OpenSSH 10.1p1 and ed25519 keys hosted on PKCS#11 tokens
Brian Candler
b.candler at pobox.com
Wed Oct 8 17:55:21 AEDT 2025
On 08/10/2025 05:32, Damien Miller wrote:
> This line tells me you're not actually running OpenSSH 10.1.
>
> The current code prints the type number when it sees an unsupported key:
But the second part of the problem - importing/converting a standalone
ed25519 public key - still stands with 10.1p1 I believe.
% cat 9a.pem
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAca9+HUq6ZetwNmzURWp2LMqlWUnsl6VKTcyYVMv5NFs=
-----END PUBLIC KEY-----
% ssh-keygen -i -m PKCS8 -f 9a.pem
do_convert_from_pkcs8: unsupported pubkey type 1087
% ssh-keygen -i -m PEM -f 9a.pem
do_convert_from_pem: unrecognised raw private key format
% openssl pkey -in 9a.pem -pubin -noout -text
ED25519 Public-Key:
pub:
71:af:7e:1d:4a:ba:65:eb:70:36:6c:d4:45:6a:76:
2c:ca:a5:59:49:ec:97:a5:4a:4d:cc:98:54:cb:f9:
34:5b
% which ssh-keygen
/opt/homebrew/bin/ssh-keygen
% ls -l /opt/homebrew/bin/ssh-keygen
lrwxr-xr-x 1 brian admin 39 7 Oct 13:39 /opt/homebrew/bin/ssh-keygen
-> ../Cellar/openssh/10.1p1/bin/ssh-keygen
More information about the openssh-unix-dev
mailing list