Hello OpenSSH community, I haven't found a good Rust library to verify that a presented OpenSSH public certificate is valid. My plan is to compare the signature_key to my trusted CA certs and verify the signature in the user's public certificate. Here is what I tried but it isn't working: * create an openssl RSA public key using the n and e from the signature_key * decrypt the signature with that key to get the hash * create a hash from all the base64 bytes up to but not including the signature using SHA1 * compare the hashes, but they do not match To create my own hash, I'm skipping the opening text identifier in the cert, but using the "ssh-rsa-cert-v01@xxxxxxxxxxx" string as part of the octet string. Am I on the right track? If so, I'll give some details of what I'm doing so we can hopefully pinpoint where I'm going wrong. (Or if someone knows a rust crate that actually verifies a certificate instead of just parsing it, that would be awesome!) -- Digant Chimanlal "DC" Kasundra _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
