Re: Regarding id_25519 user certificate

[Jakub Jelen <jjelen@xxxxxxxxxx>]

Hi,
sounds like its the certificate comparison issue
https://gitlab.com/libssh/libssh-mirror/-/issues/329

There is a draft MR fixing this, but the contributor disappeared so it was
not yet finalized:

https://gitlab.com/libssh/libssh-mirror/-/merge_requests/606

If you want to take it over, please do. The code change is obvious. It just
needs a bit more test coverage.

Jakub


On Mon, Sep 22, 2025 at 11:48 AM Chidanand Gangur <
chidanand.gangur@xxxxxxxxx> wrote:

> Hello Everyone,
>
> To add to the previous. thread.  I have tried with RSA and ecdsa keys and
> user certificates both work perfectly fine.
> The problem is only w.r.t ed25519.
>
> Thanks,
> Chidanand
>
> On Mon, Sep 22, 2025 at 1:57 PM Chidanand Gangur <
> chidanand.gangur@xxxxxxxxx> wrote:
>
>> Hello Everyone,
>>
>> I have created a user certificate using following commands.
>>
>> ssh-keygen -t ed25519 -f id_ed25519 -N ""
>>
>> ssh-keygen -s CA/ca_user_key_ed25519 -I test_user_cert -n user1,user2  -V
>> +4h id_ed25519.pub
>>
>>
>> In ssh_client I have set following options :
>>
>>
>>     rc = ssh_pki_import_privkey_file(pvtkey, NULL, NULL, NULL, &privkey);
>>
>>
>>
>>
>>     rc = ssh_pki_import_cert_file(usercert, &cert);
>>
>>
>>
>>     rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
>>
>>
>> ssh_pki_import_privkey_file and ssh_pki_import_cert_file succeeds but
>> the last call ssh_pki_copy_cert_to_privkey fails.
>>
>>
>> I have also tried setting pvtkey and user certificate using
>> ssh_options_set using SSH_OPTIONS_IDENTITY,  SSH_OPTIONS_CERTIFICATE.
>> In this case also ssh_options_set errors out when using
>> SSH_OPTIONS_CERTIFICATE.
>>
>>
>>
>> I am using libssh-0.11.2.
>>
>>
>> Is ED25519 supported to be used as a user certificate.
>>
>> Are there any compilation options to be set  ?
>>
>>
>> If any one encountered such an issue and has overcome it, revert back
>> please.
>>
>>
>>
>> Thanks,
>>
>> Chidanand
>>
>