Why still no PKCS#11 ECC key support in OpenSSH ?
Douglas E Engert
deengert at gmail.com
Tue Aug 14 12:13:04 AEST 2018
On 8/13/2018 3:02 PM, Damien Miller wrote:
> If someone can recommend hardware and some instructions on how to
> set it up that will only improve the changes of this happening sooner.
>
One source is the set of NIST PIV Test cards. They are ready to use.
Each card has a different set of keys, certificates and objects. Some have RSA keys
and some ECC keys. Note: each set is a copy of the master set. So don't use them
in a production environment. They are not cheap, but are ready to use for testing.
https://www.nist.gov/srd/nist-special-database-33
More about the test cards themselves:
https://csrc.nist.gov/Projects/PIV/NIST-Personal-Identity-Verification-Test-Cards
The OpenSC PKCS11 can use these cards. As noted by others, you could use the Yubico
Yubikey, that has a PIV applet on the card. But you must generate keys and
certificates for the card. Yubikey supports RSA and ECC keys.
> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> .
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssh-unix-dev
mailing list