[jira] [Commented] (SSHD-988) Replace net.ip artifact with Bouncycastle for EDDSA key support
[ https://issues.apache.org/jira/browse/SSHD-988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098481#comment-17098481 ] Thomas Wolf commented on SSHD-988: -- Would one have to use the BC OpenSSHPrivateKeyUtil? Is there no way to use sshd's key decoding and then create a BC Ed25519 key from the data read? BTW, while the OpenSSH format spec allows for more than one key, the OpenSSH implementation doesn't. As I mentioned on SSHD-985, replacing net.i2p by BC is perhaps not the best. I think it'd be better to try to support both providers. > Replace net.ip artifact with Bouncycastle for EDDSA key support > --- > > Key: SSHD-988 > URL: https://issues.apache.org/jira/browse/SSHD-988 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 2.4.0 >Reporter: Lyor Goldstein >Assignee: Lyor Goldstein >Priority: Major > > As of version 1.6 _Bouncycastle_ seems to support EDDSA keys. By replacing > {{net,ip}} module with it we decrease the amount of external dependencies > libraries. > An important part of this effort would be to ensure that we preserve the > ability to read (and perhaps write) keys from files with the current formats > already supported (PEM, _Putty_, _OpenSSH_, etc.) -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-988) Replace net.ip artifact with Bouncycastle for EDDSA key support
[ https://issues.apache.org/jira/browse/SSHD-988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17097194#comment-17097194 ] Lyor Goldstein commented on SSHD-988: - There seem to be some internal limitations when compared to our current code: {code:java|title=OpenSSHPrivateKeyUtil#parsePrivateKeyBlob} String cipherName = kIn.readString(); if (!"none".equals(cipherName))// <<== what about bcrypt encrypted keys { throw new IllegalStateException("encrypted keys not supported"); } int publicKeyCount = kIn.readU32(); if (publicKeyCount != 1) // <<== while it is unlikely to encounter multiple keys the spec (and our code) support it { throw new IllegalStateException("multiple keys not supported"); } String keyType = pkIn.readString(); if (!"ssh-ed25519".equals(keyType))// <<== the spec (and our code) allow for RSA/DSS/EC keys as well { throw new IllegalStateException("can not parse private key of type " + keyType); } {code} > Replace net.ip artifact with Bouncycastle for EDDSA key support > --- > > Key: SSHD-988 > URL: https://issues.apache.org/jira/browse/SSHD-988 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 2.4.0 >Reporter: Lyor Goldstein >Assignee: Lyor Goldstein >Priority: Major > > As of version 1.6 _Bouncycastle_ seems to support EDDSA keys. By replacing > {{net,ip}} module with it we decrease the amount of external dependencies > libraries. > An important part of this effort would be to ensure that we preserve the > ability to read (and perhaps write) keys from files with the current formats > already supported (PEM, _Putty_, _OpenSSH_, etc.) -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-988) Replace net.ip artifact with Bouncycastle for EDDSA key support
[ https://issues.apache.org/jira/browse/SSHD-988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17097189#comment-17097189 ] Lyor Goldstein commented on SSHD-988: - {quote} One notable difference is that net.i2p produces keys that return from Key.getAlgorithm() "EdDSA", while the Bouncy Castle keys return "Ed25519" or "Ed448", respectively. {quote} > Replace net.ip artifact with Bouncycastle for EDDSA key support > --- > > Key: SSHD-988 > URL: https://issues.apache.org/jira/browse/SSHD-988 > Project: MINA SSHD > Issue Type: Improvement >Affects Versions: 2.4.0 >Reporter: Lyor Goldstein >Assignee: Lyor Goldstein >Priority: Major > > As of version 1.6 _Bouncycastle_ seems to support EDDSA keys. By replacing > {{net,ip}} module with it we decrease the amount of external dependencies > libraries. > An important part of this effort would be to ensure that we preserve the > ability to read (and perhaps write) keys from files with the current formats > already supported (PEM, _Putty_, _OpenSSH_, etc.) -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org