x/crypto/ssh/agent: Accept Flags in Agent.Sign() #22087
Labels
NeedsDecision
Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone
I was trying unsuccessfully to get ssh-agent to sign a JWT via the x/crypto/ssh/agent.Agent::Sign() interface.
In https://github.com/golang/crypto/blob/master/ssh/agent/client.go#L371, the Flags in signRequestAgentMsg was left as default (0).
In OpenSSH ssh-agent, https://github.com/openssh/openssh-portable/blob/master/ssh-agent.c#L262, the signing algorithm is being determined by parsing the flags sent in the signRequestAgentMsg - 2 for rsa-sha2-256 and 4 for rsa-sha2-512, and sending 0 probably defaults the algorithm to SHA1.
It seems that allowing the caller to specify flags, or at a higher level, an algorithm name, would be able to resolve this, but I'm not sure what is the best way to implement this.
The text was updated successfully, but these errors were encountered: