PKCS#11 ECDSA support

Damien Miller djm at mindrot.org
Mon Jan 21 16:31:56 AEDT 2019


Hi,

Markus Friedl has added PKCS#11 support for ECDSA keys to OpenSSH. It's
available in OpenBSD and the portable version and includes a regress
test against softhsm2.

https://anongit.mindrot.org/openssh.git/commit/?id=93f02107 (and subsequent)

I've used it successfully with a Yubikey 4 using RSA2048, ECCP256 and
ECCP384 keys.

This should be in the OpenSSH 8.0 release.

-d


More information about the openssh-unix-dev mailing list