SSHSIG format discrepancy?

Damien Miller djm at
Wed Oct 2 18:07:46 AEST 2019

On Wed, 2 Oct 2019, Mantas Mikulėnas wrote:

> Hello,
> I'm trying to implement OpenSSH's new SSHSIG format in my own Python
> script (an older project for signing data using ssh-agent), and it seems
> like the "data wrapper" format used by ssh-keygen doesn't exactly match
> what is documented in PROTOCOL.
> The documentation says that H(message) is written as a `string`, which
> implies it being prefixed with uint32 length as other SSH strings are.
> However, I found that sshsig_wrap_sign() uses sshbuf_putb() and not
> put_string(), and I've *only* managed to achieve compatibility by
> directly appending h_message *without* the string-length prefix.
> Which format is the correct one?

The PROTOCOL.sshsig file is correct. I've committed a fix.

> (Additionally: Shouldn't ssh-keygen reject -n "" to enforce the "empty
> namespace is forbidden" rule?)

I've fixed this too.


More information about the openssh-unix-dev mailing list