sftp-server
Matt Johnston
matt at ucc.asn.au
Mon Jan 22 14:07:23 WST 2007
On Fri, Jan 19, 2007 at 05:21:01PM -0300, Alejandro Mery wrote:
> Am 2007-01-19 schrieb Rob Landley <rob at landley.net>:
> > On Thursday 18 January 2007 10:58 pm, Matt Johnston wrote:
> >
> > > I'm unlikely to develop my own sftp-server for Dropbear in
> > > the near future.
> >
> > On a related note, how much work would it be to add stunnel support
> > to dropbear? (It's an https passthrough filter. Pipe an http
> > transaction through it and it's https.)
> >
> > Are they remotely similar algorithms? I suspect libtomcrypt has most
> > of it, but haven't programmed against that directly before...
>
> libtomcrypt does include these days lot of things dropbear had to
> implement (rsa, asn.1,...) .... there was a mail long time ago from a
> person who wanted to get a tls library out of dropear.. what happened
> with that? that would clean up dropbear a lot and help to have nice
> things like a ltc-powered stunnel.
The SSH protocol [1] doesn't involve SSL or TLS, so
implementing stunnel (or similar) would be somewhat
orthogonal to Dropbear's SSH implementation. Some savings in
binary size would be realised since they could share
LTC/LTM's underlying cipher/hash/bignum code.
There's already MatrixSSL which does SSL/TLS on top of
LTC/LTM, though is GPL (or commercial) rather than
BSD-style.
With regard to using LTC's RSA or ASN.1, the SSH protocol
uses PKCS#1 v1.5 for RSA, while LTC only has v2.0 (afaict).
ASN.1 is only used by SSH for padding in those RSA
signatures, as a static string. Dropbear could potentially
use LTC's DSA code, though that would draw in
otherwise-unused DER code from LTC (unless the code is
modified, making it a bit moot).
I haven't heard anything more from people looking at SSL libs
from Dropbear, I guess there wasn't any progress?
Cheers,
Matt
[1] http://www.ietf.org/rfc/rfc4253.txt
More information about the Dropbear
mailing list