Subject: Re: [libssh2] Libgcrypt port update

Re: [libssh2] Libgcrypt port update

From: Sara Golemon <pollita_at_libssh2.org>
Date: Thu, 18 Jan 2007 18:50:55 -0800

Jussi.Mononen_at_comptel.com wrote:
>>> Sorry for being lazy, but could you point me towards the
>>> document that defines the SECSH key formats?
>
> No problem, http://www.ietf.org/rfc/rfc4716.txt
>
This described public key formarts. Simon is working on reading private
keys. The SECSH public key format is only marginally different from the
OpenSSH version. In a nutshell:

OpenSSH version (appears on a single line)
ssh-rsa AAAA88fssnjjn2990gn4tg3hjtj4ht...jk23ljkjkt== Comments and other
ignored things

SECSH version (multiple lines, no longer than 72 characters each):
---- BEGIN SSH2 PUBLIC KEY ----
Header-Name: Header-Value (zero or more instances of headers)
AAAA88fssnjjn2990gn4tg3hjtj4htkjsdhfkjsd
90fvhs98vh98svh98sdhv98hv9sd8h9sd8vhs98h
sdvhsd089vh98vhs98vhsd98vhsd98vhsd98hs98
98dfh9s8dhfs98dfhb9h9ec8hc9ccacjc09jc90d
...
jk23ljkjkt==
---- END SSH2 PUBLIC KEY ----

As mentioned in an earlier thread, since these both have distinctive
signatures in their formats (particularly the secsh variant), having a
single API call handle detection and parsing is a trivial matter.

Of course, I should mention that we should also permit /NOT/ specifying
the public key at all since the private key contains a copy of it. I
was lazy in my initial implementation, but there's no reason to
explicitly *require* it.

> Can't tell the exact list, but the key format is one. There propably is
> not much that is not standard conforming, more likely the standard is
> more versatile and capable than the current libssh2 implementation. This
> is something that needs quite much studying since the whole SECSH
> document set is large. So my question transforms into "Who will check
> how conformant libssh2 actually is?".
>
Certainly, especially in the following aspects:
Supported Ciphers: The current implementation only supports a select
collection of the ciphers known to exist in OpenSSL. With the addition
of gcrypt and more advanced versions of OpenSSL, this catalog could be
expanded to include more ciphers.

SFTP Version Support: The current SFTP implementation only supports
version 3. Now, version 3 *IS* a nice version giving you everything you
honestly need from SFTP, but later versions do have some nice extras.
Unfortunately the jump from 3 to 4 is a big one. If we can hurdle that,
then the step-ups to 5 and 6 are minor by comparison (there may be later
versions out by now, I havn't kept up).

-Sara

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2007-01-19