PuTTY wish rsa-sha2

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: Support rsa-sha2-256 and rsa-sha2-512 SSH public key algorithms
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
fixed-in: 33de96ffa96c19955a4f078a9235e0c7284670dd (0.75)

Currently, when an RSA key is used for user authentication or as a host key for server authentication, the SHA-1 hash algorithm is involved. These days, SHA-1 is considered weak.

RFC8332 specifies a way to use the SHA-256 and SHA-512 hashes with RSA keys instead.

This change doesn't invalidate any existing RSA keys; the RSA public key format is unchanged, so there's no need to replace any user keys, and no effect on the host key cache. The new hash algorithms will be used transparently if client and server both support them.

First we have to implement RFC8308, a change to extension negotiation.

(Pageant has been able to generate such signatures since 0.71 -- see pageant-rsa-sha2 -- but up until now it would only do so in response to a forwarded request from a non-PuTTY SSH client.)

If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2020-12-02 18:40:06 +0000)