PuTTY wish pageant-rsa-sha2

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Privacy | Changes | Wishlist

summary: Pageant support for SHA-256/512 RSA signatures, used by e.g. OpenSSH client
class: wish: This is a request for an enhancement.
present-in: 0.70
fixed-in: 13b29008b40249ded5af594b8c93ffb99d79b316 (0.71)

The traditional SSH agent protocol has recently been extended, as documented in draft-miller-ssh-agent, to allow signatures with SHA-256 and SHA-512 ("SHA2") hashes as well as the traditional but weak SHA-1. The client signals this with a 'flags' word that previously didn't exist in the protocol.

Previously, Pageant has ignored this. OpenSSH has apparently been requesting these hashes since 7.2; 7.7 started warning when it didn't get what it asked for from the agent (bz#2799):

agent key RSA SHA256:XXXXXXXXXXXXXXX returned incorrect signature type

This warning could show up for instance in agent forwarding scenarios.

Now Pageant looks at the flag word, returns SHA-256 or SHA-512 signatures if requested, and complains if any of the other flag bits are set.


If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2019-03-19 00:43:48 +0000)