On Wed, 2 Oct 2019, Mantas Mikulėnas wrote: > Hello, > > I'm trying to implement OpenSSH's new SSHSIG format in my own Python > script (an older project for signing data using ssh-agent), and it seems > like the "data wrapper" format used by ssh-keygen doesn't exactly match > what is documented in PROTOCOL. > > The documentation says that H(message) is written as a `string`, which > implies it being prefixed with uint32 length as other SSH strings are. > > However, I found that sshsig_wrap_sign() uses sshbuf_putb() and not > put_string(), and I've *only* managed to achieve compatibility by > directly appending h_message *without* the string-length prefix. > > Which format is the correct one? The PROTOCOL.sshsig file is correct. I've committed a fix. > (Additionally: Shouldn't ssh-keygen reject -n "" to enforce the "empty > namespace is forbidden" rule?) I've fixed this too. Thanks! _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
