[jira] [Work logged] (SSHD-997) Replace EdDSA-Java library with new ed25519-elisabeth implementation

Wed, 20 May 2020 09:40:24 -0700 


     [ 
https://issues.apache.org/jira/browse/SSHD-997?focusedWorklogId=435543&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-435543
 ]

ASF GitHub Bot logged work on SSHD-997:
---------------------------------------

                Author: ASF GitHub Bot
            Created on: 20/May/20 16:39
            Start Date: 20/May/20 16:39
    Worklog Time Spent: 10m 
      Work Description: tomaswolf opened a new pull request #135:
URL: https://github.com/apache/mina-sshd/pull/135


   ed25519: do not clear the seed read from a key file; the i2p library
   references it in the generated private key.
   
   RSA: use a RSAPrivateCrtKeySpec to generate the RSA key to ensure that
   a key read from an OpenSSH file can also be written to an OpenSSH file.
   
   Tests: add tests for round-tripping keys: write the generated key to a
   file, read it again, and compare. Then write the read key to a second
   file, read that, and compare again.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

            Worklog Id:     (was: 435543)
    Remaining Estimate: 0h
            Time Spent: 10m

> Replace EdDSA-Java library with new ed25519-elisabeth implementation
> --------------------------------------------------------------------
>
>                 Key: SSHD-997
>                 URL: https://issues.apache.org/jira/browse/SSHD-997
>             Project: MINA SSHD
>          Issue Type: New Feature
>    Affects Versions: 2.4.0
>            Reporter: David Ostrovsky
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Recent addition to the SSHD library revealed issues with seed attribute in 
> EdDSA-Java library:
> {code:java}
> +    private boolean compare(KeyPair a, KeyPair b) {
> +        if ("EDDSA".equals(data.algorithm)) {
> +            // Bug in net.i2p.crypto.eddsa and in sshd? Both also compare the
> +            // seed of the private key, but for a generated key, this is some
> +            // random value, while it is all zeroes for a key read from a 
> file.
> +            return KeyUtils.compareKeys(a.getPublic(), b.getPublic())
> +                    && Objects.equals(((EdDSAKey) 
> a.getPrivate()).getParams(),
> +                            ((EdDSAKey) b.getPrivate()).getParams());
> +        }
> {code}
> The corresponding issue: [1] upstream pointing to the new library: 
> [1] https://github.com/str4d/ed25519-java/issues/30#issuecomment-573389252
> [2] https://github.com/cryptography-cafe/ed25519-elisabeth



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to