Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature request] Guile functions to verify signatures. #35

Open
nicolas-graves opened this issue Jan 24, 2023 · 4 comments
Open

[Feature request] Guile functions to verify signatures. #35

nicolas-graves opened this issue Jan 24, 2023 · 4 comments
Assignees
@artyom-poptsov

Comments

@nicolas-graves
Copy link

Hi !

I'm using a ssh key to sign git commits, as is possible since a few months / years. I'm probably going to help administer a guix channel, but I would like to stick to an ssh key instead of setting up gnupg.

I've seen that there are bindings for public key infrastructure in libssh, that are not implemented in guile-ssh. I'm thinking in particular about the function ssh_pki_signature_verify from the page https://api.libssh.org/stable/group__libssh__pki.html

Would that be possible to implement a few guile bindings to be able to verify the signature of an object signed by an ssh-key from guile ?

Thanks in advance !
@nicolas-graves
Copy link
Author

Hi @artyom-poptsov, just a reminder if you couldn't look for now ;)

@artyom-poptsov artyom-poptsov self-assigned this Aug 17, 2023
@artyom-poptsov
Copy link
Owner

Hello,

sorry for the late answer.

Although the procedures such as ssh_pki_signature_verify are indeed mentioned in the official documentation, I found no evidence that those procedures are exported in the libssh API for public use. If you take a look at libssh.h header from the libssh version 0.10.5 (the latest version available at the moment) you'll find that:

  1. All the procedures that are exported to libssh API are marked with LIBSSH_API macro.
  2. There are no procedures related to creating cryptographic signatures and verifying them that are marked with LIBSSH_API.

You can find ssh_pki_signature_verify and all the related procedures in pki.h, but unfortunately neither this file is installed to the system during the libssh installation process, nor the procedures are market with LIBSSH_API.

Thanks,
avp

@nicolas-graves
Copy link
Author

nicolas-graves commented Aug 17, 2023 via email

@artyom-poptsov
Copy link
Owner

IIUC, I have to open an issue on their side so
that I can follow the progress on this issue on the side of the API first.

Yes, that would be a good idea. Let me know if there will be any findings.

I won't close this issue for now, just in case.

Thanks,
avp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@artyom-poptsov artyom-poptsov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@artyom-poptsov @nicolas-graves