EldoS | Feel safer!

Software components for data protection, secure storage and transfer

OnKeyValidate Putty Known hosts

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#18981
Posted: 02/09/2012 04:19:28
by Petr Munzar (Standard support level)
Joined: 06/06/2011
Posts: 15

Hello,

Could you please give me advice how to verify a server key. In method OnKeyValidate ? I have it stored in file in Putty known host format. For example:

Code
0x23,0xcc...b2c9


Algo of this key is ssh-rsa when you base64 decode this.


Petr Munzar, programmer of Identity Cloaker (www.identitycloaker.com), Czech Republic
#18982
Posted: 02/09/2012 04:24:15
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Please refer to this article: http://www.eldos.com/documentation/sb...tekey.html
#18984
Posted: 02/09/2012 11:08:47
by Petr Munzar (Standard support level)
Joined: 06/06/2011
Posts: 15

Yes,
Sorry, I did't write it clear. I have specific problem with loading putty known host key.

This code

Code
  SBSSHKeyStorage.TElSSHKey localKey = new SBSSHKeyStorage.TElSSHKey();
            localKey.KeyFormat = SBSSHKeyStorage.TSBSSHKeyFormat.kfPuTTY;
            int ret = localKey.LoadPublicKey(DataPath.getDataPath() + @"sshhostkeys\46.19.138.211");

.
will generate error SB_ERROR_SSH_KEYS_INVALID_PUBLIC_KEY . Key stored in "46.19.138.211" file is mentioned above. I need to load putty known host somehow and compare with Server Key provided in OnKeyValidate .


Petr Munzar, programmer of Identity Cloaker (www.identitycloaker.com), Czech Republic
#18985
Posted: 02/09/2012 12:34:30
by Eugene Mayevski (EldoS Corp.)

What you quoted in the beginning of the topic is not a putty key format. This is not a known key format in general. And we can't say how one should load it correctly. Most likely one would need to look into putty's source code to decipher the contents of the file.


Sincerely yours
Eugene Mayevski
#18986
Posted: 02/09/2012 13:35:31
by Eugene Mayevski (EldoS Corp.)

I meant "not a known format of key file".


Sincerely yours
Eugene Mayevski
#18999
Posted: 02/10/2012 15:25:32
by Petr Munzar (Standard support level)
Joined: 06/06/2011
Posts: 15

Ok, I have made a class which can load putty known host file with ssh-rsa algo. And generate a MD5 fingerprint. This fingerprint can be compared to TElSSHKey MD5 fingerprint. Free for use or inspiration.

Code
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Globalization;
using System.Security.Cryptography;
using System.IO;

namespace IDC2_WPF.Connection
{  
    class PuttyKnownHost
    {
        byte[] RSAPublicExponent;
        byte[] RSAPublicModulus;
        
        public void LoadFromString(string str)
        {
            // exponent and modulus must be separated by comma
            if (str.IndexOf(',') <= 0)
            {
                throw new ArgumentException(String.Format(CultureInfo.InvariantCulture, "The putty key must have comma separated exponents", str));
            }
            string exponent = str.Substring(0,str.IndexOf(','));
            string modulus = str.Substring(str.IndexOf(',')+1);
            
            if(!exponent.StartsWith("0x"))
                throw new FormatException(String.Format(CultureInfo.InvariantCulture, "Public exponent must start with 0x", str));

            if (!modulus.StartsWith("0x"))
                throw new FormatException(String.Format(CultureInfo.InvariantCulture, "Public modulus must start with 0x", str));

            RSAPublicExponent = ConvertHexStringToByteArray(exponent.Substring(2)); // decode from hex string
            RSAPublicModulus = ConvertHexStringToByteArray(modulus.Substring(2));                                
        }   

        public string getMD5FingerPring()
        {
            MD5 md5 = System.Security.Cryptography.MD5.Create();
            
            MemoryStream ms = new MemoryStream();

            byte[] data;
            data = BitConverter.GetBytes((int)7);
            Array.Reverse(data);
            ms.Write(data, 0, data.Length);

            data = Encoding.ASCII.GetBytes("ssh-rsa");
            ms.Write(data, 0, data.Length);            
            
            data = BitConverter.GetBytes(RSAPublicExponent.Length); // int length to 4  bytes
            Array.Reverse(data); // big endian
            ms.Write(data, 0, data.Length);
            ms.Write(RSAPublicExponent,0,RSAPublicExponent.Length);

            data = BitConverter.GetBytes(RSAPublicModulus.Length+1);
            Array.Reverse(data);
            
            ms.Write(data, 0, data.Length);
            ms.WriteByte(0);
            ms.Write(RSAPublicModulus,0,RSAPublicModulus.Length);

            ms.Flush();            

            return BitConverter.ToString(md5.ComputeHash(ms.ToArray())).Replace("-","").ToLower(); // convert hash to string
        }

        public static byte[] ConvertHexStringToByteArray(string hexString)
        {
            if (hexString.Length % 2 != 0)
            {
                throw new ArgumentException(String.Format(CultureInfo.InvariantCulture, "The binary key cannot have an odd number of digits: {0}", hexString));
            }

            byte[] HexAsBytes = new byte[hexString.Length / 2];

            string byteValue;

            for (int index = 0; index < HexAsBytes.Length; index++)
            {
                byteValue = hexString.Substring(index * 2, 2);
                HexAsBytes[index] = byte.Parse(byteValue, NumberStyles.HexNumber, CultureInfo.InvariantCulture);
            }

            return HexAsBytes;
        }
    }
}


Petr Munzar, programmer of Identity Cloaker (www.identitycloaker.com), Czech Republic
#19002
Posted: 02/11/2012 01:50:45
by Eugene Mayevski (EldoS Corp.)

Thank you very much for sharing the class with other users!


Sincerely yours
Eugene Mayevski
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 1825 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!