OpenSSH PKCS#11 interface does not support ECC.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
portable OpenSSH |
Unknown
|
Unknown
|
|||
openssh (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
OpenSSH client doesn't support Eliptics Curve keys on PKCS11 smartcard
ssh-keygen -v -D /usr/lib/
debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescription <SafeNet eToken PKCS#11> libraryVersion 9.1
debug1: label <Evgeny Khorkin> manufacturerID <SafeNet, Inc.> model <eToken> serial <> flags 0x60d
C_GetAttributeValue failed: 18
debug1: X509_get_pubkey failed or no rsa
debug1: X509_get_pubkey failed or no rsa
debug1: X509_get_pubkey failed or no rsa
no keys
cannot read public key from pkcs11
pkcs11-tool --module /usr/lib/
...
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410474c5423bd
EC_PARAMS: 06082a8648ce3d0
label: TestECCpair
Usage: encrypt, verify, wrap
There is upstream bug: https:/
Suggested patch: https:/
release: Ubuntu 16.04.2 LTS
openssh version: 7.2p2-4ubuntu2.1
Status changed to 'Confirmed' because the bug affects multiple users.