Why still no PKCS#11 ECC key support in OpenSSH ?

Mathias Brossard mathias at brossard.org
Wed Aug 15 08:32:58 AEST 2018


On Mon, Aug 13, 2018 at 1:09 PM Damien Miller <djm at mindrot.org> wrote:

> If someone can recommend hardware and some instructions on how to
> set it up that will only improve the changes of this happening sooner.
>

In order to test with Yubikey, you need two pieces of software:
- yubico-piv-tool (https://developers.yubico.com/yubico-piv-tool/) needed
to generate the keys and certificates (*) on the token.
- OpenSC (https://github.com/OpenSC/OpenSC) which is a PKCS#11 middleware
that supports many smart cards or tokens.

Here are the instructions for ECC P-256:
$ yubico-piv-tool -s 9a -a generate -A ECCP256 -o eccp256.pub
Successfully generated a new private key.
$ yubico-piv-tool -s 9a -a verify -P 123456 -a selfsign -S '/CN=ECC-P256/'
-i eccp256.pub -o eccp256.crt
Successfully verified PIN.
Successfully generated a new self signed certificate.
$ yubico-piv-tool -s 9a -a import-certificate -i eccp256.crt
Successfully imported a new certificate.

I am include the instructions for RSA (2048 bits) for completeness:
$ yubico-piv-tool -s 9d -a generate -A RSA2048 -o rsa2048.pub
Successfully generated a new private key.
$ yubico-piv-tool -s 9d -a verify -P 123456 -a selfsign -S '/CN=RSA-2048/'
-i rsa2048.pub -o rsa2048.crt
Successfully verified PIN.
Successfully generated a new self signed certificate.
$ yubico-piv-tool -s 9d -a import-certificate -i rsa2048.crt
Successfully imported a new certificate.

I would advise against using slot 9c and 9e for SSH authentication, the
first requires re-authentication before each operation and the second does
not need PIN entry (**).
The following should work for other types of cards / tokens supported by
OpenSC.

$ export PKCS11=/absolute/path/to/file/opensc-pkcs11.so
# I really want to point out that /absolute/path/to/file/opensc-pkcs11.so
should be an absolute path to a file, because openssh will dereference
symbolic links and build the absolute path.

$ eval $(./ssh-agent -P $PKCS11)
Agent pid xxxx

$ ./ssh-add -s $PKCS11
Enter passphrase for PKCS#11:
Card added: /absolute/path/to/file/opensc-pkcs11.so

$ ./ssh-add -L
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDPaNzxqeb9cL3dUve6272MXCni6quduVSW3dLztt1yh9GLh251r6GjMSddYYHU4Pqa3oYcZ/vcl9DnRuaUwsjGSi0TcGA41pq7qTzZc/Ut6AvuZMCM0LwB5b/cn+XAycq8OlkFZyhX2C8SsJqqq+q0IpdWkt/FQYt75IPcMyFeww07a/JIoO2T0p8K/cOE+G3iLNPCrchj2KkbvEKpA3BhtKcDNyrymrRq+VKc9v19lIaVQQk9pRfgL4iVo0SoCqRqANuwWaB5K8KD4Opq/v09l35Wt2yJJ7AT+mM4iDSVWhI3x8u9C0YVNVLIdEGdxlOHGyOEWZyI4ddC2hQIK7n7
/absolute/path/to/file/opensc-pkcs11.so
ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEf/KakrNDTqUwd6N+c59a2pJyduDfs1rJ766PEZEa++A/8taEGJ+5i86A+YY0iZ9GiMVXA1AchpvZHFpHy8zMc=
/absolute/path/to/file/opensc-pkcs11.so

$ ./ssh-add -l
2048 SHA256:RpeSZsimroIkfUg938vkKY6KnCetYf3d+jXo57Qa3qU
/absolute/path/to/file/opensc-pkcs11.so (RSA)
256 SHA256:RNOoWtiNAs84nCntuL3mZDJeZJF0/W7yYeMIiJnh0lo
/absolute/path/to/file/opensc-pkcs11.so (ECDSA)

$ ssh -v mytestbox
[...]
debug1: Next authentication method: publickey
debug1: Offering public key: RSA
SHA256:RpeSZsimroIkfUg938vkKY6KnCetYf3d+jXo57Qa3qU
/absolute/path/to/file/opensc-pkcs11.so
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: ECDSA
SHA256:RNOoWtiNAs84nCntuL3mZDJeZJF0/W7yYeMIiJnh0lo
/absolute/path/to/file/opensc-pkcs11.so
debug1: Server accepts key: pkalg ecdsa-sha2-nistp256 blen 104
debug1: Authentication succeeded (publickey).
[...]

Sincerely,
-- 
Mathias Brossard
(*) The fact we need to generate a certificate is an artefact of the PIV
model which doesn't provide a method to retrieve a public key except at
generation. ssh-pkcs11-helper expects the PKCS#11 middleware to either
provide the public keys or the certificates to identify the keys present,
and OpenSC only provides them if certificates are present.
(**) These slots identifiers are specific to cards that follow the PIV
standard


More information about the openssh-unix-dev mailing list