You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "poppinlong (Jira)" <ji...@apache.org> on 2021/08/20 08:20:00 UTC
[jira] [Created] (SSHD-1210) Sha2 algorithm is not supported for
signature verification
poppinlong created SSHD-1210:
--------------------------------
Summary: Sha2 algorithm is not supported for signature verification
Key: SSHD-1210
URL: https://issues.apache.org/jira/browse/SSHD-1210
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 2.5.1, 2.6.0
Reporter: poppinlong
For signature verification, only SHA1 is supported,The following code,the key parameter is the signature algorithm resolved from the server stream,Only the RSA algorithm is supported,In fact, the server-side signature algorithm might be SHA2-256
{code:java}
//
String keyAlg = KeyUtils.getKeyType(serverKey);
******
Signature verif = ValidateUtils.checkNotNull(
NamedFactory.create(session.getSignatureFactories(), keyAlg),
"No verifier located for algorithm=%s", keyAlg);{code}
{code:java}
///**
* @param key a public or private key
* @return the key type or {@code null} if cannot determine it
*/
public static String getKeyType(Key key) {
if (key == null) {
return null;
} else if (key instanceof DSAKey) {
return KeyPairProvider.SSH_DSS;
} else if (key instanceof RSAKey) {
return KeyPairProvider.SSH_RSA;
} else if (key instanceof ECKey) {
ECKey ecKey = (ECKey) key;
ECParameterSpec ecSpec = ecKey.getParams();
ECCurves curve = ECCurves.fromCurveParameters(ecSpec);
if (curve == null) {
return null; // debug breakpoint
} else {
return curve.getKeyType();
}
} else if (SecurityUtils.EDDSA.equalsIgnoreCase(key.getAlgorithm())) {
return KeyPairProvider.SSH_ED25519;
} else if (key instanceof OpenSshCertificate) {
return ((OpenSshCertificate) key).getKeyType();
}
return null;
}{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org