Using rsa-sha2-256 with a YubiKey or a different smart card
Jakub Jelen
jjelen at redhat.com
Fri Jan 25 20:18:26 AEDT 2019
On Fri, 2019-01-25 at 01:23 +0300, Yegor Ievlev wrote:
> Is it currently possible to use rsa-sha2-256 or rsa-sha2-512 with a
> key stored on a PIV or OpenPGP smart card, like a YubiKey? OpenSC
> itself appears to support SHA-2 signatures, but I can't find
> information about SSH support.
Yes, it works fine with my Yubikey 4 (certainly PIV and I also think
that OpenPGP worked).
>From OpenSC point of view, the SHA2 is not a problem, because OpenSSH
already passes in the hash so internally, it is just the same
CKM_RSA_PKCS PKCS#11 mechanism with longer data (32 or 64 bytes instead
of 20 bytes used for SHA1).
Regards,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
More information about the openssh-unix-dev
mailing list