Class KeyExchange

java.lang.Object
com.jcraft.jsch.KeyExchange
public abstract class KeyExchange extends Object

  • Field Details

  • Constructor Details

    • KeyExchange

      public KeyExchange()

  • Method Details

    • init

      public abstract void init(Session session, byte[] V_S, byte[] V_C, byte[] I_S, byte[] I_C) throws Exception
      Throws:
      Exception

    • next

      public abstract boolean next(Buffer buf) throws Exception
      Throws:
      Exception

    • getState

      public abstract int getState()

    • getKeyType

      public String getKeyType()

    • getKeyAlgorithName

      public String getKeyAlgorithName()

    • guess

      protected static String[] guess(Session session, byte[] I_S, byte[] I_C) throws Exception
      Throws:
      Exception

    • getFingerPrint

      public String getFingerPrint()

    • normalize

      protected byte[] normalize(byte[] secret)

    • verify

      protected boolean verify(String alg, byte[] K_S, int index, byte[] sig_of_H) throws Exception
      Verifies the cryptographic signature of the SSH key exchange hash.

      This method performs cryptographic verification that the remote server possesses the private key corresponding to the public key presented during the SSH key exchange. It supports both traditional SSH public keys and OpenSSH certificates.

      Public Key vs. Certificate Handling

      The method handles two distinct input formats:

      • Plain Public Keys: When alg is a standard key algorithm (e.g., "ssh-rsa", "ssh-ed25519"), the K_S parameter contains the server's public key in SSH wire format. The method parses the key components and verifies the signature directly.
      • OpenSSH Certificates: When alg is a certificate type (e.g., "ssh-rsa-cert-v01@openssh.com"), the K_S parameter contains an OpenSSH certificate structure. The method:
        1. Parses the certificate to extract the embedded public key
        2. Validates that the certificate is a host certificate (not a user certificate)
        3. Replaces K_S with the extracted public key
        4. Extracts the underlying algorithm name from the public key
        5. Stores the certificate for subsequent CA validation
        6. Proceeds with signature verification using the extracted public key

      Two-Stage Verification for Certificates

      For OpenSSH certificates, this method performs only the first stage of verification: proving that the server possesses the private key corresponding to the public key embedded in the certificate. The second stage (validating the certificate's CA signature, validity period, principals, and other certificate-specific properties) is performed separately by OpenSshCertificateHostKeyVerifier.checkHostCertificate(Session, OpenSshCertificate).

      Signature Verification Process

      After extracting the public key (either from the plain input or from within a certificate), the method:

      1. Determines the key algorithm (RSA, DSS, ECDSA, or EdDSA)
      2. Parses the algorithm-specific public key components from the SSH wire format
      3. Instantiates the appropriate signature verification class
      4. Verifies that sig_of_H is a valid signature of the exchange hash H using the public key
      Parameters:
      alg - the server host key algorithm name. This can be either a plain key algorithm (e.g., "ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256", "ssh-ed25519") or a certificate type (e.g., "ssh-rsa-cert-v01@openssh.com", "ssh-ed25519-cert-v01@openssh.com"). For certificates, this parameter is internally replaced with the underlying key algorithm extracted from the certificate.
      K_S - the server's public key blob in SSH wire format. For plain keys, this contains the public key directly. For certificates, this contains the complete OpenSSH certificate structure, which includes the public key along with additional metadata (CA signature, principals, validity period, etc.). When a certificate is detected, this reference is replaced internally with the extracted public key for verification purposes.
      index - the starting byte offset within K_S from which to begin parsing. For plain keys, this is typically the position after the algorithm string. For certificates, this is typically 0 (start of the certificate blob), and the offset is recalculated after extracting the embedded public key.
      sig_of_H - the signature bytes to verify. This is the server's signature of the exchange hash H, which proves the server possesses the private key. The signature format is algorithm-specific and includes both the algorithm identifier and the actual signature data in SSH wire format.
      Returns:
      true if the signature is cryptographically valid and proves the server possesses the private key; false otherwise.
      Throws:
      JSchException - if the algorithm is unsupported, if a certificate is detected but is not a host certificate (e.g., it's a user certificate), if the signature verification class cannot be instantiated, or if any other error occurs during verification.
      Exception - if an unexpected error occurs during parsing or cryptographic operations.

    • encodeInt

      protected byte[] encodeInt(int raw)

    • encodeAsMPInt

      protected byte[] encodeAsMPInt(byte[] raw)

    • encodeAsMPInt

      protected byte[] encodeAsMPInt(byte[] raw, boolean bzero)

    • encodeAsString

      protected byte[] encodeAsString(byte[] raw)

    • encodeAsString

      protected byte[] encodeAsString(byte[] raw, boolean bzero)