libssh2 with rsa-sha2-256, rsa-sha2-512
Patrick Monnerat
patrick at monnerat.net
Mon May 15 13:40:20 CEST 2023
On 5/15/23 11:12, João M. S. Silva via libssh2-devel wrote:
>
> Hi.
>
> Is my assumption correct that curl does not support rsa-sha2-256 and
> rsa-sha2-512, because even if that’s set, libssh2 will ignore those
> two and use ssh-rsa?
>
Hi João,
For a curl question, you better use the
https://lists.haxx.se/listinfo/curl-library mailing list.
In libssh2 (and ssh in general) rsa-sha2-256 and rsa-sha2-512 reuse the
normal ssh-rsa keys: only the signature algorithm and hash size change
and do not require a key change. See
https://www.rfc-editor.org/rfc/rfc8332#section-3 and
https://ikarus.sg/rsa-is-not-dead/
libssh2 supports rsa-sha2-256 and rsa-sha2-512 if the compiled-in tls
backend implements them (currently all but libgcrypt). Their use is
decided at run-time after negociation with the server (that should also
support them of course !) See
https://www.rfc-editor.org/rfc/rfc8332#section-3.3
More information about the libssh2-devel
mailing list