Mailing List Archive

[Bug 3202] Ed25519 key on HSM is not getting listed in ssh-add -l command
https://bugzilla.mindrot.org/show_bug.cgi?id=3202

Jakub Jelen <jjelen@redhat.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Keywords| |pkcs11
CC| |jjelen@redhat.com

--- Comment #1 from Jakub Jelen <jjelen@redhat.com> ---
The support for Ed25519 keys is very fresh in PKCS #11 so not even all
pksc11 libraries caught up. But as we have RSA and ECDSA, adding
Ed25519 should not be that hard. I would like to have a look into that
eventually.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3202] Ed25519 key on HSM is not getting listed in ssh-add -l command [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3202

--- Comment #2 from Ranjan <ranjan.kumar@thalesgroup.com> ---
Thanks Jakub. We have many customers who want to use ED25519,so can you
please tell when we can expect the support for this will be avaiable?

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3202] Ed25519 key on HSM is not getting listed in ssh-add -l command [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3202

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org

--- Comment #3 from Damien Miller <djm@mindrot.org> ---
OpenSSH won't implement this until we have some way to test, preferably
both hardware and a software (softhsm or similar) target to test
against.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3202] Ed25519 key on HSM is not getting listed in ssh-add -l command [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3202

--- Comment #4 from Jakub Jelen <jjelen@redhat.com> ---
(In reply to Damien Miller from comment #3)
> OpenSSH won't implement this until we have some way to test,
> preferably both hardware and a software (softhsm or similar) target
> to test against.

SoftHSM supports Ed25519 keys already [0] (with some follow-up fixes to
match final PKCS #11 3.0 specs) and for OpenSC we have patches pending
(tested with NitroKey with Gnuk applet) [1] so if anyone is interested
to work on this, there are enough possibilities.

[0] https://github.com/opendnssec/SoftHSMv2/pull/324
[1] https://github.com/OpenSC/OpenSC/pull/1960

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3202] Ed25519 key on HSM is not getting listed in ssh-add -l command [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3202

--- Comment #5 from Ranjan <ranjan.kumar@thalesgroup.com> ---
We have several customers interested in ED25519 keys to use with SSH
where the keys are generated on HSM. If you can provide support in
OpenSSH then we can test and verify it on our end with HSM.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs