[Bug 1665695] Re: OpenSSH PKCS#11 interface does not support ECC.
Andy Sayler
andy.sayler at gmail.com
Thu Aug 9 02:42:52 UTC 2018
Unfortunately, this bug has been open upstream for years, with no real
indication of if or when it will ever be merged.
I applied the upstream patch to the current SSH releases for both Xenial
and Bionic and pushed the updates to a PPA at
https://launchpad.net/~andy.sayler/+archive/ubuntu/openssh-pkcs11-ecdsa.
Hopefully the PPA will tide people over for now. This is similar to both
homebrew and Fedora where the unmerged patch has been applied to the
current builds and made available to users.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1665695
Title:
OpenSSH PKCS#11 interface does not support ECC.
Status in portable OpenSSH:
Unknown
Status in openssh package in Ubuntu:
Triaged
Bug description:
OpenSSH client doesn't support Eliptics Curve keys on PKCS11 smartcard
ssh-keygen -v -D /usr/lib/libeTPkcs11.so
debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescription <SafeNet eToken PKCS#11> libraryVersion 9.1
debug1: label <Evgeny Khorkin> manufacturerID <SafeNet, Inc.> model <eToken> serial <> flags 0x60d
C_GetAttributeValue failed: 18
debug1: X509_get_pubkey failed or no rsa
debug1: X509_get_pubkey failed or no rsa
debug1: X509_get_pubkey failed or no rsa
no keys
cannot read public key from pkcs11
pkcs11-tool --module /usr/lib/libeTPkcs11.so -O
...
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410474c5423bd0aa44b7825b3e79cd839e06736b18466b131d0884dbf8d946fbdc7f3297e73b998acf56550c303dc972a4dec51b9a3b746d3fe9fb4a44bd84b080fc
EC_PARAMS: 06082a8648ce3d030107
label: TestECCpair
Usage: encrypt, verify, wrap
There is upstream bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Suggested patch: https://bugzilla.mindrot.org/attachment.cgi?id=2728
release: Ubuntu 16.04.2 LTS
openssh version: 7.2p2-4ubuntu2.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1665695/+subscriptions
More information about the foundations-bugs
mailing list