[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] kex: enable more ECDSA hostkey algos


On Thursday 20 March 2014 08:10:41 Alan Dunn wrote:
> This works for me (tested OpenSSH client with libssh server, ECDSA key
> "parameters" 256, 384, 512 in ssh_pki_generate) when applied on top of
> my prior ECDSA host key patches.  There is code in libssh to take an
> ECDSA key and return the proper host key algorithm name depending on
> the key type.  So the server sets its host key type properly and
> everything works out.  It seems that libssh will even let you generate
> ECDSA keys on these different curves; I didn't have to use "openssl
> ecparam" or similar.  Though the server will not support multiple
> ECDSA keys of different types at the same time currently.

Wow, we rock ;)

> On Thu, Mar 20, 2014 at 6:01 AM, Aris Adamantiadis <aris@xxxxxxxxxxxx> 
wrote:
> > Hi Jon,
> > 
> > I find it odd that this patch is all that was needed for 384 and 521
> > bits mode, are you sure it's working fine ?
> > Could you include testcases for this ? (that may be hard to do since I'm
> > not sure openssh server supports more than one type of ecdsa hostkey).
> > 
> > Aris
> > 
> > Le 20/03/14 03:50, Jon Simons a écrit :
> >> Hi,
> >> 
> >> Attached is a simple patch to also enable the ecdsa-sha2-nistp[384,521]
> >> host key algorithms by default.
> >> 
> >> 
> >> -Jon

-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx


References:
[PATCH] kex: enable more ECDSA hostkey algosJon Simons <jon@xxxxxxxxxxxxx>
Re: [PATCH] kex: enable more ECDSA hostkey algosAris Adamantiadis <aris@xxxxxxxxxxxx>
Re: [PATCH] kex: enable more ECDSA hostkey algosAlan Dunn <amdunn@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org