We are using SSHJ library for connecting to SFTP server using SSHv2. While connecting to the server we get below Negotiated algorithms:
net.schmizz.sshj.transport.KeyExchanger:234 - Negotiated algorithms: [ kex=diffie-hellman-group-exchange-sha256; sig=ssh-rsa; c2sCipher=aes128-cbc; s2cCipher=aes128-cbc; c2sMAC=hmac-sha1; s2cMAC=hmac-sha1; c2sComp=none; s2cComp=none; rsaSHA2Support=false ]
Our Requirement is to set the Cipher to AEAD_AES_x_GCM x=256,128 or AESx-CTR with HMAC-SHA2-y x=256,192,128 and y=512,256 . I tried to set the cipher through below implementation:
Config config = new DefaultConfig();
config.setCipherFactories(initCipherFactories());
SSHClient client = new SSHClient(config);
protected List<Factory.Named<Cipher>> initCipherFactories() {
List<Factory.Named<Cipher>> avail = new LinkedList<>(
Arrays.asList(new AES256CTR.Factory(), new AES256CBC.Factory()));
boolean warn = false;
// Ref. https://issues.apache.org/jira/browse/SSHD-24
// "AES256 and AES192 requires unlimited cryptography extension"
for (Iterator<Factory.Named<Cipher>> i = avail.iterator(); i.hasNext(); ) {
final Factory.Named<Cipher> f = i.next();
try {
final Cipher c = f.create();
final byte[] key = new byte[c.getBlockSize()];
final byte[] iv = new byte[c.getIVSize()];
c.init(Cipher.Mode.Encrypt, key, iv);
} catch (Exception e) {
warn = true;
i.remove();
e.printStackTrace();
}
}
if (warn)
log.warn("Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy");
return avail;
}
Can you tell me new AES256CTR.Factory(), new AES256CBC.Factory() these are deprecated in SSHJ library so what is came in place of this?