[Bug 1665695] Re: OpenSSH PKCS#11 interface does not support ECC.
Andreas Hasenack
andreas at canonical.com
Wed Aug 1 18:24:39 UTC 2018
I doubt the patch will be added to a linux distribution before it's
applied upstream, since it's of a very security sensitive nature.
I linked the upstream bug report to this launchpad ticket, though, so we
should get notice when it's closed there.
** Bug watch added: OpenSSH Portable Bugzilla #2474
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
** Also affects: openssh via
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Importance: Unknown
Status: Unknown
** Changed in: openssh (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: openssh (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1665695
Title:
OpenSSH PKCS#11 interface does not support ECC.
Status in portable OpenSSH:
Unknown
Status in openssh package in Ubuntu:
Triaged
Bug description:
OpenSSH client doesn't support Eliptics Curve keys on PKCS11 smartcard
ssh-keygen -v -D /usr/lib/libeTPkcs11.so
debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescription <SafeNet eToken PKCS#11> libraryVersion 9.1
debug1: label <Evgeny Khorkin> manufacturerID <SafeNet, Inc.> model <eToken> serial <> flags 0x60d
C_GetAttributeValue failed: 18
debug1: X509_get_pubkey failed or no rsa
debug1: X509_get_pubkey failed or no rsa
debug1: X509_get_pubkey failed or no rsa
no keys
cannot read public key from pkcs11
pkcs11-tool --module /usr/lib/libeTPkcs11.so -O
...
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410474c5423bd0aa44b7825b3e79cd839e06736b18466b131d0884dbf8d946fbdc7f3297e73b998acf56550c303dc972a4dec51b9a3b746d3fe9fb4a44bd84b080fc
EC_PARAMS: 06082a8648ce3d030107
label: TestECCpair
Usage: encrypt, verify, wrap
There is upstream bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Suggested patch: https://bugzilla.mindrot.org/attachment.cgi?id=2728
release: Ubuntu 16.04.2 LTS
openssh version: 7.2p2-4ubuntu2.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1665695/+subscriptions
More information about the foundations-bugs
mailing list