On 3 July 2013 01:13, Alexander Lamaison <sw...@lammy.co.uk> wrote: > On 2 July 2013 15:03, Kalpesh Parekh <kalpesh.o...@gmail.com> wrote: >>>From: Alexander Lamaison <swish_at_lammy.co.uk> >>>Date: Tue, 2 Jul 2013 09:57:53 +0100 >> >>>On 2 July 2013 07:34, Kalpesh Parekh <kalpesh.ork2_at_gmail.com> >wrote: >> >>> Hi Alex >>> >>> The APIs I am using are libssh2_session_hostkey to retreive the host >key >>> and >>> libssh2_hostkey_hash to compute the hash from the key. >>> >>> The first API returns the length of the host key in a variable passed to >>> >it >>> as a function argument. The variable is of size_t type and indicates >the >>> size of host key. I need to convert this value to bits. Can you let me >>> >know >>> how can I do this? >>>Why do you need to convert it to bits? What does that actually mean? >>>The size_t length is just a number. >> >> The requirement is to show the strength of the host key in bits. I assumed >> the length of the host key should be indicating this value and tried to >> convert it to bits from size_t. > > The length of the host key returned by session_hostkey is the exact > size of the buffer holding the "server public host key and > certificates (K_S)" in bytes (see RFC 4253 [1]). I'm not sure of the > exact relationship between that and the key strength, but another part > of RFC 4253 [2] indicated that that buffer may include a "format > identifier" (presumably ssh-rsa or ssh-dsa) before the key data. > Therefore, I wouldn't trust that they key strength is the returned > length * 8. > >> How does ssh-keygen -l calcuate the strength >> in bits? > > It extract the actual key data and counts the significant bits of one > of the key fields. For DSA the prime, for RSA the modulus. > > [1] http://tools.ietf.org/html/rfc4253#section-8 > [2] http://tools.ietf.org/html/rfc4253#section-6.6
Could one of the crypto bods take a look at this? I've just done some educated guesswork from reading the source and various RFCs, so plenty of scope for error. Alex -- Swish - Easy SFTP for Windows Explorer (http://www.swish-sftp.org) _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
