Subject: Re: SSH2 host key length and hash compute

Re: SSH2 host key length and hash compute

From: Alexander Lamaison <>
Date: Wed, 3 Jul 2013 01:13:51 +0100

On 2 July 2013 15:03, Kalpesh Parekh <> wrote:
>>From: Alexander Lamaison <>
>>Date: Tue, 2 Jul 2013 09:57:53 +0100
>>On 2 July 2013 07:34, Kalpesh Parekh <> >wrote:
>> Hi Alex
>> The APIs I am using are libssh2_session_hostkey to retreive the host >key
>> and
>> libssh2_hostkey_hash to compute the hash from the key.
>> The first API returns the length of the host key in a variable passed to
>> >it
>> as a function argument. The variable is of size_t type and indicates >the
>> size of host key. I need to convert this value to bits. Can you let me
>> >know
>> how can I do this?
>>Why do you need to convert it to bits? What does that actually mean?
>>The size_t length is just a number.
> The requirement is to show the strength of the host key in bits. I assumed
> the length of the host key should be indicating this value and tried to
> convert it to bits from size_t.

The length of the host key returned by session_hostkey is the exact
size of the buffer holding the "server public host key and
certificates (K_S)" in bytes (see RFC 4253 [1]). I'm not sure of the
exact relationship between that and the key strength, but another part
of RFC 4253 [2] indicated that that buffer may include a "format
identifier" (presumably ssh-rsa or ssh-dsa) before the key data.
Therefore, I wouldn't trust that they key strength is the returned
length * 8.

> How does ssh-keygen -l calcuate the strength
> in bits?

It extract the actual key data and counts the significant bits of one
of the key fields. For DSA the prime, for RSA the modulus.



Swish - Easy SFTP for Windows Explorer (
Received on 2013-07-03