motiejus/jgit - jgit - gitea: Gitea Service

motiejus

jgit

Fork 0

Commit Graph

Author	SHA1	Message	Date
Thomas Wolf	c33d2bfb9f	Apache MINA sshd client: test reading encrypted ed25519 keys Add encrypted ed25519 keys in the tests; sshd 2.2.0 can finally decrypt encrypted new-style OpenSSH key files. (Needs the "unlimited strength" JCE, which is the default since Java 8u161. On older JREs, users should install the policy files available from Oracle.) The "expensive" key added has been generated with OpenSSH's ssh-keygen -t ed25519 -a 256, i.e., with 256 bcrypt KDF rounds instead of the default 16. On my machine it takes about 2sec to decrypt. Bug: 541703 Change-Id: Id3872ca2fd75d8f009cbc932eeb6357d3d1f267c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>	2019-05-06 15:22:08 +02:00
Thomas Wolf	488d95571f	Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>	2018-11-13 10:49:26 -08:00

Author

SHA1

Message

Date

Thomas Wolf

c33d2bfb9f

Apache MINA sshd client: test reading encrypted ed25519 keys

Add encrypted ed25519 keys in the tests; sshd 2.2.0 can finally
decrypt encrypted new-style OpenSSH key files. (Needs the "unlimited
strength" JCE, which is the default since Java 8u161. On older JREs,
users should install the policy files available from Oracle.)

The "expensive" key added has been generated with OpenSSH's
ssh-keygen -t ed25519 -a 256, i.e., with 256 bcrypt KDF rounds
instead of the default 16. On my machine it takes about 2sec to
decrypt.

Bug: 541703
Change-Id: Id3872ca2fd75d8f009cbc932eeb6357d3d1f267c
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

2019-05-06 15:22:08 +02:00

Thomas Wolf

488d95571f

Apache MINA sshd client

Add a new ssh client implementation based on Apach MINA sshd 2.0.0.

This implementation uses JGit's own config file parser and host entry
resolver. Code inspection of the Apache MINA implementation revealed
a few bugs or idiosyncrasies that immediately would re-introduce bugs
already fixed in the past in JGit.

Apache MINA sshd is not without quirks either, and I had to configure
and override more than I had expected. But at least it was all doable
in clean ways.

Apache MINA boasts support for Bouncy Castle, so in theory this should
open the way to using more ssh key algorithms, such as ed25519.

The implementation is in a separate bundle and is still not used in
the core org.eclipse.jgit bundle. The tests re-use the ssh tests from
the core test bundle.

Bug: 520927
Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

2018-11-13 10:49:26 -08:00

2 Commits