[ https://issues.apache.org/jira/browse/SSHD-997?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17109540#comment-17109540 ]
Lyor Goldstein commented on SSHD-997: ------------------------------------- I have looked over the code and it does not seem to be proper replacement - it lacks the necessary classes required to allows us to use it as a {{SecurityProvider}}. Furthermore it's keys do not properly implement {{java.security.Private/PublicKey}} and/or {{java.security.Signature}}. Until it does, I don't think we can afford to write our own provider wrapper for it.... > Replace EdDSA-Java library with new ed25519-elisabeth implementation > -------------------------------------------------------------------- > > Key: SSHD-997 > URL: https://issues.apache.org/jira/browse/SSHD-997 > Project: MINA SSHD > Issue Type: New Feature > Affects Versions: 2.4.0 > Reporter: David Ostrovsky > Priority: Major > > Recent addition to the SSHD library revealed issues with seed attribute in > EdDSA-Java library: > {code:java} > + private boolean compare(KeyPair a, KeyPair b) { > + if ("EDDSA".equals(data.algorithm)) { > + // Bug in net.i2p.crypto.eddsa and in sshd? Both also compare the > + // seed of the private key, but for a generated key, this is some > + // random value, while it is all zeroes for a key read from a > file. > + return KeyUtils.compareKeys(a.getPublic(), b.getPublic()) > + && Objects.equals(((EdDSAKey) > a.getPrivate()).getParams(), > + ((EdDSAKey) b.getPrivate()).getParams()); > + } > {code} > The corresponding issue: [1] upstream pointing to the new library: > [1] https://github.com/str4d/ed25519-java/issues/30#issuecomment-573389252 > [2] https://github.com/cryptography-cafe/ed25519-elisabeth -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org