Maverick Legacy API versions 1.7.17 (client) and 1.7.18 (server) now support SHA256 and SHA512 signature types for RSA keys. The standard RSA public key type in SSH uses an SHA1 signature. The new types enable you to use SHA256 and SHA512 signatures with any RSA key.
These new types can be loaded alongside the original type so that the same RSA key can support multiple signature types. Consider the code below that loads a standard private key from file into an SshKeyPair.
SshKeyPair pair = SshKeyUtils.getPrivateKey(new File("id_rsa"), "passphrase");
You can create an additional SshKeyPair that supports one of the new signatures by using the utilitiy.
SshKeyPair pairSHA256 = SshKeyUtils.makeRSAWithSHA256Signature(pair);
You now have 2 variables, pair that will continue to use SHA1 signatures, and pairSHA256 which will use SHA256 signatures.
Similary, you can make the original pair use SHA512 signatures with the following code:
SshKeyPair pairSHA512 = SshKeyUtils.makeRSAWithSHA512Signature(pair);
You can then use any of these as host keys or in user authentication.
Important Notes
- The remote side needs to be able to support
rsa-sha2-256
andrsa-sha2-512
keys - When configuring authorized_keys for user authentication the key used is the standard RSA public key e.g.ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRqJb3pw...