Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ed25519 keys #674

Open
gnomed opened this issue Mar 29, 2023 · 7 comments
Open

Support ed25519 keys #674

gnomed opened this issue Mar 29, 2023 · 7 comments
Labels
enhancement New feature or request

Comments

@gnomed
Copy link

gnomed commented Mar 29, 2023

Using an ed25519 key for ssh connection on an SFTP data source produces an error dialog saying ssh-ed25519 is explicitly not supported. It's 2023 and support for ed25519 should be available in most libraries.

I'm not very familiar with JavaScript dependencies but surely something can be updated to support the current ssh standard?
@deadlyjack
Copy link
Collaborator

deadlyjack commented Mar 29, 2023 via email

@gnomed
Copy link
Author

gnomed commented Apr 3, 2023

I do know java, but I do not know android or cordova or yarn.

It looks like it is missing the recommended bouncycastle dependencies for the maverick ssh client which is the client used by the sftp plugin.

Adding the recommended dependency causes the "jettify" process to fail. There is supposed to be a workaround to exclude the jar from the jettify process but I could not figure out how to make it work in this repo which does not use gradle directly. So I needed to add a different version of the bouncycastle jars and exclude the broken version.

After doing this the process gets further but complains "Ed25519 KeyFactory is not available"

There is also another support article from maverick which mentions another jar is needed for ed25519 support, but its a weird snapshot jar and adding it does not seem to impact the behaviour of the ssh client, I get the same "Ed25519 KeyFactory is not available" message. I am not convinced this is necessary based on what I can read in the other codebases, but the page seemed fairly authoritative.

So at this point I am somewhat stuck unless I can find out where that error message is coming from. Unfortunately I could not figure out how to get the project to run via AndroidStudio so I could not use a debugger to trace the source of the error and I cannot find that error message in the source code for bouncycastle or maverick ☹️.

I will describe my changes below since they are pretty simple, I could push a branch but it doesn't work anyway.

src/plugins/sftp/plugin.xml:

<framework src="commons-io:commons-io:2.11.0" />
<framework src="com.sshtools:maverick-synergy-client:3.0.10" />
<framework src="com.sshtools:maverick-bc:3.0.10" />
<framework src="org.bouncycastle:bcprov-jdk15to18:1.72" />
<framework src="org.bouncycastle:bcpkix-jdk15to18:1.72" />
<framework src="com.sshtools:maverick-ed25519:3.0.0-SNAPSHOT" />

src/plugins/sftp/src/.../Stfp.java (at the end of the initialize method):

JCEProvider.enableBouncyCastle(true);

build-extras.gradle:

repositories {
  maven {
    name "oss-snapshots"
    url "https://oss.sonatype.org/content/repositories/snapshots/"
    mavenContent {
        snapshotsOnly()
        includeModule("com.sshtools", "maverick-ed25519")
    }
  }
}
configurations {
  all {
      exclude module: 'commons-logging'
      exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
      exclude group: 'org.bouncycastle', module: 'bcpkix-jdk15on'
  }
}

@gnomed
Copy link
Author

gnomed commented Apr 3, 2023

also I tried the bc-fips dependencies also recommended by the maverick docs, those were nice because they didn't break the jettify process, but it just hung forvever instead of producing the "KeyFactory not available" error, and again I was stuck without being able to get the AndroidStudio debugger working.

@deadlyjack
Copy link
Collaborator

deadlyjack commented Apr 3, 2023 via email

@gnomed
Copy link
Author

gnomed commented Apr 3, 2023

Thanks, if I get enough free time maybe I can set up a vanilla java test program to debug the behaviour; but I'm worried the differences between the android JRE and my local test will make the results meaningless.

@deadlyjack deadlyjack added the enhancement New feature or request label Apr 9, 2023
@sebastianjnuwu sebastianjnuwu mentioned this issue Jul 28, 2023
Open
@Offerel
Copy link

Offerel commented Mar 7, 2024

Is there any update? I don't want to enable RSA keys again on our SFTP hosts.

@explor4268 explor4268 mentioned this issue Jun 27, 2024
Open
@explor4268
Copy link

explor4268 commented Jul 1, 2024
edited
Loading

Try running adb logcat -T 1 (with platform-tools installed on $PATH) with the phone/emulator connected before pressing "OK" on the SFTP connect menu, it should outputs relevant error messages.

Currently I cannot build the app with @gnomed's setup. Can somebody test it? If so, post the logs down below.

I also have similar issues where it cannot connect to servers with only certain key exchange algorithms enabled, notably Curve25519 (#985)

Another alternative is to just switch from Maverick SSH Library to something else that doesn't involve adding BouncyCastle (or any other problematic dependencies)

One example is https://github.com/mwiede/jsch (JSCH fork, for ed25519 support Java 15+ is required if not add BouncyCastle, which in this case is a little bit broken and requires workaround)

Another example is Apache Mina SSHD (it supports SFTP) which uses ed25519-java library to support ed25519, but:

https://github.com/apache/mina-sshd/blob/master/docs/standards.md#key-exchange

On Java versions before Java 11, Bouncy Castle is required for curve25519-sha256, [email protected], or curve448-sha512.

Or just include a native library for the ssh/sftp implementation.

Also this article might be relevant, where the built-in Android BouncyCastle implementation of many algorithms were deprecated:

Related SO Answer: https://stackoverflow.com/a/66323575
Also found this when browsing SpongyCastle GitHub issues page, where you can customize BouncyCastle to workaround with built-in BC issues: https://github.com/jbuhacoff/nodejs-mybc-util

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gnomed @Offerel @deadlyjack @explor4268