help verifying ssh-agent signature from python?
Dan Connolly
connolly at w3.org
Wed Sep 17 08:29:10 EST 2003
ssh-agent is clearly the greatest thing since sliced
bread. The python cryptography toolkit wicked cool too.
I'd like to use them together. So I read the ssh-agent
man page and the source code and wrote some python code
http://www.w3.org/2000/10/swap/util/sshAuth.py
v 1.4 2003/09/16 04:36:24
to talk to ssh-agent; in particular, to get it to RSA-sign
a string passed from the command line, ala:
$ python sshAuth.py abc
signature: ssh-rsa 5560602945671...37036908994L
After getting the protocol wrong and killing my ssh-agent
a few dozen times, I got it working: decoding the
key from the uuencoded blob in my ~/.ssh/authorized_keys
file, finding the socket, formatting the request,
and decoding the reply.
Now I'm trying to verify the signature in the reply
using the python Crypto.PublicKey.RSA module, but
it keeps failing to verify. I've stared at it
for about 5 hours now... I went and read
RFC 2437... that seemed straightforward. I tried
to read the underlying RSA signature code in
the openssl library; truth be told, I couldn't follow
that. But I'm pretty sure the SSH2_AGENT_SIGN_RESPONSE
message carries just the key type name ("ssh-rsa")
and the signature data in buffer_put_bignum2 SSH2 format;
I should be able to just decode that bignum and
pass it right to k.verify(dh, (sigdata,)) no?
Are there some padding bytes or encoding or something
that I'm missing? Help?!?!
--
Dan Connolly, W3C http://www.w3.org/People/Connolly/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030916/041d30bd/attachment.bin
More information about the openssh-unix-dev
mailing list