Subject: Added OS X Native Crypto Support

Added OS X Native Crypto Support

From: Keith Duncan <>
Date: Tue, 2 Dec 2014 15:34:33 +0000

Hello everyone,

Similar to the WinCNG crypto backend I’ve added support for using the OS X native crypto support as a libssh2 crypto backend. <>

SHA1 and MD5 hashes
HMAC_SHA1 and HMAC_MD5 signatures

It supports both [RSA and DSA]( <>) asymmetric encryption.

Multiple RSA private key [formats]( <>)
Multiple DSA private key [formats]( <>).

Private -> Public key file [conversion]( <>).

[AES, Blowfish, RC4, CAST, 3DES]( <>) symmetric encryption.

CCCryptorRef claims to implement AES CTR mode but returns an unimplemented error at runtime.

It looks like Nick Zitzmann also started a similar project in 2012 but discovered that there’s no public BigNum API in OS X <>

I ran in to the same issue but went ahead and used the private BigNum API he references. For this reason I’m not sure that this would be a good candidate for submitting upstream. Then again perhaps it could serve as a compelling reason for the API to be made public if it would enable OS X native SSH2 crypto.

I hope this is of interest, let me know if there’s any interest in a patch.


Received on 2014-12-02