Hi, sorry for a delay, but my mail client dropped this into spam for me. What you are looking for is the sshsig_sign() API function:
https://api.libssh.org/master/group__libssh__pki.html#ga86b1da0b996de80db5ba95291e71b18e This is not yet released as it was merged late last year from the following MR: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/536 (there was slight API change since the merge so check the current source code) It would be very helpful to hear from you if this works for you or you see some area for improvement, ideally before the release. Right now, I see this can not work with the ssh-agent, as the agent is internal to the libssh and this operates on the PKI objects only. I guess we should probably create some API to work with the agent and then have PKI objects that abstract the operation on agent, but that would be separate work to do. I did open the following issue to gather some more ideas: https://gitlab.com/libssh/libssh-mirror/-/issues/347 Jakub On Fri, Dec 19, 2025 at 7:57 PM Aris Adamantiadis <[email protected]> wrote: > Hi, > > > Thanks for looking at this, this is a great idea. > > You're probably seeing nothing because the signature is a byte array and > not a base64-encoded string, so printf will not show you any content after > a null byte, which is probably not what you expect. Look around how > ssh_strings can be managed from your code (however I think most of these > interfaces are private). > > You require a session object not because you need to be connected > (actually it would work with only session = ssh_new()) but because the > error management requires a session pointer. > > > Regards, > > > Aris > Le 12/12/25 à 00:45, Abdelilah El Aissaoui a écrit : > > Hello! > > I've been using libssh for quite a while now for the usual SSH auth for my > Git client and it has been great so far. > > One feature request I got was to add support signing with SSH keys, as Git > CLI does. I've been reading the docs but haven't found anything that could > help me to that aside from some methods in "The SSH Public Key > Infrastructure" (https://api.libssh.org/stable/group__libssh__pki.html) > such as "*ssh_pki_do_sign*" and "*ssh_pki_do_sign_agent*". > > Given that both methods were not part of the public API, I've done some > small changes moving them to "*libssh.h*" and used it like it can be seen > here: > > ``` > > int result = 0;ssh_init();ssh_set_log_level(4);ssh_session session = > ssh_new();ssh_options_set(session, SSH_OPTIONS_HOST, "localhost");result = > ssh_connect(session); > handleResult(result, session); > ssh_buffer buffer = ssh_buffer_new();char* text = "Hello > world";ssh_buffer_add_data(buffer, text, strlen(text));ssh_key key = > ssh_key_new(); > result = ssh_pki_import_privkey_file("/path/to/.ssh/id_rsa", "", NULL, NULL, > &key);handleResult(result, session); > int hash_type = 2;ssh_string output = ssh_pki_do_sign(session, buffer, key, > hash_type); > char* text_signed = ssh_string_to_char(output); > printf("Output is %s", text_signed); > ``` > > > The output always returns empty unfortunately. Given that both methods > require a session I assume I'm doing something wrong. It could also be an > issue with my C code given that I'm anything but proficient in the language. > > > I was wondering if I'm going in the right direction or perhaps I'm completely > off, as I'm not sure it's even possible with what LIBSSH currently offers. I > would be grateful for any guidance. > > > Thank you in advance, > > Abde. > > >
