On 1/30/2014 6:28 PM, Damien Miller wrote:> Hi,
>
> I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA
> keys, but have so far been unable to find anyone who can sell me
> a smartcard that supports it.
>
> They certainly exist - AFAIK it's required by the US PIV standard,
> but obtaining cards that support it in single digit quantities
> seems all but impossible.
Also ask on the OpenSC list: opensc-devel at lists.sourceforge.net
Oberthur has cards (including PIV but is reluctant to sell in small quantities.)
They do have the ID-ONE Evaluation kit with 5 PIV cards, a combo fingerprint
reader and smartcard reader. $1000 (We have one at work, but I cant find it
online.)
NIST has a test suite of 16 PIV cards some of which have EC keys,
but you can not update them.
http://csrc.nist.gov/groups/SNS/piv/testcards.html
(I have used all three of the above to develop the OpenSC PIV EC support.)
CardContact is working on the SmartCard-HSM that has EC.
Yubico has a PIV applet on their device. It is in beta but does not have ECC
yet.
https://store.yubico.com/store/catalog/product_info.php?cPath=21&products_id=88
>
> Can anybody on this list help? I'd want 2-6 cards/tokens that support
> ECDSA in the NIST p256 curve and ideally RSA and DSA too.
>
> Cheers,
> Damien
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
--
Douglas E. Engert <DEEngert at gmail.com>