On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:> Lack of time on the Open Source projects is understandable, and not uncommon. > > However, PKCS11 has been in the codebase practically forever - the ECC > patches that I saw did not alter the API or such. It is especially > non-invasive when digital signature is concerned. > > Considering how long those patches have been sitting in the queue, and > the continued interest among the users - perhaps you can prioritize > the integration?If someone can recommend hardware and some instructions on how to set it up that will only improve the changes of this happening sooner. -d
Hello Damien, You don't necessarily need hardware to progress on most of the integration, you could use a software token to start with, softhsmv2 supports ECC and is a good PKCS#11 implementation. Cheers, Thomas On Mon, 13 Aug 2018, 21:10 Damien Miller, <djm at mindrot.org> wrote:> On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > > > Lack of time on the Open Source projects is understandable, and not > uncommon. > > > > However, PKCS11 has been in the codebase practically forever - the ECC > > patches that I saw did not alter the API or such. It is especially > > non-invasive when digital signature is concerned. > > > > Considering how long those patches have been sitting in the queue, and > > the continued interest among the users - perhaps you can prioritize > > the integration? > > If someone can recommend hardware and some instructions on how to > set it up that will only improve the changes of this happening sooner. > > -d > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
On Mon, 2018-08-13 at 21:20 +0100, Thomas Calderon wrote:> Hello Damien, > > You don't necessarily need hardware to progress on most of the > integration, you could use a software token to start with, softhsmv2 > supports ECC and is a good PKCS#11 implementation.To be honest, if you want a reliable set of unit tests then software is always the way to go. For instance if you look at this TPM engine project: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/ All the tests are based on a software TPM emulator because you just wouldn't be able to guarantee the state of the hardware even if you even had access to it on the build system. James
On Mon, Aug 13, 2018 at 1:09 PM Damien Miller <djm at mindrot.org> wrote:> If someone can recommend hardware and some instructions on how to > set it up that will only improve the changes of this happening sooner.YubiKeys are probably the easiest to procure. A model that includes the "smart card (PIV)" feature is needed, some YubiKeys only support U2F. I would recommend the Yubikey 4 over the NEO unless you really want to use the NFC feature, because it is much faster. I'll compile a list of instructions. Sincerely, -- Mathias Brossard
On 8/13/2018 3:02 PM, Damien Miller wrote:> If someone can recommend hardware and some instructions on how to > set it up that will only improve the changes of this happening sooner. >One source is the set of NIST PIV Test cards. They are ready to use. Each card has a different set of keys, certificates and objects. Some have RSA keys and some ECC keys. Note: each set is a copy of the master set. So don't use them in a production environment. They are not cheap, but are ready to use for testing. https://www.nist.gov/srd/nist-special-database-33 More about the test cards themselves: https://csrc.nist.gov/Projects/PIV/NIST-Personal-Identity-Verification-Test-Cards The OpenSC PKCS11 can use these cards. As noted by others, you could use the Yubico Yubikey, that has a PIV applet on the card. But you must generate keys and certificates for the card. Yubikey supports RSA and ECC keys.> -d > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > . >-- Douglas E. Engert <DEEngert at gmail.com>
On Tue, 2018-08-14 at 06:02 +1000, Damien Miller wrote:> On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > > > Lack of time on the Open Source projects is understandable, and not > > uncommon. > > > > However, PKCS11 has been in the codebase practically forever - the > > ECC > > patches that I saw did not alter the API or such. It is especially > > non-invasive when digital signature is concerned. > > > > Considering how long those patches have been sitting in the queue, > > and > > the continued interest among the users - perhaps you can prioritize > > the integration? > > If someone can recommend hardware and some instructions on how to > set it up that will only improve the changes of this happening > sooner.The pkcs11 tests are even part of the testsuite [1], but comically enough, they are never run. Mostly because the software pkcs11 module is not in repository. The fix for this test was proposed as part of PKCS#11 URI (unfortunately limited to RSA) [2] long time ago alongside with several others offers to help in this direction, but without any followups for years in various email threads and bugs. As already proposed by others, you really do not need to have hardware to implement and test things. There are several software tokens that are very suitable for testing. I would recommend you softhsm [3]. For setting up softhsm token, I use the following script, that I wrote initially for OpenSC and now is simplified and used for libcacard [4], which takes care of configuration, keys and certificates creation and loading them into the software card. Using ECC keys is quite much a change of RSA:1024 string to EC:secp256r1 or other curve. As already said, the yubikey 4 is probably best choice if you really need real hardware. For setting a yubikey, you need yubico-piv-tool which has its features and functinoality explained in manual page [5]. Later on, this works with OpenSC pkcs11 module. [1] https://github.com/openssh/openssh-portable/blob/master/regress/agent-pkcs11.sh [2] https://bugzilla.mindrot.org/show_bug.cgi?id=2817 [3] https://github.com/opendnssec/SoftHSMv2/ [4] https://gitlab.freedesktop.org/spice/libcacard/blob/master/tests/setup-softhsm2.sh [5] https://developers.yubico.com/yubico-piv-tool/Manuals/yubico-piv-tool.1.html -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc.
Wasn't there a proposal at one time to create something like AuthorizedKeysCommand for PKSC11 and other methods that required more complex backend processed so it could be externalized and OpenSSH could be simplified? Ben Damien Miller wrote:> On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > >> Lack of time on the Open Source projects is understandable, and not uncommon. >> >> However, PKCS11 has been in the codebase practically forever - the ECC >> patches that I saw did not alter the API or such. It is especially >> non-invasive when digital signature is concerned. >> >> Considering how long those patches have been sitting in the queue, and >> the continued interest among the users - perhaps you can prioritize >> the integration? > > If someone can recommend hardware and some instructions on how to > set it up that will only improve the changes of this happening sooner. > > -d > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Jan “Zviratko” Schermer
2018-Aug-14 14:10 UTC
Why still no PKCS#11 ECC key support in OpenSSH ?
PKCS#11 support for ECC should have been integrated years ago. Let's not complicate it now, just integrate the existing patches so that people stuck with EC keys at least can use them somehow... Jan Sent from my iPhone> On 14 Aug 2018, at 17:04, Ben Lindstrom <mouring at offwriting.org> wrote: > > Wasn't there a proposal at one time to create something like AuthorizedKeysCommand for PKSC11 and other methods that required more complex backend processed so it could be externalized and OpenSSH could be simplified? > > Ben > > Damien Miller wrote: >>> On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: >>> >>> Lack of time on the Open Source projects is understandable, and not uncommon. >>> >>> However, PKCS11 has been in the codebase practically forever - the ECC >>> patches that I saw did not alter the API or such. It is especially >>> non-invasive when digital signature is concerned. >>> >>> Considering how long those patches have been sitting in the queue, and >>> the continued interest among the users - perhaps you can prioritize >>> the integration? >> >> If someone can recommend hardware and some instructions on how to >> set it up that will only improve the changes of this happening sooner. >> >> -d >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev at mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
On Mon, Aug 13, 2018 at 1:09 PM Damien Miller <djm at mindrot.org> wrote:> If someone can recommend hardware and some instructions on how to > set it up that will only improve the changes of this happening sooner. >In order to test with Yubikey, you need two pieces of software: - yubico-piv-tool (https://developers.yubico.com/yubico-piv-tool/) needed to generate the keys and certificates (*) on the token. - OpenSC (https://github.com/OpenSC/OpenSC) which is a PKCS#11 middleware that supports many smart cards or tokens. Here are the instructions for ECC P-256: $ yubico-piv-tool -s 9a -a generate -A ECCP256 -o eccp256.pub Successfully generated a new private key. $ yubico-piv-tool -s 9a -a verify -P 123456 -a selfsign -S '/CN=ECC-P256/' -i eccp256.pub -o eccp256.crt Successfully verified PIN. Successfully generated a new self signed certificate. $ yubico-piv-tool -s 9a -a import-certificate -i eccp256.crt Successfully imported a new certificate. I am include the instructions for RSA (2048 bits) for completeness: $ yubico-piv-tool -s 9d -a generate -A RSA2048 -o rsa2048.pub Successfully generated a new private key. $ yubico-piv-tool -s 9d -a verify -P 123456 -a selfsign -S '/CN=RSA-2048/' -i rsa2048.pub -o rsa2048.crt Successfully verified PIN. Successfully generated a new self signed certificate. $ yubico-piv-tool -s 9d -a import-certificate -i rsa2048.crt Successfully imported a new certificate. I would advise against using slot 9c and 9e for SSH authentication, the first requires re-authentication before each operation and the second does not need PIN entry (**). The following should work for other types of cards / tokens supported by OpenSC. $ export PKCS11=/absolute/path/to/file/opensc-pkcs11.so # I really want to point out that /absolute/path/to/file/opensc-pkcs11.so should be an absolute path to a file, because openssh will dereference symbolic links and build the absolute path. $ eval $(./ssh-agent -P $PKCS11) Agent pid xxxx $ ./ssh-add -s $PKCS11 Enter passphrase for PKCS#11: Card added: /absolute/path/to/file/opensc-pkcs11.so $ ./ssh-add -L ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPaNzxqeb9cL3dUve6272MXCni6quduVSW3dLztt1yh9GLh251r6GjMSddYYHU4Pqa3oYcZ/vcl9DnRuaUwsjGSi0TcGA41pq7qTzZc/Ut6AvuZMCM0LwB5b/cn+XAycq8OlkFZyhX2C8SsJqqq+q0IpdWkt/FQYt75IPcMyFeww07a/JIoO2T0p8K/cOE+G3iLNPCrchj2KkbvEKpA3BhtKcDNyrymrRq+VKc9v19lIaVQQk9pRfgL4iVo0SoCqRqANuwWaB5K8KD4Opq/v09l35Wt2yJJ7AT+mM4iDSVWhI3x8u9C0YVNVLIdEGdxlOHGyOEWZyI4ddC2hQIK7n7 /absolute/path/to/file/opensc-pkcs11.so ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEf/KakrNDTqUwd6N+c59a2pJyduDfs1rJ766PEZEa++A/8taEGJ+5i86A+YY0iZ9GiMVXA1AchpvZHFpHy8zMc/absolute/path/to/file/opensc-pkcs11.so $ ./ssh-add -l 2048 SHA256:RpeSZsimroIkfUg938vkKY6KnCetYf3d+jXo57Qa3qU /absolute/path/to/file/opensc-pkcs11.so (RSA) 256 SHA256:RNOoWtiNAs84nCntuL3mZDJeZJF0/W7yYeMIiJnh0lo /absolute/path/to/file/opensc-pkcs11.so (ECDSA) $ ssh -v mytestbox [...] debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:RpeSZsimroIkfUg938vkKY6KnCetYf3d+jXo57Qa3qU /absolute/path/to/file/opensc-pkcs11.so debug1: Authentications that can continue: publickey,password debug1: Offering public key: ECDSA SHA256:RNOoWtiNAs84nCntuL3mZDJeZJF0/W7yYeMIiJnh0lo /absolute/path/to/file/opensc-pkcs11.so debug1: Server accepts key: pkalg ecdsa-sha2-nistp256 blen 104 debug1: Authentication succeeded (publickey). [...] Sincerely, -- Mathias Brossard (*) The fact we need to generate a certificate is an artefact of the PIV model which doesn't provide a method to retrieve a public key except at generation. ssh-pkcs11-helper expects the PKCS#11 middleware to either provide the public keys or the certificates to identify the keys present, and OpenSC only provides them if certificates are present. (**) These slots identifiers are specific to cards that follow the PIV standard