There is no hash algorithm associated with SSH keys. The key format for RSA keys is always ’ssh-rsa’, and it is capable of being used with any of the available signature algorithms (ssh-rsa for SHA-1 and rsa-sha2-256 or rsa-sha2-512 for SHA-2). See section 3 in https://www.rfc-editor.org/rfc/rfc8332: rsa-sha2-256 RECOMMENDED sign Raw RSA key rsa-sha2-512 OPTIONAL sign Raw RSA key These algorithms are suitable for use both in the SSH transport layer [RFC4253 <https://www.rfc-editor.org/rfc/rfc4253>] for server authentication and in the authentication layer [RFC4252 <https://www.rfc-editor.org/rfc/rfc4252>] for client authentication. Since RSA keys are not dependent on the choice of hash function, the new public key algorithms reuse the "ssh-rsa" public key format as defined in [RFC4253 <https://www.rfc-editor.org/rfc/rfc4253>]: string "ssh-rsa" mpint e mpint n It is only RSA signature blobs that will show the new signature algorithm names. On Nov 23, 2024, at 7:37 AM, Morten Linderud <morten@xxxxxxxxxxx> wrote: > I sent this patch back inn april and I still have a need for this. Would it be > possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? > > -- > Morten Linderud > PGP: 9C02FF419FECBE16 > > On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: >> `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` >> and this prevents ssh-agent implementations that can't support sha512 >> from signing messages. >> >> An example of this is TPMs which mostly only really supports sha256 >> widely. >> >> This change enables `ssh-keygen -Y sign` to honor the `hashalg` option >> for the signing algorithm. >> >> Signed-off-by: Morten Linderud <morten@xxxxxxxxxxx> >> --- >> sshsig.c | 10 ++++++++-- >> 1 file changed, 8 insertions(+), 2 deletions(-) >> >> diff --git a/sshsig.c b/sshsig.c >> index 470b286a3..033b43353 100644 >> --- a/sshsig.c >> +++ b/sshsig.c >> @@ -190,8 +190,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, >> } >> >> /* If using RSA keys then default to a good signature algorithm */ >> - if (sshkey_type_plain(key->type) == KEY_RSA) >> - sign_alg = RSA_SIGN_ALG; >> + if (sshkey_type_plain(key->type) == KEY_RSA){ >> + if (hashalg == NULL) >> + sign_alg = RSA_SIGN_ALG; >> + else if (strcmp(hashalg, "sha256") == 0) >> + sign_alg = "rsa-sha2-256"; >> + else if (strcmp(hashalg, "sha512") == 0) >> + sign_alg = "rsa-sha2-512"; >> + } >> >> if (signer != NULL) { >> if ((r = signer(key, &sig, &slen, >> -- >> 2.44.0 -- Ron Frederick ronf@xxxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
