public void TestSignRequest() { var agentClient = new TestAgentClient(); var data = Encoding.UTF8.GetBytes("Data to be signed"); foreach (var key in allKeys) { agentClient.Agent.AddKey(key); var signature = agentClient.SignRequest(key, data); switch (key.Version) { case SshVersion.SSH1: using (MD5 md5 = MD5.Create()) { var md5Buffer = new byte[48]; data.CopyTo(md5Buffer, 0); agentClient.SessionId.CopyTo(md5Buffer, 32); var expctedSignature = md5.ComputeHash(md5Buffer); Assert.That(signature, Is.EqualTo(expctedSignature)); } break; case SshVersion.SSH2: BlobParser signatureParser = new BlobParser(signature); var algorithm = signatureParser.ReadString(); Assert.That(algorithm, Is.EqualTo(key.Algorithm.GetIdentifierString())); signature = signatureParser.ReadBlob(); if (key.Algorithm == PublicKeyAlgorithm.SSH_RSA) { Assert.That(signature.Length == key.Size / 8); } else if (key.Algorithm == PublicKeyAlgorithm.SSH_DSS) { Assert.That(signature.Length, Is.EqualTo(40)); var r = new BigInteger(1, signature, 0, 20); var s = new BigInteger(1, signature, 20, 20); var seq = new DerSequence(new DerInteger(r), new DerInteger(s)); signature = seq.GetDerEncoded(); } else if (key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP256 || key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP384 || key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP521) { Assert.That(signature.Length, Is.AtLeast(key.Size / 4 + 8)); Assert.That(signature.Length, Is.AtMost(key.Size / 4 + 10)); BlobParser parser = new BlobParser(signature); var r = new BigInteger(parser.ReadBlob()); var s = new BigInteger(parser.ReadBlob()); var seq = new DerSequence(new DerInteger(r), new DerInteger(s)); signature = seq.GetDerEncoded(); } var signer = key.GetSigner(); signer.Init(false, key.GetPublicKeyParameters()); signer.BlockUpdate(data, 0, data.Length); var valid = signer.VerifySignature(signature); Assert.That(valid, Is.True); break; default: Assert.Fail("Unexpected Ssh Version"); break; } } }