search for: _vendor_supplied

...; I have made a patch for enabling the use of ECDSA keys in the PKCS#11 >> support of ssh-agent which will be of interest to other users. > > Nice! What would it take to add support for Ed25519 too? Do we need to > allocate any new PKCS#11 identifiers? Yes, and PKCS#11 allows for *_VENDOR_SUPPLIED identifiers. But using these can get out of hand. Best to try and get them in the standard. OASIS controls the standard From 14 April 2015: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html 2.40 does not define Ed25519. > The Gnuk smartcard supports > Ed25519 but...

...;>> support of ssh-agent which will be of interest to other users. >>>> >>> >>> Nice! What would it take to add support for Ed25519 too? Do we need to >>> allocate any new PKCS#11 identifiers? >>> >> >> Yes, and PKCS#11 allows for *_VENDOR_SUPPLIED identifiers. But using these >> can >> get out of hand. Best to try and get them in the standard. OASIS controls >> the >> standard From 14 April 2015: >> >> >> http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html >> >> 2.4...

Hi, I have made a patch for enabling the use of ECDSA keys in the PKCS#11 support of ssh-agent which will be of interest to other users. I have tested it with P-256 keys. P-384 and P-521 should work out-of-the box. The code is ready for non-FIPS curves (named or explicit), but OpenSSH currently limits ECDSA to those 3 curves. At high level it works like the support for RSA, but because of