[ssh_x509] empty x509v3-ecdsa-sha2-nistp256 key?

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Feb 15 13:18:56 EET 2017


Hi Roumen,

> On 15 Feb 2017, at 07:23, ssh_x509 at roumenpetrov.info <mailto:ssh_x509 at roumenpetrov.info> wrote:
> 
> Hi Lee,
> 
> ssh_x509 at roumenpetrov.info <mailto:ssh_x509 at roumenpetrov.info> wrote:
>> Hi Roumen,
>> 
>> [SNIP]
>>> For RSA keys name of signature is only ssh-rsa. Maverick sends name of algorithm, i.e. x509v3-ssh-rsa.
>> Yes its sending the public key algorithm name. This has been fixed to send private key algorithm which remains to be ssh-rsa.
> Thanks,
> I would like to confirm that 1.7.4 snapshot from 2017-02-09 fixes above issue.
> 
>> [SNIP]
>> I had tested originally with your patch most likely using a self-signed certificate which explains why certificate encoding passed.
> This part in not changed in 1.7.4-snapshot(20170209). Maverick still send <total_len><der1><der2>.
> 

Sorry I had fixed decoding and missed encoding. This is now fixed.

>> I'm pretty sure the tests passed at that stage.
> 
> Part of java log when connections fail:
> ...
> [DEBUG com.maverick.ssh.components.jce.client.DiffieHellmanGroup14Sha1] 146 - Sending SSH_MSG_KEXDH_INIT
> [DEBUG com.maverick.ssh.components.jce.client.DiffieHellmanGroup14Sha1] 176 - Received SSH_MSG_KEXDH_REPLY
> [DEBUG com.maverick.ssh2.TransportProtocol] 1440 - Negotiated public key: x509v3-ecdsa-sha2-nistp384
> [ERROR com.maverick.ssh.SshConnector] 641 - Failed to create connection
> com.maverick.ssh.SshException: Public key blob is not a x509v3-ecdsa-sha2-nistp256 formatted key [x509v3-ecdsa-sha2-nistp384] [Unknown cause]
>        at com.maverick.ssh.components.jce.SshX509EcdsaSha2NistPublicKeyRfc6187.init(SshX509EcdsaSha2NistPublicKeyRfc6187.java:48)
> 

We were registering all ECDSA implementations incorrectly as the 256 bit implementation. This is now fixed. 

I’ve updated X509Connect.java example to use certificate chain.

The updated snapshot is available from the same link https://s3-eu-west-1.amazonaws.com/sshtools-public/maverick/1.7.4-SNAPSHOT/maverick.zip <https://s3-eu-west-1.amazonaws.com/sshtools-public/maverick/1.7.4-SNAPSHOT/maverick.zip>

For users interested in our open source API, the RFC 6187 implementations are now available in that version also, currently in the develop branch. https://github.com/sshtools/j2ssh-maverick/ <https://github.com/sshtools/j2ssh-maverick/>

Regards

Lee

> 
> 
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info <mailto:ssh_x509 at roumenpetrov.info>
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info <http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info>


More information about the ssh_x509 mailing list