anything I can do to help push this along let me know!

Thanks,
Roland

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2474


More information about the openssh-unix-dev mailing list