Draft: SFTP: support safer ssh key exchange with OpenSSL

My server is using ED25519 and as rsa/dss have been deprecated and my algo not supported by gcrypt, I propose openssl replaces it.

Error:

no matching host key type found. Their offer: ssh-rsa,ssh-dss

TODO:

• Add refactoring of SFTP I have done (dont hardcode key paths)
• Find solution for eventual functionalities still using gcrypt

mentioned in merge request vlc-android!1820 (closed)

mentioned in merge request libvlcjni!81 (closed)

And the issue is that OpenSSL is NOT compatible with LGPLv2.1+ because OpenSSL had before a custom license (duh!) and then now has an Apache2 license, with is LGPLv3+ only.

... Didn't we remove OpenSSL for a very good reason in the past? ahh yes, as per J-B's comment it was license incompatible.

If you need ED25519 support in gcrypt maybe you should ask if they intend to implement it anytime soon.

Indeed it sucks... I looked a bit at gcrypt but it does not seem they will add it anytime soon (lack of time) https://www.reddit.com/r/crypto/comments/9dntxz/gcrypt_and_eddsa_ed25519_for_digital_identity/

I will close this MRs

closed

The correct fix is to fix libssh2 in the libgcrypt file.

It's not that hard, but a bit weird to write, because the gcrypt syntax is weird as hell :) You need to use gcry_sexp_build and that function is un-intuitive: you MUST read the doc.

libgcrypt has ed25519 since quite a bit of time, IIRC: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=547dfb5aecc1ae057e0bc599e8565f8c3fb84894 . See also https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git&a=search&h=HEAD&st=commit&s=25519

And of course, https://www.gnupg.org/documentation/manuals/gcrypt/ECC-key-parameters.html#ECC-key-parameters .

I would love to solve it properly but I dont have time in the near future to do it (and my fork works, although i would like to add thumbnails). Thanks for the advise

At least if someone wants to do it, he can look at my links.

resolved all threads