Fw: Problem/bug report for "bad decrypted len" error in OpenSSH
Dan Kaminsky
dan at doxpara.com
Wed Jul 2 10:55:30 EST 2003
>If anyone wants to do a private key sign, and the key is located in a device
>or the Microsoft certificate store in which the private key cannot be
>accessed directly ( you cannot access the private key directly for
>encryption or decryption ) he must use Microsoft Crypto API. That exact
>Microsoft Crypto API method always returns 36 bytes instead of the 35 bytes
>(OpenSSH standard).
>
>
This number cannot be correct; neither RSA nor DSA can (easily) provide
digital signatures in 280/288 bits.
> 1. This all pertains only to SSH-2. SSH-1 uses another method, and in
>fact cannot be done using private keys that cannot be accessed directly;
>
SSHv2 uses sign-and-verify; SSHv1 uses encrypt-and-prove-decrypt. Both
should be compatible with crypto tokens -- "here, decrypt this" is no
different than "here, sign this".
--Dan
More information about the openssh-unix-dev
mailing list