|
|
|
|
|
|
by wahern
1747 days ago
|
|
|
OpenSSH that ships with macOS doesn't support ECC keys loaded via PKCS#11, only RSA keys. This is the case even on Big Sur because though it ships OpenSSH 8.1p1 its linked against LibreSSL 2.7.3, which lacks support for delegating non-RSA signing operations. This is annoying if you're using an HSM or secure enclave via PKCS#11; for example the T2, which only supports ECDSA P-256. There's nothing wrong with RSA keys. What's being disabled is the use of SHA-1 for signature hashing. SHA-2 works just fine and the same RSA keys continue working. |
|
|