Fw: Problem/bug report for "bad decrypted len" error in OpenSSH

Stefan Hadjistoytchev sth at hq.bsbg.net
Wed Jul 2 16:34:48 EST 2003


The number 36 may not be correct but is a fact :(

----- Original Message ----- 
From: "Dan Kaminsky" <dan at doxpara.com>
To: "Stefan Hadjistoytchev" <sth at hq.bsbg.net>
Cc: <openssh-unix-dev at mindrot.org>; <djm at mindrot.org>; "Markus Friedl"
<markus at openbsd.org>
Sent: Wednesday, July 02, 2003 3:55 AM
Subject: Re: Fw: Problem/bug report for "bad decrypted len" error in OpenSSH


>
> >If anyone wants to do a private key sign, and the key is located in a
device
> >or the Microsoft certificate store in which the private key cannot be
> >accessed directly ( you cannot access the private key directly for
> >encryption or decryption ) he must use Microsoft Crypto API. That exact
> >Microsoft Crypto API method always returns 36 bytes instead of the 35
bytes
> >(OpenSSH standard).
> >
> >
>
> This number cannot be correct; neither RSA nor DSA can (easily) provide
> digital signatures in 280/288 bits.
>
> >    1. This all pertains only to SSH-2.  SSH-1 uses another method, and
in
> >fact cannot be done using private keys that cannot be accessed directly;
> >
> SSHv2 uses sign-and-verify; SSHv1 uses encrypt-and-prove-decrypt. Both
> should be compatible with crypto tokens -- "here, decrypt this" is no
> different than "here, sign this".
>
> --Dan
>
>
>
>





More information about the openssh-unix-dev mailing list