Subject: Re: SSH2 host key length and hash compute

Re: SSH2 host key length and hash compute

From: Alexander Lamaison <>
Date: Thu, 4 Jul 2013 12:18:10 +0100

On 4 July 2013 11:07, Kalpesh Parekh <> wrote:
> So based on the RFC, I understand that the host key received from the server
> has following components
> K_S || f || s

But they contents of the buffer returned by session_hostkey is just K_S.

> I need to parse the K_S part for RSA key. How do I do that.

The RFC says (6.6):

   Certificates and public keys are encoded as follows:

      string certificate or public key format identifier
      byte[n] key/certificate data

   The certificate part may be a zero length string, but a public key is
   required. This is the public key that will be used for
   authentication. The certificate sequence contained in the
   certificate blob can be used to provide authorization.

So the first part of K_S is a length-prefixed sring (all strings in
SSH are length-prefixed). So read the first 4 bytes of K_S to get the
length, then skip forward that many bytes (may be 0) to ignore the
format identifier. The next n bytes are the key data, where n is
host-key-length - 4 - format-id-length.

> Also, how can I implement a generic logic for getting the bit strength from
> the host key.

I guess the way OpenSSH does it: depending on key type, convert to an
RSA or DSA struct and count the significant bits in the modulus or
prime. Maybe we need another API function in the library.

This advice depends on me having interpreted the RFC correctly which I
may not have. Try it out and poke the bits with a debugger to see if
it makes sense.


Swish - Easy SFTP for Windows Explorer (
Received on 2013-07-04