Outstanding PKCS#11 issues
Jan Schermer
jan at schermer.cz
Fri Mar 2 22:37:17 AEDT 2018
Sorry for not replying correctly, I subscribed after this thread was started
> > Bug 2430 - ssh-keygen should allow to login before reading public
> > key
> > from smart card
> > Bug 2652 - PKCS11 login skipped if login required and no pin set
> > Bug 2638 - Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the
> > private objects
> > Bug 2474 - Enabling ECDSA in PKCS#11 support for ssh-agent
> > Bug 2817 - Add support for PKCS#11 URIs (RFC 7512)
> > Bug 2472 - Add support to load additional certificates
> > Bug 2075 - [PATCH] Enable key pair generation on a PCKS#11 device
From a user perspective, #2474 and #2472 are the absolute showstoppers - there’s no solution or workaround that can be implemented without them… or at least those kept popping for me over the years.
Jan
More information about the openssh-unix-dev
mailing list