search for: hashalg

Hi, I sent this patch back inn april and I still have a need for this. Would it be possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? -- Morten Linderud PGP: 9C02FF419FECBE16 On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > and this prevents ssh-agent implementations that can't support sha512 &gt...

...ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` and this prevents ssh-agent implementations that can't support sha512 from signing messages. An example of this is TPMs which mostly only really supports sha256 widely. This change enables `ssh-keygen -Y sign` to honor the `hashalg` option for the signing algorithm. Signed-off-by: Morten Linderud <morten at linderud.pw> --- sshsig.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sshsig.c b/sshsig.c index 470b286a3..033b43353 100644 --- a/sshsig.c +++ b/sshsig.c @@ -190,8 +190,14 @@ sshs...

Sorry, this now been committed and will be in openssh-10.0 On Sat, 23 Nov 2024, Morten Linderud wrote: > Hi, > > I sent this patch back inn april and I still have a need for this. Would it be > possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? > > -- > Morten Linderud > PGP: 9C02FF419FECBE16 > > On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > > and this prevents ssh-agent implement...

...ote: > Sorry, this now been committed and will be in openssh-10.0 > > On Sat, 23 Nov 2024, Morten Linderud wrote: > > > Hi, > > > > I sent this patch back inn april and I still have a need for this. Would it be > > possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? > > > > -- > > Morten Linderud > > PGP: 9C02FF419FECBE16 > > > > On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > > > `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > > &g...

...It is only RSA signature blobs that will show the new signature algorithm names. On Nov 23, 2024, at 7:37?AM, Morten Linderud <morten at linderud.pw> wrote: > I sent this patch back inn april and I still have a need for this. Would it be > possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? > > -- > Morten Linderud > PGP: 9C02FF419FECBE16 > > On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: >> `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` >> and this prevents ssh-agent implementat...

...he .exe.manifest <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <file name="msvcr80.dll" hash="10f4cb2831f1e9288a73387a8734a8b604e5beaa" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></d...

...="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity> <file name="msvcr80.dll" hash="10f4cb2831f1e9288a73387a8734a8b604e5beaa" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Trans form Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transfo rm><...

...status. Minor issue in manual page is that it does not mention -O is also supported in -r mode. In top SYNOPSIS section, -r hostname does not contain [-O option], like -M generate below it. But it accepts options. I can get desired behaviour by: ssh-keygen -r localhost -f ~/.ssh/id_ed25519.pub -O hashalg=sha256 But I think -O hashalg=sha1 should be mandatory to print SHA1 digests. It should be omitted by default. -- You are receiving this mail because: You are watching the assignee of the bug.

Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a