[jira] [Commented] (SSHD-1210) Sha2 algorithm is not supported for signature verification

Fri, 20 Aug 2021 01:44:05 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-1210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17402102#comment-17402102
 ] 

Thomas Wolf commented on SSHD-1210:
-----------------------------------

>From these fragments it's entirely unclear what this is about. Your mention of 
>DHGEX makes me think that this might be a duplicate of SSHD-1163.

> Sha2 algorithm is not supported for signature verification
> ----------------------------------------------------------
>
>                 Key: SSHD-1210
>                 URL: https://issues.apache.org/jira/browse/SSHD-1210
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.6.0, 2.5.1
>            Reporter: poppinlong
>            Priority: Major
>
> For signature verification, only SHA1 is supported,The following code,the key 
> parameter is the signature algorithm resolved from the server stream,Only the 
> RSA algorithm is supported,In fact, the server-side signature algorithm might 
> be SHA2-256
> {code:java}
> //
> String keyAlg = KeyUtils.getKeyType(serverKey);
> ******
> Signature verif = ValidateUtils.checkNotNull(
>         NamedFactory.create(session.getSignatureFactories(), keyAlg),
>         "No verifier located for algorithm=%s", keyAlg);{code}
> {code:java}
> ///**
>  * @param  key a public or private key
>  * @return     the key type or {@code null} if cannot determine it
>  */
> public static String getKeyType(Key key) {
>     if (key == null) {
>         return null;
>     } else if (key instanceof DSAKey) {
>         return KeyPairProvider.SSH_DSS;
>     } else if (key instanceof RSAKey) {
>         return KeyPairProvider.SSH_RSA;
>     } else if (key instanceof ECKey) {
>         ECKey ecKey = (ECKey) key;
>         ECParameterSpec ecSpec = ecKey.getParams();
>         ECCurves curve = ECCurves.fromCurveParameters(ecSpec);
>         if (curve == null) {
>             return null; // debug breakpoint
>         } else {
>             return curve.getKeyType();
>         }
>     } else if (SecurityUtils.EDDSA.equalsIgnoreCase(key.getAlgorithm())) {
>         return KeyPairProvider.SSH_ED25519;
>     } else if (key instanceof OpenSshCertificate) {
>         return ((OpenSshCertificate) key).getKeyType();
>     }
>     return null;
> }{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to