[ssh_x509] other key formats from RFC 6187

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue May 10 00:09:27 EEST 2016

Hi Kent,

Post from non-list members are moderated and for some reasons I did not 
check regularly.

ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen,
> Is it correct that PKIX-SSH only implements the x509v3-ecdsa-sha2-* 
> algorithms from RFC 6187?

> That is, it does not support x509v3-ssh-dss, x509v3-ssh-rsa, or 
> x509v3-rsa2048-sha256 - is that right?
For historical reasons supported algorithms are those from draft v12 of 
"SSH Transport Layer Protocol" (draft-ietf-secsh-transport-12.txt)
x509v3-sign-rsa and x509v3-sign-dss ensure compatibility between SSH 

I'm not aware of SSH application s that support RSA algorithms from RFC 
Please let me know servers or clients that support them.

Support for DSS(dsa) at some point will be removed completely from 

Main issue is how to support legacy x509v3-sign-rsa and new algorithm 
names is a user friendly manner.

Lets client is with 2048 bit RSA with X.509 certificate (stored on 

1) What to store in "public key" file?
Note that "public" file contain a line in format 
Private key file may not exist (in case of smart-card)  or could contain 
private key and X.509 certificates. This file does not describe algorithm.
So only public file describes algorithm, but in this case we could use 
x509v3-sign-rsa, or x509v3-ssh-rsa or x509v3-rsa2048-sha256.

2) If the public part is with legacy name "x509v3-sign-rsa  ...." but 
server support x509v3-ssh-rsa how to configure client?

3) Lets server support all three rsa algorithms but server options 
PubkeyAlgorithms list only x509v3-rsa2048-sha256 .
Perhaps server should reject x509v3-sign-rsa and x509v3-ssh-rsa.

4) How server or client to know supported algorithms (

      see SSH_MSG_EXT_INFO from draft-ietf-curdle-ssh-ext-info-00 )

In brief how to configure "key aliasing" in client, server or agent?

> Thanks,
> Kent


More information about the ssh_x509 mailing list