New snapshot

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Fri Nov 17 05:05:29 EST 2000


On Wed, Nov 15, 2000 at 10:21:43PM +0100, Gert Doering wrote:
> Hi,
> 
> On Wed, Nov 15, 2000 at 08:20:04PM +0100, Markus Friedl wrote:
> > On Tue, Nov 14, 2000 at 09:49:41PM +0100, Gert Doering wrote:
> > > I can somewhat understand the RSA/DSA issue (RSA patent?) but having a
> > > third key, RSA again but incompatible to ssh1 makes this really confusing.
> > 
> > RSA keys are used for different operations in SSH1 vs. SSH2 (encrypt
> > vs. sign) and you should _not_ use the same key for both operations.
> 
> Hmmm.  How does ssh1 signature operations?  (I'm asking because I'm
> curious).

SSH1 does encryption with RSA keys, there are no signature
operations in SSH1. basically, the client generated
a random session key. this key is encrypted with both the
host and the server key and sent back to the client.

in SSH2 the private keys (DSA or RSA) are used to sign
a value derived from the session id.

so it's encryption vs. signing with the same keys.





More information about the openssh-unix-dev mailing list