Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.4.0
-
None
Description
Recent addition to the SSHD library revealed issues with seed attribute in EdDSA-Java library:
+ private boolean compare(KeyPair a, KeyPair b) { + if ("EDDSA".equals(data.algorithm)) { + // Bug in net.i2p.crypto.eddsa and in sshd? Both also compare the + // seed of the private key, but for a generated key, this is some + // random value, while it is all zeroes for a key read from a file. + return KeyUtils.compareKeys(a.getPublic(), b.getPublic()) + && Objects.equals(((EdDSAKey) a.getPrivate()).getParams(), + ((EdDSAKey) b.getPrivate()).getParams()); + }
The corresponding issue: [1] upstream pointing to the new library:
[1] https://github.com/str4d/ed25519-java/issues/30#issuecomment-573389252
[2] https://github.com/cryptography-cafe/ed25519-elisabeth