On Sat, Nov 23, 2024 at 07:55:17AM -0800, Ron Frederick wrote: > There is no hash algorithm associated with SSH keys. The key format for RSA keys is always ’ssh-rsa’, and it is capable of being used with any of the available signature algorithms (ssh-rsa for SHA-1 and rsa-sha2-256 or rsa-sha2-512 for SHA-2). > > See section 3 in https://www.rfc-editor.org/rfc/rfc8332: > > rsa-sha2-256 RECOMMENDED sign Raw RSA key > rsa-sha2-512 OPTIONAL sign Raw RSA key > > These algorithms are suitable for use both in the SSH transport layer > [RFC4253 <https://www.rfc-editor.org/rfc/rfc4253>] for server authentication and in the authentication layer > [RFC4252 <https://www.rfc-editor.org/rfc/rfc4252>] for client authentication. > > Since RSA keys are not dependent on the choice of hash function, the > new public key algorithms reuse the "ssh-rsa" public key format as > defined in [RFC4253 <https://www.rfc-editor.org/rfc/rfc4253>]: > > string "ssh-rsa" > mpint e > mpint n > > It is only RSA signature blobs that will show the new signature algorithm names. I think this misunderstands the problem? The issue here is that for `ssh-keygen -Y` signatures with RSA keys the hashing algorithm is hardcoded to sha512 without any possibility to change this. > On Nov 23, 2024, at 7:37 AM, Morten Linderud <morten@xxxxxxxxxxx> wrote: > > I sent this patch back inn april and I still have a need for this. Would it be > > possible to get any pointers how we can have `hashalg` selectable by `ssh-keygen -Y`? > > > > -- > > Morten Linderud > > PGP: 9C02FF419FECBE16 > > > > On Thu, Apr 11, 2024 at 09:16:39PM +0200, Morten Linderud wrote: > >> `ssh-keygen -Y sign` only selects the signing algorithm `rsa-sha2-512` > >> and this prevents ssh-agent implementations that can't support sha512 > >> from signing messages. > >> > >> An example of this is TPMs which mostly only really supports sha256 > >> widely. > >> > >> This change enables `ssh-keygen -Y sign` to honor the `hashalg` option > >> for the signing algorithm. > >> > >> Signed-off-by: Morten Linderud <morten@xxxxxxxxxxx> > >> --- > >> sshsig.c | 10 ++++++++-- > >> 1 file changed, 8 insertions(+), 2 deletions(-) > >> > >> diff --git a/sshsig.c b/sshsig.c > >> index 470b286a3..033b43353 100644 > >> --- a/sshsig.c > >> +++ b/sshsig.c > >> @@ -190,8 +190,14 @@ sshsig_wrap_sign(struct sshkey *key, const char *hashalg, > >> } > >> > >> /* If using RSA keys then default to a good signature algorithm */ > >> - if (sshkey_type_plain(key->type) == KEY_RSA) > >> - sign_alg = RSA_SIGN_ALG; > >> + if (sshkey_type_plain(key->type) == KEY_RSA){ > >> + if (hashalg == NULL) > >> + sign_alg = RSA_SIGN_ALG; > >> + else if (strcmp(hashalg, "sha256") == 0) > >> + sign_alg = "rsa-sha2-256"; > >> + else if (strcmp(hashalg, "sha512") == 0) > >> + sign_alg = "rsa-sha2-512"; > >> + } > >> > >> if (signer != NULL) { > >> if ((r = signer(key, &sig, &slen, > >> -- > >> 2.44.0 > > -- > Ron Frederick > ronf@xxxxxxxxxxxxx > > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev