Why still no PKCS#11 ECC key support in OpenSSH ?

Damien Miller djm at mindrot.org
Tue Aug 14 06:02:56 AEST 2018


On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:

> Lack of time on the Open Source projects is understandable, and not uncommon.
>
> However, PKCS11 has been in the codebase practically forever - the ECC
> patches that I saw did not alter the API or such. It is especially
> non-invasive when digital signature is concerned.
>
> Considering how long those patches have been sitting in the queue, and
> the continued interest among the users - perhaps you can prioritize
> the integration?

If someone can recommend hardware and some instructions on how to
set it up that will only improve the changes of this happening sooner.

-d


More information about the openssh-unix-dev mailing list