Introduce KeyAlgorithm to separate KeyType from Algorithm (Fixes #588) (#589)

2025-12-08 08:10:55 +03:00 · 2020-06-02 16:39:22 +02:00
parent 91105e6a07
commit 9671352bda
27 changed files with 625 additions and 102 deletions
--- a/src/main/java/net/schmizz/sshj/AndroidConfig.java
+++ b/src/main/java/net/schmizz/sshj/AndroidConfig.java
@@ -15,6 +15,9 @@
 */
 package net.schmizz.sshj;

+import com.hierynomus.sshj.key.DSAKeyAlgorithm;
+import com.hierynomus.sshj.key.EdDSAKeyAlgorithm;
+import com.hierynomus.sshj.key.RSAKeyAlgorithm;
 import com.hierynomus.sshj.signature.SignatureEdDSA;

 import net.schmizz.sshj.common.SecurityUtils;
@@ -23,6 +26,8 @@ import net.schmizz.sshj.signature.SignatureRSA;
 import net.schmizz.sshj.transport.random.JCERandom;
 import net.schmizz.sshj.transport.random.SingletonRandomFactory;

+import java.util.Arrays;
+
 /**
 * Registers SpongyCastle as JCE provider.
 */
@@ -33,11 +38,14 @@ public class AndroidConfig
        SecurityUtils.registerSecurityProvider("org.spongycastle.jce.provider.BouncyCastleProvider");
    }

-    // don't add ECDSA
-    protected void initSignatureFactories() {
-        setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory(),
-                // but add EdDSA
-                new SignatureEdDSA.Factory());
+
+    @Override
+    protected void initKeyAlgorithms() {
+        setKeyAlgorithms(Arrays.asList(
+                new EdDSAKeyAlgorithm.Factory(),
+                new RSAKeyAlgorithm.FactorySSHRSA(),
+                new DSAKeyAlgorithm.FactorySSHDSA()
+        ));
    }

    @Override
--- a/src/main/java/net/schmizz/sshj/Config.java
+++ b/src/main/java/net/schmizz/sshj/Config.java
@@ -15,6 +15,7 @@
 */
 package net.schmizz.sshj;

+import com.hierynomus.sshj.key.KeyAlgorithm;
 import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.common.Factory;
 import net.schmizz.sshj.common.LoggerFactory;
@@ -77,11 +78,11 @@ public interface Config {
    Factory<Random> getRandomFactory();

    /**
-     * Retrieve the list of named factories for {@link Signature}
+     * Retrieve the list of named factories for {@link com.hierynomus.sshj.key.KeyAlgorithm}
     *
-     * @return a list of named {@link Signature} factories
+     * @return a list of named {@link com.hierynomus.sshj.key.KeyAlgorithm} factories
     */
-    List<Factory.Named<Signature>> getSignatureFactories();
+    List<Factory.Named<KeyAlgorithm>> getKeyAlgorithms();

    /**
     * Returns the software version information for identification during SSH connection initialization. For example,
@@ -132,11 +133,11 @@ public interface Config {
    void setRandomFactory(Factory<Random> randomFactory);

    /**
-     * Set the named factories for {@link Signature}.
+     * Set the named factories for {@link KeyAlgorithm}.
     *
-     * @param signatureFactories a list of named factories
+     * @param keyAlgorithms a list of named factories
     */
-    void setSignatureFactories(List<Factory.Named<Signature>> signatureFactories);
+    void setKeyAlgorithms(List<Factory.Named<KeyAlgorithm>> keyAlgorithms);

    /**
     * Set the software version information for identification during SSH connection initialization. For example, {@code
--- a/src/main/java/net/schmizz/sshj/ConfigImpl.java
+++ b/src/main/java/net/schmizz/sshj/ConfigImpl.java
@@ -15,10 +15,10 @@
 */
 package net.schmizz.sshj;

+import com.hierynomus.sshj.key.KeyAlgorithm;
 import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.common.Factory;
 import net.schmizz.sshj.common.LoggerFactory;
-import net.schmizz.sshj.signature.Signature;
 import net.schmizz.sshj.transport.cipher.Cipher;
 import net.schmizz.sshj.transport.compression.Compression;
 import net.schmizz.sshj.transport.kex.KeyExchange;
@@ -42,7 +42,7 @@ public class ConfigImpl
    private List<Factory.Named<Cipher>> cipherFactories;
    private List<Factory.Named<Compression>> compressionFactories;
    private List<Factory.Named<MAC>> macFactories;
-    private List<Factory.Named<Signature>> signatureFactories;
+    private List<Factory.Named<KeyAlgorithm>> keyAlgorithms;
    private List<Factory.Named<FileKeyProvider>> fileKeyProviderFactories;

    private boolean waitForServerIdentBeforeSendingClientIdent = false;
@@ -78,11 +78,6 @@ public class ConfigImpl
        return randomFactory;
    }

-    @Override
-    public List<Factory.Named<Signature>> getSignatureFactories() {
-        return signatureFactories;
-    }
-
    @Override
    public String getVersion() {
        return version;
@@ -138,15 +133,6 @@ public class ConfigImpl
        this.randomFactory = randomFactory;
    }

-    public void setSignatureFactories(Factory.Named<Signature>... signatureFactories) {
-        setSignatureFactories(Arrays.asList(signatureFactories));
-    }
-
-    @Override
-    public void setSignatureFactories(List<Factory.Named<Signature>> signatureFactories) {
-        this.signatureFactories = signatureFactories;
-    }
-
    @Override
    public void setVersion(String version) {
        this.version = version;
@@ -172,6 +158,16 @@ public class ConfigImpl
        this.waitForServerIdentBeforeSendingClientIdent = waitForServerIdentBeforeSendingClientIdent;
    }

+    @Override
+    public List<Factory.Named<KeyAlgorithm>> getKeyAlgorithms() {
+        return keyAlgorithms;
+    }
+
+    @Override
+    public void setKeyAlgorithms(List<Factory.Named<KeyAlgorithm>> keyAlgorithms) {
+        this.keyAlgorithms = keyAlgorithms;
+    }
+
    @Override
    public LoggerFactory getLoggerFactory() {
        return loggerFactory;
--- a/src/main/java/net/schmizz/sshj/DefaultConfig.java
+++ b/src/main/java/net/schmizz/sshj/DefaultConfig.java
@@ -15,7 +15,10 @@
 */
 package net.schmizz.sshj;

-import com.hierynomus.sshj.signature.SignatureEdDSA;
+import com.hierynomus.sshj.key.DSAKeyAlgorithm;
+import com.hierynomus.sshj.key.ECDSAKeyAlgorithm;
+import com.hierynomus.sshj.key.EdDSAKeyAlgorithm;
+import com.hierynomus.sshj.key.RSAKeyAlgorithm;
 import com.hierynomus.sshj.transport.cipher.BlockCiphers;
 import com.hierynomus.sshj.transport.cipher.StreamCiphers;
 import com.hierynomus.sshj.transport.kex.DHGroups;
@@ -26,10 +29,7 @@ import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.common.Factory;
 import net.schmizz.sshj.common.LoggerFactory;
 import net.schmizz.sshj.common.SecurityUtils;
-import net.schmizz.sshj.signature.SignatureDSA;
-import net.schmizz.sshj.signature.SignatureECDSA;
-import net.schmizz.sshj.signature.SignatureRSA;
-import net.schmizz.sshj.transport.cipher.*;
+import net.schmizz.sshj.transport.cipher.Cipher;
 import net.schmizz.sshj.transport.compression.NoneCompression;
 import net.schmizz.sshj.transport.kex.Curve25519SHA256;
 import net.schmizz.sshj.transport.kex.DHGexSHA1;
@@ -56,7 +56,7 @@ import java.util.*;
 * <li>{@link net.schmizz.sshj.ConfigImpl#setMACFactories MAC}: {@link net.schmizz.sshj.transport.mac.HMACSHA1}, {@link net.schmizz.sshj.transport.mac.HMACSHA196}, {@link net.schmizz.sshj.transport.mac.HMACMD5}, {@link
 * net.schmizz.sshj.transport.mac.HMACMD596}</li>
 * <li>{@link net.schmizz.sshj.ConfigImpl#setCompressionFactories Compression}: {@link net.schmizz.sshj.transport.compression.NoneCompression}</li>
- * <li>{@link net.schmizz.sshj.ConfigImpl#setSignatureFactories Signature}: {@link net.schmizz.sshj.signature.SignatureRSA}, {@link net.schmizz.sshj.signature.SignatureDSA}</li>
+ * <li>{@link net.schmizz.sshj.ConfigImpl#setKeyAlgorithms KeyAlgorithm}: {@link net.schmizz.sshj.signature.SignatureRSA}, {@link net.schmizz.sshj.signature.SignatureDSA}</li>
 * <li>{@link net.schmizz.sshj.ConfigImpl#setRandomFactory PRNG}: {@link net.schmizz.sshj.transport.random.BouncyCastleRandom}* or {@link net.schmizz.sshj.transport.random.JCERandom}</li>
 * <li>{@link net.schmizz.sshj.ConfigImpl#setFileKeyProviderFactories Key file support}: {@link net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile}*, {@link
 * net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile}*</li>
@@ -76,12 +76,12 @@ public class DefaultConfig
        setVersion(readVersionFromProperties());
        final boolean bouncyCastleRegistered = SecurityUtils.isBouncyCastleRegistered();
        initKeyExchangeFactories(bouncyCastleRegistered);
+        initKeyAlgorithms();
        initRandomFactory(bouncyCastleRegistered);
        initFileKeyProviderFactories(bouncyCastleRegistered);
        initCipherFactories();
        initCompressionFactories();
        initMACFactories();
-        initSignatureFactories();
        setKeepAliveProvider(KeepAliveProvider.HEARTBEAT);
    }

@@ -99,8 +99,8 @@ public class DefaultConfig

    @Override
    public void setLoggerFactory(LoggerFactory loggerFactory) {
-	super.setLoggerFactory(loggerFactory);
-	log = loggerFactory.getLogger(getClass());
+        super.setLoggerFactory(loggerFactory);
+        log = loggerFactory.getLogger(getClass());
    }

    protected void initKeyExchangeFactories(boolean bouncyCastleRegistered) {
@@ -133,6 +133,20 @@ public class DefaultConfig
        }
    }

+    protected void initKeyAlgorithms() {
+        setKeyAlgorithms(Arrays.asList(
+                new EdDSAKeyAlgorithm.Factory(),
+                new ECDSAKeyAlgorithm.Factory521(),
+                new ECDSAKeyAlgorithm.Factory384(),
+                new ECDSAKeyAlgorithm.Factory256(),
+                new RSAKeyAlgorithm.FactoryRSASHA512(),
+                new RSAKeyAlgorithm.FactoryRSASHA256(),
+                new RSAKeyAlgorithm.FactorySSHRSACert(),
+                new DSAKeyAlgorithm.FactorySSHDSSCert(),
+                new RSAKeyAlgorithm.FactorySSHRSA(),
+                new DSAKeyAlgorithm.FactorySSHDSA()));
+    }
+
    protected void initRandomFactory(boolean bouncyCastleRegistered) {
        setRandomFactory(new SingletonRandomFactory(bouncyCastleRegistered
                ? new BouncyCastleRandom.Factory() : new JCERandom.Factory()));
@@ -207,18 +221,6 @@ public class DefaultConfig
        log.debug("Available cipher factories: {}", avail);
    }

-    protected void initSignatureFactories() {
-        setSignatureFactories(
-                new SignatureEdDSA.Factory(),
-                new SignatureECDSA.Factory256(),
-                new SignatureECDSA.Factory384(),
-                new SignatureECDSA.Factory521(),
-                new SignatureRSA.Factory(),
-                new SignatureRSA.FactoryCERT(),
-                new SignatureDSA.Factory()
-        );
-    }
-
    protected void initMACFactories() {
        setMACFactories(
                Macs.HMACSHA1(),
--- a/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java
+++ b/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java
@@ -29,18 +29,26 @@ public abstract class AbstractSignature

    @SuppressWarnings("PMD.UnnecessaryFullyQualifiedName")
    protected final java.security.Signature signature;
+    private final String signatureName;

-    protected AbstractSignature(String algorithm) {
+    protected AbstractSignature(String algorithm, String signatureName) {
        try {
            this.signature = SecurityUtils.getSignature(algorithm);
+            this.signatureName = signatureName;
        } catch (GeneralSecurityException e) {
            throw new SSHRuntimeException(e);
        }
    }

    protected AbstractSignature(@SuppressWarnings("PMD.UnnecessaryFullyQualifiedName")
-                                        java.security.Signature signatureEngine) {
+                                        java.security.Signature signatureEngine, String signatureName) {
        this.signature = signatureEngine;
+        this.signatureName = signatureName;
+    }
+
+    @Override
+    public String getSignatureName() {
+        return signatureName;
    }

    @Override
--- a/src/main/java/net/schmizz/sshj/signature/Signature.java
+++ b/src/main/java/net/schmizz/sshj/signature/Signature.java
@@ -21,6 +21,8 @@ import java.security.PublicKey;
 /** Signature interface for SSH used to sign or verify data. Usually wraps a {@code javax.crypto.Signature} object. */
 public interface Signature {

+    String getSignatureName();
+
    /**
     * Initialize this signature with the given public key for signature verification.
     *
--- a/src/main/java/net/schmizz/sshj/signature/SignatureDSA.java
+++ b/src/main/java/net/schmizz/sshj/signature/SignatureDSA.java
@@ -50,7 +50,7 @@ public class SignatureDSA
    }

    public SignatureDSA() {
-        super("SHA1withDSA");
+        super("SHA1withDSA", KeyType.DSA.toString());
    }

    @Override
@@ -72,8 +72,8 @@ public class SignatureDSA

        // result must be 40 bytes, but length of r and s may not be 20 bytes

-        int r_copylen = (r.length < 20) ? r.length : 20;
-        int s_copylen = (s.length < 20) ? s.length : 20;
+        int r_copylen = Math.min(r.length, 20);
+        int s_copylen = Math.min(s.length, 20);

        System.arraycopy(r, r.length - r_copylen, result, 20 - r_copylen, r_copylen);
        System.arraycopy(s, s.length - s_copylen, result, 40 - s_copylen, s_copylen);
--- a/src/main/java/net/schmizz/sshj/signature/SignatureECDSA.java
+++ b/src/main/java/net/schmizz/sshj/signature/SignatureECDSA.java
@@ -79,7 +79,7 @@ public class SignatureECDSA extends AbstractSignature {
    private String keyTypeName;

    public SignatureECDSA(String algorithm, String keyTypeName) {
-        super(algorithm);
+        super(algorithm, keyTypeName);
        this.keyTypeName = keyTypeName;
    }

--- a/src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
+++ b/src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
@@ -22,26 +22,53 @@ import net.schmizz.sshj.common.SSHRuntimeException;
 import java.security.InvalidKeyException;
 import java.security.PublicKey;
 import java.security.SignatureException;
-import java.util.Date;

 /** RSA {@link Signature} */
 public class SignatureRSA
        extends AbstractSignature {

    /** A named factory for RSA {@link Signature} */
-    public static class Factory
+    public static class FactorySSHRSA
            implements net.schmizz.sshj.common.Factory.Named<Signature> {

        @Override
        public Signature create() {
-            return new SignatureRSA(KeyType.RSA.toString());
+            return new SignatureRSA("SHA1withRSA", KeyType.RSA, KeyType.RSA.toString());
        }

        @Override
        public String getName() {
            return KeyType.RSA.toString();
        }
+    }

+    /** A named factory for RSA {@link Signature} */
+    public static class FactoryRSASHA256
+            implements net.schmizz.sshj.common.Factory.Named<Signature> {
+
+        @Override
+        public Signature create() {
+            return new SignatureRSA("SHA256withRSA", KeyType.RSA, "rsa-sha2-256");
+        }
+
+        @Override
+        public String getName() {
+            return "rsa-sha2-256";
+        }
+    }
+    /** A named factory for RSA {@link Signature} */
+    public static class FactoryRSASHA512
+            implements net.schmizz.sshj.common.Factory.Named<Signature> {
+
+        @Override
+        public Signature create() {
+            return new SignatureRSA("SHA512withRSA", KeyType.RSA, "rsa-sha2-512");
+        }
+
+        @Override
+        public String getName() {
+            return "rsa-sha2-512";
+        }
    }

    /** A named factory for RSA {@link Signature} */
@@ -50,7 +77,7 @@ public class SignatureRSA

        @Override
        public Signature create() {
-            return new SignatureRSA(KeyType.RSA_CERT.toString());
+            return new SignatureRSA("SHA1withRSA", KeyType.RSA_CERT, KeyType.RSA.toString());
        }

        @Override
@@ -60,19 +87,19 @@ public class SignatureRSA

    }

-    private String keyTypeName;
+    private KeyType keyType;


-    public SignatureRSA(String keyTypeName) {
-        super("SHA1withRSA");
-        this.keyTypeName = keyTypeName;
+    public SignatureRSA(String algorithm, KeyType keyType, String name) {
+        super(algorithm, name);
+        this.keyType = keyType;
    }

    @Override
    @SuppressWarnings("unchecked")
    public void initVerify(PublicKey publicKey) {
        try {
-            if (this.keyTypeName.equals(KeyType.RSA_CERT.toString()) && publicKey instanceof Certificate) {
+            if (this.keyType.equals(KeyType.RSA_CERT) && publicKey instanceof Certificate) {
                signature.initVerify(((Certificate<PublicKey>) publicKey).getKey());
            } else {
                signature.initVerify(publicKey);
@@ -89,7 +116,7 @@ public class SignatureRSA

    @Override
    public boolean verify(byte[] sig) {
-        sig = extractSig(sig, KeyType.RSA.toString());
+        sig = extractSig(sig, getSignatureName());
        try {
            return signature.verify(sig);
        } catch (SignatureException e) {
--- a/src/main/java/net/schmizz/sshj/transport/KeyExchanger.java
+++ b/src/main/java/net/schmizz/sshj/transport/KeyExchanger.java
@@ -15,6 +15,7 @@
 */
 package net.schmizz.sshj.transport;

+import com.hierynomus.sshj.key.KeyAlgorithm;
 import net.schmizz.concurrent.ErrorDeliveryUtil;
 import net.schmizz.concurrent.Event;
 import net.schmizz.sshj.common.*;
@@ -30,9 +31,7 @@ import org.slf4j.Logger;
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.PublicKey;
-import java.util.Arrays;
-import java.util.LinkedList;
-import java.util.Queue;
+import java.util.*;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;

@@ -232,6 +231,13 @@ final class KeyExchanger
        }
        kex = Factory.Named.Util.create(transport.getConfig().getKeyExchangeFactories(),
                                        negotiatedAlgs.getKeyExchangeAlgorithm());
+
+        List<KeyAlgorithm> keyAlgorithms = new ArrayList<KeyAlgorithm>();
+        for (String signatureAlgorithm : negotiatedAlgs.getSignatureAlgorithms()) {
+            keyAlgorithms.add(Factory.Named.Util.create(transport.getConfig().getKeyAlgorithms(), signatureAlgorithm));
+        }
+        transport.setKeyAlgorithms(keyAlgorithms);
+
        try {
            kex.init(transport,
                     transport.getServerID(), transport.getClientID(),
--- a/src/main/java/net/schmizz/sshj/transport/NegotiatedAlgorithms.java
+++ b/src/main/java/net/schmizz/sshj/transport/NegotiatedAlgorithms.java
@@ -15,10 +15,12 @@
 */
 package net.schmizz.sshj.transport;

+import java.util.List;
+
 public final class NegotiatedAlgorithms {

    private final String kex;
-    private final String sig;
+    private final List<String> availableSigs;
    private final String c2sCipher;
    private final String s2cCipher;
    private final String c2sMAC;
@@ -26,10 +28,10 @@ public final class NegotiatedAlgorithms {
    private final String c2sComp;
    private final String s2cComp;

-    NegotiatedAlgorithms(String kex, String sig, String c2sCipher, String s2cCipher, String c2sMAC, String s2cMAC,
+    NegotiatedAlgorithms(String kex, List<String> availableSigs, String c2sCipher, String s2cCipher, String c2sMAC, String s2cMAC,
                         String c2sComp, String s2cComp) {
        this.kex = kex;
-        this.sig = sig;
+        this.availableSigs = availableSigs;
        this.c2sCipher = c2sCipher;
        this.s2cCipher = s2cCipher;
        this.c2sMAC = c2sMAC;
@@ -42,8 +44,8 @@ public final class NegotiatedAlgorithms {
        return kex;
    }

-    public String getSignatureAlgorithm() {
-        return sig;
+    public List<String> getSignatureAlgorithms() {
+        return availableSigs;
    }

    public String getClient2ServerCipherAlgorithm() {
@@ -74,7 +76,7 @@ public final class NegotiatedAlgorithms {
    public String toString() {
        return ("[ " +
                "kex=" + kex + "; " +
-                "sig=" + sig + "; " +
+                "availableSigs=" + availableSigs + "; " +
                "c2sCipher=" + c2sCipher + "; " +
                "s2cCipher=" + s2cCipher + "; " +
                "c2sMAC=" + c2sMAC + "; " +
--- a/src/main/java/net/schmizz/sshj/transport/Proposal.java
+++ b/src/main/java/net/schmizz/sshj/transport/Proposal.java
@@ -21,6 +21,7 @@ import net.schmizz.sshj.common.Factory;
 import net.schmizz.sshj.common.Message;
 import net.schmizz.sshj.common.SSHPacket;

+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;

@@ -38,7 +39,7 @@ class Proposal {

    public Proposal(Config config) {
        kex = Factory.Named.Util.getNames(config.getKeyExchangeFactories());
-        sig = Factory.Named.Util.getNames(config.getSignatureFactories());
+        sig = Factory.Named.Util.getNames(config.getKeyAlgorithms());
        c2sCipher = s2cCipher = Factory.Named.Util.getNames(config.getCipherFactories());
        c2sMAC = s2cMAC = Factory.Named.Util.getNames(config.getMACFactories());
        c2sComp = s2cComp = Factory.Named.Util.getNames(config.getCompressionFactories());
@@ -126,7 +127,7 @@ class Proposal {
            throws TransportException {
        return new NegotiatedAlgorithms(
                firstMatch(this.getKeyExchangeAlgorithms(), other.getKeyExchangeAlgorithms()),
-                firstMatch(this.getSignatureAlgorithms(), other.getSignatureAlgorithms()),
+                allMatch(this.getSignatureAlgorithms(), other.getSignatureAlgorithms()),
                firstMatch(this.getClient2ServerCipherAlgorithms(), other.getClient2ServerCipherAlgorithms()),
                firstMatch(this.getServer2ClientCipherAlgorithms(), other.getServer2ClientCipherAlgorithms()),
                firstMatch(this.getClient2ServerMACAlgorithms(), other.getClient2ServerMACAlgorithms()),
@@ -138,19 +139,36 @@ class Proposal {

    private static String firstMatch(List<String> a, List<String> b)
            throws TransportException {
-        for (String aa : a)
-            for (String bb : b)
-                if (aa.equals(bb))
-                    return aa;
+        for (String aa : a) {
+            if (b.contains(aa)) {
+                return aa;
+            }
+        }
        throw new TransportException("Unable to reach a settlement: " + a + " and " + b);
    }

+    private static List<String> allMatch(List<String> a, List<String> b) throws TransportException {
+        List<String> res = new ArrayList<String>();
+        for (String aa : a) {
+            if (b.contains(aa)) {
+                res.add(aa);
+            }
+        }
+
+        if (res.isEmpty()) {
+            throw new TransportException("Unable to reach a settlement: " + a + " and " + b);
+        }
+
+        return res;
+    }
+
    private static String toCommaString(List<String> sl) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        for (String s : sl) {
-            if (i++ != 0)
+            if (i++ != 0) {
                sb.append(",");
+            }
            sb.append(s);
        }
        return sb.toString();
--- a/src/main/java/net/schmizz/sshj/transport/Transport.java
+++ b/src/main/java/net/schmizz/sshj/transport/Transport.java
@@ -15,9 +15,11 @@
 */
 package net.schmizz.sshj.transport;

+import com.hierynomus.sshj.key.KeyAlgorithm;
 import net.schmizz.sshj.Config;
 import net.schmizz.sshj.Service;
 import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.KeyType;
 import net.schmizz.sshj.common.SSHPacket;
 import net.schmizz.sshj.common.SSHPacketHandler;
 import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
@@ -235,4 +237,6 @@ public interface Transport
     * @param e The exception that occurred.
     */
    void die(Exception e);
+
+    KeyAlgorithm getKeyAlgorithm(KeyType keyType) throws TransportException;
 }
--- a/src/main/java/net/schmizz/sshj/transport/TransportImpl.java
+++ b/src/main/java/net/schmizz/sshj/transport/TransportImpl.java
@@ -15,6 +15,7 @@
 */
 package net.schmizz.sshj.transport;

+import com.hierynomus.sshj.key.KeyAlgorithm;
 import com.hierynomus.sshj.transport.IdentificationStringParser;
 import net.schmizz.concurrent.ErrorDeliveryUtil;
 import net.schmizz.concurrent.Event;
@@ -30,6 +31,7 @@ import org.slf4j.Logger;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.util.List;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.ReentrantLock;

@@ -39,6 +41,7 @@ import java.util.concurrent.locks.ReentrantLock;
 public final class TransportImpl
        implements Transport, DisconnectListener {

+
    private static final class NullService
            extends AbstractService {

@@ -86,6 +89,8 @@ public final class TransportImpl

    private final Decoder decoder;

+    private List<KeyAlgorithm> keyAlgorithms;
+
    private final Event<TransportException> serviceAccept;

    private final Event<TransportException> close;
@@ -649,4 +654,18 @@ public final class TransportImpl
        return connInfo;
    }

+    @Override
+    public KeyAlgorithm getKeyAlgorithm(KeyType keyType) throws TransportException {
+        for (KeyAlgorithm ka : keyAlgorithms) {
+            if (ka.getKeyFormat().equals(keyType)) {
+                return ka;
+            }
+        }
+
+        throw new TransportException("Cannot find an available KeyAlgorithm for type " + keyType);
+    }
+
+    public void setKeyAlgorithms(List<KeyAlgorithm> keyAlgorithms) {
+        this.keyAlgorithms = keyAlgorithms;
+    }
 }
--- a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java
+++ b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java
@@ -78,8 +78,8 @@ public abstract class AbstractDHG extends AbstractDH
        digest.update(buf.array(), buf.rpos(), buf.available());
        H = digest.digest();

-        Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(),
-                                                        KeyType.fromKey(hostKey).toString());
+
+        Signature signature = trans.getKeyAlgorithm(KeyType.fromKey(hostKey)).newSignature();
        signature.initVerify(hostKey);
        signature.update(H, 0, H.length);
        if (!signature.verify(sig))
--- a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java
+++ b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHGex.java
@@ -15,6 +15,7 @@
 */
 package net.schmizz.sshj.transport.kex;

+import com.hierynomus.sshj.key.KeyAlgorithm;
 import net.schmizz.sshj.common.*;
 import net.schmizz.sshj.signature.Signature;
 import net.schmizz.sshj.transport.Transport;
@@ -30,9 +31,9 @@ import java.security.GeneralSecurityException;
 public abstract class AbstractDHGex extends AbstractDH {
    private final Logger log = LoggerFactory.getLogger(getClass());

-    private int minBits = 1024;
-    private int maxBits = 8192;
-    private int preferredBits = 2048;
+    private final int minBits = 1024;
+    private final int maxBits = 8192;
+    private final int preferredBits = 2048;

    public AbstractDHGex(Digest digest) {
        super(new DH(), digest);
@@ -84,8 +85,8 @@ public abstract class AbstractDHGex extends AbstractDH {
                .putMPInt(k);
        digest.update(buf.array(), buf.rpos(), buf.available());
        H = digest.digest();
-        Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(),
-                KeyType.fromKey(hostKey).toString());
+        KeyAlgorithm keyAlgorithm = trans.getKeyAlgorithm(KeyType.fromKey(hostKey));
+        Signature signature = keyAlgorithm.newSignature();
        signature.initVerify(hostKey);
        signature.update(H, 0, H.length);
        if (!signature.verify(sig))
--- a/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java
+++ b/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java
@@ -15,11 +15,12 @@
 */
 package net.schmizz.sshj.userauth.method;

+import com.hierynomus.sshj.key.KeyAlgorithm;
 import net.schmizz.sshj.common.Buffer;
-import net.schmizz.sshj.common.Factory;
 import net.schmizz.sshj.common.KeyType;
 import net.schmizz.sshj.common.SSHPacket;
 import net.schmizz.sshj.signature.Signature;
+import net.schmizz.sshj.transport.TransportException;
 import net.schmizz.sshj.userauth.UserAuthException;
 import net.schmizz.sshj.userauth.keyprovider.KeyProvider;

@@ -47,9 +48,15 @@ public abstract class KeyedAuthMethod
        }

        // public key as 2 strings: [ key type | key blob ]
-        reqBuf.putString(KeyType.fromKey(key).toString())
-              .putString(new Buffer.PlainBuffer().putPublicKey(key).getCompactData());
-        return reqBuf;
+        KeyType keyType = KeyType.fromKey(key);
+        try {
+            KeyAlgorithm ka = params.getTransport().getKeyAlgorithm(keyType);
+            reqBuf.putString(ka.getKeyAlgorithm())
+                    .putString(new Buffer.PlainBuffer().putPublicKey(key).getCompactData());
+            return reqBuf;
+        } catch (IOException ioe) {
+            throw new UserAuthException("No KeyAlgorithm configured for key " + keyType);
+        }
    }

    protected SSHPacket putSig(SSHPacket reqBuf)
@@ -61,17 +68,20 @@ public abstract class KeyedAuthMethod
            throw new UserAuthException("Problem getting private key from " + kProv, ioe);
        }

-        final String kt = KeyType.fromKey(key).toString();
-        Signature signature = Factory.Named.Util.create(params.getTransport().getConfig().getSignatureFactories(), kt);
-        if (signature == null)
-            throw new UserAuthException("Could not create signature instance for " + kt + " key");
+        final KeyType kt = KeyType.fromKey(key);
+        Signature signature;
+        try {
+            signature = params.getTransport().getKeyAlgorithm(kt).newSignature();
+        } catch (TransportException e) {
+            throw new UserAuthException("No KeyAlgorithm configured for key " + kt);
+        }

        signature.initSign(key);
        signature.update(new Buffer.PlainBuffer()
                .putString(params.getTransport().getSessionID())
                .putBuffer(reqBuf) // & rest of the data for sig
                .getCompactData());
-        reqBuf.putSignature(kt, signature.encode(signature.sign()));
+        reqBuf.putSignature(signature.getSignatureName(), signature.encode(signature.sign()));
        return reqBuf;
    }