subject:"\[jira\] \[Commented\] \(SSHD\-988\) Replace net.ip artifact with Bouncycastle for EDDSA key support"

[jira] [Commented] (SSHD-988) Replace net.ip artifact with Bouncycastle for EDDSA key support

2020-05-03 Thread Thomas Wolf (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098481#comment-17098481
 ] 

Thomas Wolf commented on SSHD-988:
--

Would one have to use the BC OpenSSHPrivateKeyUtil? Is there no way to use 
sshd's key decoding and then create a BC Ed25519 key from the data read?

BTW, while the OpenSSH format spec allows for more than one key, the OpenSSH 
implementation doesn't.

As I mentioned on SSHD-985, replacing net.i2p by BC is perhaps not the best. I 
think it'd be better to try to support both providers.

> Replace net.ip artifact with Bouncycastle for EDDSA key support
> ---
>
> Key: SSHD-988
> URL: https://issues.apache.org/jira/browse/SSHD-988
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 2.4.0
>Reporter: Lyor Goldstein
>Assignee: Lyor Goldstein
>Priority: Major
>
> As of version 1.6 _Bouncycastle_ seems to support EDDSA keys. By replacing 
> {{net,ip}} module with it we decrease the amount of external dependencies 
> libraries.
> An important part of this effort would be to ensure that we preserve the 
> ability to read (and perhaps write) keys from files with the current formats 
> already supported (PEM, _Putty_, _OpenSSH_, etc.)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-988) Replace net.ip artifact with Bouncycastle for EDDSA key support

2020-04-30 Thread Lyor Goldstein (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17097194#comment-17097194
 ] 

Lyor Goldstein commented on SSHD-988:
-

There seem to be some internal limitations when compared to our current code:
{code:java|title=OpenSSHPrivateKeyUtil#parsePrivateKeyBlob}
String cipherName = kIn.readString();
if (!"none".equals(cipherName))// <<== what about bcrypt encrypted keys
{
   throw new IllegalStateException("encrypted keys not supported");
}

int publicKeyCount = kIn.readU32();
if (publicKeyCount != 1) // <<== while it is unlikely to encounter multiple 
keys the spec (and our code) support it
{
 throw new IllegalStateException("multiple keys not supported");
}

String keyType = pkIn.readString();
if (!"ssh-ed25519".equals(keyType))// <<== the spec (and our code) allow 
for RSA/DSS/EC keys as well
{
throw new IllegalStateException("can not parse private key of type " + 
keyType);
}
{code}

> Replace net.ip artifact with Bouncycastle for EDDSA key support
> ---
>
> Key: SSHD-988
> URL: https://issues.apache.org/jira/browse/SSHD-988
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 2.4.0
>Reporter: Lyor Goldstein
>Assignee: Lyor Goldstein
>Priority: Major
>
> As of version 1.6 _Bouncycastle_ seems to support EDDSA keys. By replacing 
> {{net,ip}} module with it we decrease the amount of external dependencies 
> libraries.
> An important part of this effort would be to ensure that we preserve the 
> ability to read (and perhaps write) keys from files with the current formats 
> already supported (PEM, _Putty_, _OpenSSH_, etc.)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-988) Replace net.ip artifact with Bouncycastle for EDDSA key support

2020-04-30 Thread Lyor Goldstein (Jira)



[ 
https://issues.apache.org/jira/browse/SSHD-988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17097189#comment-17097189
 ] 

Lyor Goldstein commented on SSHD-988:
-

{quote}
One notable difference is that net.i2p produces keys that return from 
Key.getAlgorithm() "EdDSA", while the Bouncy Castle keys return "Ed25519" or 
"Ed448", respectively.
{quote}

> Replace net.ip artifact with Bouncycastle for EDDSA key support
> ---
>
> Key: SSHD-988
> URL: https://issues.apache.org/jira/browse/SSHD-988
> Project: MINA SSHD
>  Issue Type: Improvement
>Affects Versions: 2.4.0
>Reporter: Lyor Goldstein
>Assignee: Lyor Goldstein
>Priority: Major
>
> As of version 1.6 _Bouncycastle_ seems to support EDDSA keys. By replacing 
> {{net,ip}} module with it we decrease the amount of external dependencies 
> libraries.
> An important part of this effort would be to ensure that we preserve the 
> ability to read (and perhaps write) keys from files with the current formats 
> already supported (PEM, _Putty_, _OpenSSH_, etc.)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Commented] (SSHD-988) Replace net.ip artifact with Bouncycastle for EDDSA key support

[jira] [Commented] (SSHD-988) Replace net.ip artifact with Bouncycastle for EDDSA key support

[jira] [Commented] (SSHD-988) Replace net.ip artifact with Bouncycastle for EDDSA key support

3 matches

Site Navigation

Mail list logo

Footer information