libssh2 with rsa-sha2-256, rsa-sha2-512

Patrick Monnerat patrick at monnerat.net
Mon May 15 13:40:20 CEST 2023


On 5/15/23 11:12, João M. S. Silva via libssh2-devel wrote:
>
> Hi.
>
> Is my assumption correct that curl does not support rsa-sha2-256 and 
> rsa-sha2-512, because even if that’s set, libssh2 will ignore those 
> two and use ssh-rsa?
>
Hi João,

For a curl question, you better use the 
https://lists.haxx.se/listinfo/curl-library mailing list.

In libssh2 (and ssh in general) rsa-sha2-256 and rsa-sha2-512 reuse the 
normal ssh-rsa keys: only the signature algorithm and hash size change 
and do not require a key change. See 
https://www.rfc-editor.org/rfc/rfc8332#section-3 and 
https://ikarus.sg/rsa-is-not-dead/

libssh2 supports rsa-sha2-256 and rsa-sha2-512 if the compiled-in tls 
backend implements them (currently all but libgcrypt). Their use is 
decided at run-time after negociation with the server (that should also 
support them of course !) See 
https://www.rfc-editor.org/rfc/rfc8332#section-3.3



More information about the libssh2-devel mailing list