Bug 672139 – Research: Identify PKCS#11 ECDSA operations relevant to openssh

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 672139 - Research: Identify PKCS#11 ECDSA operations relevant to openssh


Summary:	Research: Identify PKCS#11 ECDSA operations relevant to openssh


Status:	RESOLVED OBSOLETE

Product:	gnome-keyring
Classification:	Core
Component:	pkcs11
Version:	unspecified
Hardware:	Other Linux

Importance:	Low enhancement
Target Milestone:	---
Assigned To:	GNOME keyring maintainer(s)
QA Contact:	GNOME keyring maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:	672141 672144

Reported:	2012-03-15 14:26 UTC by Stef Walter
Modified:	2018-03-10 08:32 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Stef Walter 2012-03-15 14:26:09 UTC

The gnome-keyring ssh-agent uses PKCS#11 to talk to the key stores (such as the ssh-store that loads keys from ~/.ssh)

Identify which PKCS#11 ECDSA operations match up with the ones we want to use in our ssh-agent. In particular the signing operation. Which mechanism in PKCS#11 corresponds to the signing operation that openssh uses.

http://www.rsa.com/rsalabs/node.asp?id=2133

Make sure the relevant curve and parameters are in pkcs11.h and figure out which ones to use.

In the unlikely case that we cannot find standardized ECDSA mechanisms that match up with what we need, then we'd have to add our own custom PKCS#11 mechanism in pkcs11i.h and document.

Comment 1 Daiki Ueno 2018-03-10 08:32:40 UTC

I think this has been obsolete since bug 641082 landed.