krypton-ios
krypton-ios copied to clipboard
kryptco
Can't use signed pubkey
I'm trying to sign my krypton public key to SSH into a machine which trusts that certificate authority key. I can do so with a non krypton key (just a normal rsa key with the private key stored on my computer), but krypton doesn't seem to be able to authenticate the request when I try to sign my id_krypton.pub key.
I signed it like this:-
ssh-keygen -s ../temp/ca-key -I david -n root -V +1w -z 1 id_krypton.pub
Krypton on iOS reports:- Request failed The incoming request was invalid/ UnsupportedSSHDigestAlgorithm(). Please try again.
ssh -vvv reports
debug2: sign_and_send_pubkey: using private key "/Users/david/.ssh/id_krypton" for certificate
debug3: sign_and_send_pubkey: signing using [email protected]
It seems that [email protected] is not one of the supported digests (see extension DigestType in Krypton/Keypair+SSHFormat.swift)
What would be required to support this? Would the phone need a copy of the CA public key?
Could it be as simple as this? I'm struggling to build it it myself (missing frameworks and issues with notifications for my developer account - it's been some time since I did any Xcode dev)
--- a/Krypton/Keypair+SSHFormat.swift
+++ b/Krypton/Keypair+SSHFormat.swift
@@ -197,6 +197,8 @@ extension DigestType {
self = .sha256
case "rsa-sha2-512":
self = .sha512
+ case "[email protected]":
+ self = .sha512
case KeyType.Ed25519.sshHeader():
self = .ed25519
case KeyType.nistP256.sshHeader():