[ssh_x509] Clarification on alignment with RFC6187

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Mon Nov 28 23:29:10 EET 2016

ssh_x509 at roumenpetrov.info wrote:
> Hi,
> I'm trying to understand how the public key algorithms stated in the
> features list: x509v3-sign-rsa and x509v3-sign-dss, match up with the
> algorithms x509v3-ssh-dss and x509v-ssh-rsa, defined in section 3.1 and 3.2
> of RFC6187. Is it just a difference in naming convention with the RFC or is
> there something else?
Legacy formats are described as required in 

Format is : "
Certificates and public keys are encoded as follows:
      string   certificate or public key format identifier
      byte[n]  key/certificate data
The "x509v3-sign-rsa" method indicates that the certificates, the
    public key, and the resulting signature are in X.509v3 compatible
    DER-encoded format.  The formats used in X.509v3 is described in

In draft version 13 signature is changed to "Public key / certifcate 
formats that do not explicitly specify a signature format identifier 
MUST use the public key / certificate format identifier as the signature 

 From drafts  is not clear how implement but ssh.com use rsa with sha1 
while vandyke.com use md5. PKIX-SSH switch to sha1 in version 7.1.
Also for dss signature vandyke.com use asn1 encoding (X.509 format) 
while ssh.com use raw network format (SSH format).

Those differences are managed with PKIX-SSH option X509KeyAlgorithm.

> Thank you,
> Peter

Secure shell with X.509 certificate support

More information about the ssh_x509 mailing list