Why still no PKCS#11 ECC key support in OpenSSH ?
Jan “Zviratko” Schermer
jan at schermer.cz
Wed Aug 15 00:10:32 AEST 2018
PKCS#11 support for ECC should have been integrated years ago. Let's not complicate it now, just integrate the existing patches so that people stuck with EC keys at least can use them somehow...
Jan
Sent from my iPhone
> On 14 Aug 2018, at 17:04, Ben Lindstrom <mouring at offwriting.org> wrote:
>
> Wasn't there a proposal at one time to create something like AuthorizedKeysCommand for PKSC11 and other methods that required more complex backend processed so it could be externalized and OpenSSH could be simplified?
>
> Ben
>
> Damien Miller wrote:
>>> On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
>>>
>>> Lack of time on the Open Source projects is understandable, and not uncommon.
>>>
>>> However, PKCS11 has been in the codebase practically forever - the ECC
>>> patches that I saw did not alter the API or such. It is especially
>>> non-invasive when digital signature is concerned.
>>>
>>> Considering how long those patches have been sitting in the queue, and
>>> the continued interest among the users - perhaps you can prioritize
>>> the integration?
>>
>> If someone can recommend hardware and some instructions on how to
>> set it up that will only improve the changes of this happening sooner.
>>
>> -d
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list