[Bug 1665695] Re: OpenSSH PKCS#11 interface does not support ECC.

Andreas Hasenack andreas at canonical.com
Wed Aug 1 18:24:39 UTC 2018 

I doubt the patch will be added to a linux distribution before it's
applied upstream, since it's of a very security sensitive nature.

I linked the upstream bug report to this launchpad ticket, though, so we
should get notice when it's closed there.

** Bug watch added: OpenSSH Portable Bugzilla #2474
   https://bugzilla.mindrot.org/show_bug.cgi?id=2474

** Also affects: openssh via
   https://bugzilla.mindrot.org/show_bug.cgi?id=2474
   Importance: Unknown
       Status: Unknown

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: openssh (Ubuntu)
       Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1665695

Title:
  OpenSSH PKCS#11 interface does not support ECC.

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged

Bug description:
  OpenSSH client doesn't support Eliptics Curve keys on PKCS11 smartcard

  ssh-keygen -v -D /usr/lib/libeTPkcs11.so 
  debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescription <SafeNet eToken PKCS#11> libraryVersion 9.1
  debug1: label <Evgeny Khorkin> manufacturerID <SafeNet, Inc.> model <eToken> serial <> flags 0x60d
  C_GetAttributeValue failed: 18
  debug1: X509_get_pubkey failed or no rsa
  debug1: X509_get_pubkey failed or no rsa
  debug1: X509_get_pubkey failed or no rsa
  no keys
  cannot read public key from pkcs11

  pkcs11-tool --module /usr/lib/libeTPkcs11.so -O
  ...
  Public Key Object; EC  EC_POINT 256 bits
    EC_POINT:   04410474c5423bd0aa44b7825b3e79cd839e06736b18466b131d0884dbf8d946fbdc7f3297e73b998acf56550c303dc972a4dec51b9a3b746d3fe9fb4a44bd84b080fc
    EC_PARAMS:  06082a8648ce3d030107
    label:      TestECCpair
    Usage:      encrypt, verify, wrap

  
  There is upstream bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2474
  Suggested patch: https://bugzilla.mindrot.org/attachment.cgi?id=2728

  release: Ubuntu 16.04.2 LTS
  openssh version: 7.2p2-4ubuntu2.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1665695/+subscriptions

More information about the foundations-bugs mailing list