Howto use libgrcypt for signature?

Stephan Mueller smueller at chronox.de
Fri May 27 13:18:11 CEST 2016 

Am Freitag, 27. Mai 2016, 12:17:23 schrieb Stef Bon:

Hi Stef,

> Aha thanks! That helps a lot!
> 
> How does the struct struct rsa_sigver_data look like? I see the values

struct rsa_sigver_data {
        struct buffer n; /* input */
        struct buffer e; /* input */
        struct buffer msg; /* input */
        struct buffer sig; /* input */
        enum cipher cipher; /* input */
};

> e and n which from the publickey,
> but I only have the publickey as one string as part of the
> SSH_MSG_KEXDH_REPLY message.

You have to identify how e and n are encapsulated. I am not too much familiar 
with the SSH wire protocol, so I cannot help here. The idea is that you need 
to convert the e and n into an mpi or any other format understood by 
gcry_sexp_build (see libgcrypt manual for the format types).

> I'v read rfc4253 6.6 and find sit hard to understand.
> Can I use the rsa hostkey just as string or do I have to get the e and
> the n from it?

Again, I am not too familiar with that wire format.
> 
> Stef Bon
> 
> BTW I want to try the libkcapi as backend library when everything
> works. I've read you've written it.
> Are there any indications this library performs better?

In a lot of circumstances, it will be slower as it is a wrapper to use the 
Linux kernel crypto API. It needs at least two syscalls with a round trip to 
the kernel. However, you have much more hardware-specific support in the 
kernel than in user space. That could make your life easier.

You can use the speed test and compare it with your user space lib of your 
choice. For bulk symmetric encryption it is usually slower (albeit not by much 
using zero-copy) unless you use HW that is inaccessible from user space.

In addition, libkcapi provides one benefit that user space currently does not 
provide: it protects you keys and your state. I.e. once you initialized your 
cipher handle, you can cleanly erase the key from your app memory. I.e. when 
the app is compromised, you have absolutely no key material in your address 
space.

Ciao
Stephan

More information about the Gcrypt-devel mailing list