The smart card authentication code in ThinLinc currently only supports certificates using the RSA algorithm. This is the classical and likely still the most popular algorithm. But certificates using the elliptic curve algorithms are getting popular. It would be nice if such smart cards could be used as well.
I could confirm that ECDSA works well with a standard OpenSSH. But I was unable to get my Yubikey working with ED25519 and X25519. It generated the keys just fine, but OpenSSL failed to find them when it was time to generate a certificate: > + openssl req -engine pkcs11 -new -key 'pkcs11:object=Private key for PIV Authentication;type=private' -keyform engine -x509 -out /tmp/tmp.McYu97ZVQc/cert.pem -text -config /tmp/tmp.McYu97ZVQc/openssl.cnf > Engine "pkcs11" set. > Unable to enumerate private keys > The private key was not found at: pkcs11:object=Private key for PIV Authentication;type=private > PKCS11_get_private_key returned NULL > Could not find private key from org.openssl.engine:pkcs11:pkcs11:object=Private key for PIV Authentication;type=private > 80B284D2227F0000:error:41800006:PKCS#11 module:ERR_CKR_error:Function failed:p11_attr.c:47: > 80B284D2227F0000:error:13000080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:79:
