[Bug 3829] New: SSH signature armor protocol documentation issue

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat May 31 01:08:50 AEST 2025


https://bugzilla.mindrot.org/show_bug.cgi?id=3829

            Bug ID: 3829
           Summary: SSH signature armor protocol documentation issue
           Product: Portable OpenSSH
           Version: 10.0p2
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ngraves at ngraves.fr

The SSHSIG protocol states that "The base64 encoded blob SHOULD be
broken up by newlines every 76 characters." [1] 

However, it seems that it's in practise broken up each 70 characters in
a signature generated with ssh-keygen.  It's also quite clear in the
code that it's 70 characters and not 76 [2].

[1]:
https://github.com/openssh/openssh-portable/blob/73ef0563a59f90324f8426c017f38e20341b555f/PROTOCOL.sshsig#L21

[2]:
https://github.com/openssh/openssh-portable/blob/73ef0563a59f90324f8426c017f38e20341b555f/sshbuf-misc.c#L151

PS: The PROTOCOL.sshsig might not be precise enough to be reproduced
independently.  We're trying to reproduce openssh results with libssh
here, the protocol is respected at first glance, but we don't get the
same results :
https://gitlab.com/libssh/libssh-mirror/-/merge_requests/536

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list