www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Re: SSH2 host key length and hash compute

Re: SSH2 host key length and hash compute

From: Alexander Lamaison <swish_at_lammy.co.uk>
Date: Wed, 3 Jul 2013 01:16:14 +0100

On 3 July 2013 01:13, Alexander Lamaison <swish_at_lammy.co.uk> wrote:
> On 2 July 2013 15:03, Kalpesh Parekh <kalpesh.ork2_at_gmail.com> wrote:
>>>From: Alexander Lamaison <swish_at_lammy.co.uk>
>>>Date: Tue, 2 Jul 2013 09:57:53 +0100
>>
>>>On 2 July 2013 07:34, Kalpesh Parekh <kalpesh.ork2_at_gmail.com> >wrote:
>>
>>> Hi Alex
>>>
>>> The APIs I am using are libssh2_session_hostkey to retreive the host >key
>>> and
>>> libssh2_hostkey_hash to compute the hash from the key.
>>>
>>> The first API returns the length of the host key in a variable passed to
>>> >it
>>> as a function argument. The variable is of size_t type and indicates >the
>>> size of host key. I need to convert this value to bits. Can you let me
>>> >know
>>> how can I do this?
>>>Why do you need to convert it to bits? What does that actually mean?
>>>The size_t length is just a number.
>>
>> The requirement is to show the strength of the host key in bits. I assumed
>> the length of the host key should be indicating this value and tried to
>> convert it to bits from size_t.
>
> The length of the host key returned by session_hostkey is the exact
> size of the buffer holding the "server public host key and
> certificates (K_S)" in bytes (see RFC 4253 [1]). I'm not sure of the
> exact relationship between that and the key strength, but another part
> of RFC 4253 [2] indicated that that buffer may include a "format
> identifier" (presumably ssh-rsa or ssh-dsa) before the key data.
> Therefore, I wouldn't trust that they key strength is the returned
> length * 8.
>
>> How does ssh-keygen -l calcuate the strength
>> in bits?
>
> It extract the actual key data and counts the significant bits of one
> of the key fields. For DSA the prime, for RSA the modulus.
>
> [1] http://tools.ietf.org/html/rfc4253#section-8
> [2] http://tools.ietf.org/html/rfc4253#section-6.6

Could one of the crypto bods take a look at this? I've just done some
educated guesswork from reading the source and various RFCs, so plenty
of scope for error.

Alex

--
Swish - Easy SFTP for Windows Explorer (http://www.swish-sftp.org)
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2013-07-03

the libssh2 team