openssh bugs - May 2025 - [Bug 3829] New: SSH signature armor protocol documentation issue

https://bugzilla.mindrot.org/show_bug.cgi?id=3829

            Bug ID: 3829
           Summary: SSH signature armor protocol documentation issue
           Product: Portable OpenSSH
           Version: 10.0p2
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ngraves at ngraves.fr

The SSHSIG protocol states that "The base64 encoded blob SHOULD be
broken up by newlines every 76 characters." [1] 

However, it seems that it's in practise broken up each 70 characters in
a signature generated with ssh-keygen.  It's also quite clear in the
code that it's 70 characters and not 76 [2].

[1]:
https://github.com/openssh/openssh-portable/blob/73ef0563a59f90324f8426c017f38e20341b555f/PROTOCOL.sshsig#L21

[2]:
https://github.com/openssh/openssh-portable/blob/73ef0563a59f90324f8426c017f38e20341b555f/sshbuf-misc.c#L151

PS: The PROTOCOL.sshsig might not be precise enough to be reproduced
independently.  We're trying to reproduce openssh results with libssh
here, the protocol is respected at first glance, but we don't get the
same results :
https://gitlab.com/libssh/libssh-mirror/-/merge_requests/536

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3829

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
You should be aware of
https://datatracker.ietf.org/doc/draft-josefsson-sshsig-format/

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.