[ssh_x509] PKIX-SSH release 11.0

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sun Oct 8 17:32:02 EEST 2017

Dear list members,

I would like to announce new major release 11.0 of PKIX-SSH.
In this release
- client will /prefer RFC 6187 key format/ (requires server that 
supports /server-sig-algs extension like //PKIX-SSH v10.1 or newer)/;
- serverfor each host-key will offers all applicable public key algorithms;
- end of ssh protocol 1;
- support OpenSSL "store";
- etc.
For more details see http://www.roumenpetrov.info/secsh/#news20171008 .

Release is available as prebuild android package in SecureBox 1.0.2.

About OpenSSL "store":
The "store" API in upcoming OpenSSL functionality. It will be in version 
1.1.1. The API allows unified load of key material (key, certificates 
and revocation lists) based on URI schemes.

For instance with e_nss engine you could use identity either with name 
"engine:e_nss:<friendly_name>" or with name "store:nss:<friendly_name>". 
Note e_nss engine offer "nss" scheme (see 
http://roumenpetrov.info.example.net/e_nss/#news20170820 ).

OpenSSL will offer build-in support for "file"-scheme. Note currently 
"file"-scheme (openssl master branch) loads only files with absolute path.
For instance for "file"-scheme user could specify identity in following 
$ ssh ... -i store:file:/..../tests/CA/testid_rsa-rsa_sha1.p12 ...
$ ssh ... -i store:/..../tests/CA/testid_rsa-rsa_sha1.p12 ...

With other words store allows you to use PKCS#12 files as ssh identity 
(side effect).

Roumen Petrov

Secure shell with X.509 certificate support

More information about the ssh_x509 mailing list