FAQ
I am having trouble in authenticating with a ssh server using dsa key.

Specifically the problem is in implementing Sign() method of ClientKeyring
interface

type ClientKeyring interface {
     Key(i int) (key interface{}, err error)
     Sign(i int, rand io.Reader, data []byte) (sig []byte, err error)
}

The Sign() method in crypto/dsa package is not compatible with the Sign()
method as expected by ClientKeyring and I do not how to make it compatible.
Strangely crypto/rsa package seems to provide a compatible in SignPKCS1v15()

func (k *keychain) Sign(i int, rand io.Reader, data []byte) (sig []byte,
err error) {
hashFunc := crypto.SHA1
h := hashFunc.New()
h.Write(data)
hashed := h.Sum(nil)
switch key := k.keys[i].(type) {
case *dsa.PrivateKey:
r, s, err := dsa.Sign(rand, key, hashed)
*// r,s must be converted by []byte and returned*
}
return nil, errors.New("ssh: unknown key type")
}

Would appreciate any hints.

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Agl at Jun 11, 2013 at 9:05 pm

    On Tuesday, June 11, 2013 3:58:45 PM UTC-4, Shivakumar GN wrote:

    *// r,s must be converted by []byte and returned*
    It's just raw encoding in SSH, no?

    Assuming that r and s are 160 bits, then something like:

    sig := make([]byte, 20 * 2)
    rBytes := r.Bytes()
    copy(sig[20-len(rBytes):], rBytes)
    sBytes : s.Bytes()
    copy(sig[40-len(sBytes):], sBytes)

    (Warning, completely untested.)


    Cheers

    AGL

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Shivakumar GN at Jun 12, 2013 at 5:14 pm

    On Wed, Jun 12, 2013 at 2:35 AM, agl wrote:
    On Tuesday, June 11, 2013 3:58:45 PM UTC-4, Shivakumar GN wrote:

    *// r,s must be converted by []byte and returned*
    It's just raw encoding in SSH, no?

    Thanks. This worked.

    It was not obvious that r & s are to be concatenated and that r & s are 160
    bits even after looking at the code.

    Is go.crypto/ssh the package that can also have simpler & higher level
    functions or is it best for a separate package?
    With current low level functions basic ssh client using dsa key is >100
    lines (http://play.golang.org/p/oxuY-ELj9n)

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Hanwen at Jun 13, 2013 at 8:13 pm

    On Wednesday, June 12, 2013 7:14:28 PM UTC+2, Shivakumar GN wrote:
    On Wed, Jun 12, 2013 at 2:35 AM, agl <a...@golang.org <javascript:>>wrote:
    On Tuesday, June 11, 2013 3:58:45 PM UTC-4, Shivakumar GN wrote:

    *// r,s must be converted by []byte and returned*
    It's just raw encoding in SSH, no?

    Thanks. This worked.

    It was not obvious that r & s are to be concatenated and that r & s are
    160 bits even after looking at the code.

    Is go.crypto/ssh the package that can also have simpler & higher level
    functions or is it best for a separate package?
    With current low level functions basic ssh client using dsa key is >100
    lines (http://play.golang.org/p/oxuY-ELj9n)
    I have some need for this too, and would gladly implement this if Adam
    agrees.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Agl at Jun 13, 2013 at 10:08 pm

    On Thursday, June 13, 2013 11:51:26 AM UTC-4, han...@google.com wrote:
    I have some need for this too, and would gladly implement this if Adam
    agrees.
    If we can reduce the boilerplate, then sure.


    Cheers

    AGL

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedJun 11, '13 at 7:58p
activeJun 13, '13 at 10:08p
posts5
users3
websitegolang.org

3 users in discussion

Shivakumar GN: 2 posts Agl: 2 posts Hanwen: 1 post

People

Translate

site design / logo © 2022 Grokbase