Open nicolas-graves opened 1 year ago
Hi @artyom-poptsov, just a reminder if you couldn't look for now ;)
Hello,
sorry for the late answer.
Although the procedures such as ssh_pki_signature_verify
are indeed mentioned in the official documentation, I found no evidence that those procedures are exported in the libssh API for public use. If you take a look at libssh.h header from the libssh version 0.10.5 (the latest version available at the moment) you'll find that:
LIBSSH_API
macro.LIBSSH_API
.You can find ssh_pki_signature_verify
and all the related procedures in pki.h, but unfortunately neither this file is installed to the system during the libssh installation process, nor the procedures are market with LIBSSH_API
.
Thanks, avp
On 2023-08-17 07:38, Artyom V. Poptsov wrote:
Hello,
sorry for the late answer.
Although the procedures such as
ssh_pki_signature_verify
are indeed mentioned in the official documentation, I found no evidence that those procedures are exported in the libssh API for public use. If you take a look at libssh.h header from the libssh version 0.10.5 (the latest version available at the moment) you'll find that:
- All the procedures that are exported to libssh API are marked with
LIBSSH_API
macro.- There are no procedures related to creating cryptographic signatures and verifying them that are marked with
LIBSSH_API
.You can find
ssh_pki_signature_verify
and all the related procedures in pki.h, but unfortunately neither this file is installed to the system during the libssh installation process, nor the procedures are market withLIBSSH_API
.
Thanks for this research. IIUC, I have to open an issue on their side so that I can follow the progress on this issue on the side of the API first.
-- Best regards, Nicolas Graves
IIUC, I have to open an issue on their side so that I can follow the progress on this issue on the side of the API first.
Yes, that would be a good idea. Let me know if there will be any findings.
I won't close this issue for now, just in case.
Thanks, avp
Hi !
I'm using a ssh key to sign git commits, as is possible since a few months / years. I'm probably going to help administer a guix channel, but I would like to stick to an ssh key instead of setting up gnupg.
I've seen that there are bindings for public key infrastructure in libssh, that are not implemented in guile-ssh. I'm thinking in particular about the function
ssh_pki_signature_verify
from the page https://api.libssh.org/stable/group__libssh__pki.htmlWould that be possible to implement a few guile bindings to be able to verify the signature of an object signed by an ssh-key from guile ?
Thanks in advance !