Why still no PKCS#11 ECC key support in OpenSSH ?

James Bottomley James.Bottomley at HansenPartnership.com
Tue Aug 14 06:56:04 AEST 2018


On Mon, 2018-08-13 at 21:20 +0100, Thomas Calderon wrote:
> Hello Damien,
> 
> You don't necessarily need hardware to progress on most of the
> integration, you could use a software token to start with, softhsmv2
> supports ECC and is a good PKCS#11 implementation.

To be honest, if you want a reliable set of unit tests then software is
always the way to go.  For instance if you look at this TPM engine
project:

https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/

All the tests are based on a software TPM emulator because you just
wouldn't be able to guarantee the state of the hardware even if you
even had access to it on the build system.

James



More information about the openssh-unix-dev mailing list