Displaying 6 results from an estimated 6 matches for "key_ed25519".
2019 Feb 17
3
[PATCH] use ecdh/X25519 from openssl when possible (openssl-1.1.0+)
See attached:
(1) patch against 7.9p1, tested with openssl 1.1.0j and openssl 1.1.1a on linux/i386; passes regression
test and connects to unpatched sshd without problems;
I hacked a bit regress/unittests/kex, and benchmarked
do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256);
Before:
0.3295s per call
After:
0.2183s per call
That is, 50% speedup; assuming ed25519 (added to openssl in 1.1.1) takes about same time as ecdh/x25519,
there are potential for total 200% speedup in KEX.
(2) rebased patch against git master; passes regression test;
I relied on presen...
2015 Jun 23
2
Call for testing: OpenSSH 6.9
...pe, int bits)
static void
do_kex(char *kex)
{
+#ifdef WITH_OPENSSL
do_kex_with_key(kex, KEY_RSA, 2048);
do_kex_with_key(kex, KEY_DSA, 1024);
#ifdef OPENSSL_HAS_ECC
do_kex_with_key(kex, KEY_ECDSA, 256);
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
do_kex_with_key(kex, KEY_ED25519, 256);
}
@@ -185,13 +190,15 @@ void
kex_tests(void)
{
do_kex("curve25519-sha256 at libssh.org");
+#ifdef WITH_OPENSSL
#ifdef OPENSSL_HAS_ECC
do_kex("ecdh-sha2-nistp256");
do_kex("ecdh-sha2-nistp384");
do_kex("ecdh-sha2-nistp521");
-#endif
+#endi...
2020 Jul 18
10
[Bug 3195] New: ssh-keygen unable to convert ED25519 public keys
...OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: marcoshalano at gmail.com
I generate a ED25519 key using OpenSSL:
openssl genpkey -algorithm ED25519 -out key_ed25519.pem
After that I extracted the public key:
openssl pkey -in key_ed25519.pem -pubout -out public_ed25519.pem
And then I try to get the SSH public key to put on authorized_keys:
ssh-keygen -i -m PKCS8 -f public_ed25519.pem
The error was:
do_convert_from_pkcs8: unsupported pubkey type 1087
So I think...
2015 May 29
16
Call for testing: OpenSSH 6.9
Hi,
OpenSSH 6.9 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is
2015 Jul 26
2
[PATCH] ssh-agent: Add support to load additional certificates
...e KEY_DSA:
+ case KEY_DSA_CERT_V00:
+ case KEY_DSA_CERT:
+ if (k->dsa && k->dsa->priv_key)
+ return 1;
+ break;
+ case KEY_ECDSA:
+ case KEY_ECDSA_CERT:
+ if (k->ecdsa && EC_KEY_get0_private_key(k->ecdsa))
+ return 1;
+ break;
+#endif /* WITH_OPENSSL */
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ if (k->ed25519_sk)
+ return 1;
+ break;
+ case KEY_UNSPEC:
+ break;
+ }
+
+ return 0;
+}
+
/* Return the cert-less equivalent to a certified key type */
int
sshkey_type_plain(int type)
diff -u -r -p openssh-6.9p1/sshkey.h openssh.cert_shadow/sshkey.h
--- opens...
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
...??? ?int r = SSH_ERR_INTERNAL_ERROR;
?
@@ -4632,22 +4713,24 @@ sshkey_parse_private_fileblob_type(struct sshbuf
*blob, int type,
??? ??? ?*keyp = NULL;
??? ?if (commentp != NULL)
??? ??? ?*commentp = NULL;
+?? ?if (vault_infop != NULL)
+?? ??? ?*vault_infop = NULL;
?
??? ?switch (type) {
??? ?case KEY_ED25519:
??? ?case KEY_XMSS:
??? ??? ?/* No fallback for new-format-only keys */
??? ??? ?return sshkey_parse_private2(blob, type, passphrase,
-?? ??? ???? keyp, commentp);
+?? ??? ???? keyp, commentp, vault_infop);
??? ?default:
??? ??? ?r = sshkey_parse_private2(blob, type, passphrase, keyp,
-?? ??? ????...