From f68742b25f19026c1fa63be32df0c2c3ca92b4ab Mon Sep 17 00:00:00 2001
From: Mike Lockwood <lockwood@google.com>
Date: Tue, 10 Jan 2012 14:24:22 -0800
Subject: ganymed-ssh2-build251beta1

Change-Id: I20dff4875333580185596fbef32a7edf4718017a
Signed-off-by: Mike Lockwood <lockwood@google.com>
---
 Android.mk                                         |   27 +
 FAQ.html                                           |  403 +++++
 HISTORY.txt                                        |  361 +++++
 LICENSE.txt                                        |   87 +
 MODULE_LICENSE_BSD                                 |    0
 README.txt                                         |   24 +
 examples/Basic.java                                |   87 +
 examples/BasicWithHTTPProxy.java                   |   98 ++
 examples/PortForwarding.java                       |  114 ++
 examples/PublicKeyAuthentication.java              |   77 +
 examples/SimpleVerifier.java                       |   56 +
 examples/SingleThreadStdoutStderr.java             |  138 ++
 examples/StdoutAndStderr.java                      |   86 +
 examples/SwingShell.java                           |  788 ++++++++++
 examples/UsingKnownHosts.java                      |   84 +
 overview.html                                      |   14 +
 pom.xml                                            |  138 ++
 src/main/java/ch/ethz/ssh2/ChannelCondition.java   |   64 +
 src/main/java/ch/ethz/ssh2/Connection.java         | 1368 ++++++++++++++++
 src/main/java/ch/ethz/ssh2/ConnectionInfo.java     |   56 +
 src/main/java/ch/ethz/ssh2/ConnectionMonitor.java  |   37 +
 src/main/java/ch/ethz/ssh2/DHGexParameters.java    |  124 ++
 src/main/java/ch/ethz/ssh2/HTTPProxyData.java      |   86 +
 src/main/java/ch/ethz/ssh2/HTTPProxyException.java |   32 +
 .../java/ch/ethz/ssh2/InteractiveCallback.java     |   58 +
 src/main/java/ch/ethz/ssh2/KnownHosts.java         |  951 +++++++++++
 src/main/java/ch/ethz/ssh2/LocalPortForwarder.java |   65 +
 .../java/ch/ethz/ssh2/LocalStreamForwarder.java    |   74 +
 src/main/java/ch/ethz/ssh2/PacketListener.java     |   14 +
 src/main/java/ch/ethz/ssh2/ProxyData.java          |   18 +
 src/main/java/ch/ethz/ssh2/SCPClient.java          |  232 +++
 src/main/java/ch/ethz/ssh2/SCPInputStream.java     |  133 ++
 src/main/java/ch/ethz/ssh2/SCPOutputStream.java    |   61 +
 src/main/java/ch/ethz/ssh2/SFTPException.java      |   93 ++
 src/main/java/ch/ethz/ssh2/SFTPInputStream.java    |   86 +
 src/main/java/ch/ethz/ssh2/SFTPOutputStream.java   |   67 +
 src/main/java/ch/ethz/ssh2/SFTPv3Client.java       | 1622 +++++++++++++++++++
 .../java/ch/ethz/ssh2/SFTPv3DirectoryEntry.java    |   41 +
 .../java/ch/ethz/ssh2/SFTPv3FileAttributes.java    |  148 ++
 src/main/java/ch/ethz/ssh2/SFTPv3FileHandle.java   |   46 +
 .../java/ch/ethz/ssh2/ServerHostKeyVerifier.java   |   34 +
 src/main/java/ch/ethz/ssh2/Session.java            |  460 ++++++
 src/main/java/ch/ethz/ssh2/StreamGobbler.java      |  256 +++
 src/main/java/ch/ethz/ssh2/Version.java            |   30 +
 .../ch/ethz/ssh2/auth/AuthenticationManager.java   |  438 ++++++
 src/main/java/ch/ethz/ssh2/channel/Channel.java    |  217 +++
 .../ethz/ssh2/channel/ChannelClosedException.java  |   25 +
 .../ch/ethz/ssh2/channel/ChannelInputStream.java   |   94 ++
 .../java/ch/ethz/ssh2/channel/ChannelManager.java  | 1660 ++++++++++++++++++++
 .../ch/ethz/ssh2/channel/ChannelOutputStream.java  |   79 +
 .../ch/ethz/ssh2/channel/IChannelWorkerThread.java |   16 +
 .../ch/ethz/ssh2/channel/LocalAcceptThread.java    |  139 ++
 .../ch/ethz/ssh2/channel/RemoteAcceptThread.java   |  105 ++
 .../ch/ethz/ssh2/channel/RemoteForwardingData.java |   20 +
 .../ethz/ssh2/channel/RemoteX11AcceptThread.java   |  246 +++
 .../java/ch/ethz/ssh2/channel/StreamForwarder.java |  116 ++
 .../java/ch/ethz/ssh2/channel/X11ServerData.java   |   19 +
 src/main/java/ch/ethz/ssh2/crypto/Base64.java      |  151 ++
 .../java/ch/ethz/ssh2/crypto/CryptoWishList.java   |   25 +
 src/main/java/ch/ethz/ssh2/crypto/KeyMaterial.java |   92 ++
 src/main/java/ch/ethz/ssh2/crypto/PEMDecoder.java  |  385 +++++
 .../ch/ethz/ssh2/crypto/PEMDecryptException.java   |   39 +
 .../java/ch/ethz/ssh2/crypto/PEMStructure.java     |   20 +
 .../java/ch/ethz/ssh2/crypto/SimpleDERReader.java  |  158 ++
 src/main/java/ch/ethz/ssh2/crypto/cipher/AES.java  |  697 ++++++++
 .../ch/ethz/ssh2/crypto/cipher/BlockCipher.java    |   20 +
 .../ssh2/crypto/cipher/BlockCipherFactory.java     |  130 ++
 .../java/ch/ethz/ssh2/crypto/cipher/BlowFish.java  |  402 +++++
 .../java/ch/ethz/ssh2/crypto/cipher/CBCMode.java   |   82 +
 .../java/ch/ethz/ssh2/crypto/cipher/CTRMode.java   |   65 +
 .../ethz/ssh2/crypto/cipher/CipherInputStream.java |  160 ++
 .../ssh2/crypto/cipher/CipherOutputStream.java     |  155 ++
 src/main/java/ch/ethz/ssh2/crypto/cipher/DES.java  |  372 +++++
 .../java/ch/ethz/ssh2/crypto/cipher/DESede.java    |  109 ++
 .../ch/ethz/ssh2/crypto/cipher/NullCipher.java     |   39 +
 .../java/ch/ethz/ssh2/crypto/dh/DhExchange.java    |  146 ++
 .../ch/ethz/ssh2/crypto/dh/DhGroupExchange.java    |  115 ++
 .../java/ch/ethz/ssh2/crypto/digest/Digest.java    |   28 +
 src/main/java/ch/ethz/ssh2/crypto/digest/HMAC.java |   98 ++
 .../ethz/ssh2/crypto/digest/HashForSSH2Types.java  |   96 ++
 src/main/java/ch/ethz/ssh2/crypto/digest/MAC.java  |   91 ++
 src/main/java/ch/ethz/ssh2/crypto/digest/MD5.java  |  271 ++++
 src/main/java/ch/ethz/ssh2/crypto/digest/SHA1.java |  667 ++++++++
 src/main/java/ch/ethz/ssh2/log/Logger.java         |   59 +
 .../packets/PacketChannelOpenConfirmation.java     |   70 +
 .../ssh2/packets/PacketChannelOpenFailure.java     |   70 +
 .../ssh2/packets/PacketChannelWindowAdjust.java    |   61 +
 .../ch/ethz/ssh2/packets/PacketDisconnect.java     |   60 +
 .../packets/PacketGlobalCancelForwardRequest.java  |   44 +
 .../ssh2/packets/PacketGlobalForwardRequest.java   |   44 +
 .../java/ch/ethz/ssh2/packets/PacketIgnore.java    |   62 +
 .../java/ch/ethz/ssh2/packets/PacketKexDHInit.java |   37 +
 .../ch/ethz/ssh2/packets/PacketKexDHReply.java     |   59 +
 .../ch/ethz/ssh2/packets/PacketKexDhGexGroup.java  |   54 +
 .../ch/ethz/ssh2/packets/PacketKexDhGexInit.java   |   37 +
 .../ch/ethz/ssh2/packets/PacketKexDhGexReply.java  |   59 +
 .../ethz/ssh2/packets/PacketKexDhGexRequest.java   |   43 +
 .../ssh2/packets/PacketKexDhGexRequestOld.java     |   37 +
 .../java/ch/ethz/ssh2/packets/PacketKexInit.java   |  167 ++
 .../java/ch/ethz/ssh2/packets/PacketNewKeys.java   |   50 +
 .../ssh2/packets/PacketOpenDirectTCPIPChannel.java |   59 +
 .../ssh2/packets/PacketOpenSessionChannel.java     |   66 +
 .../ch/ethz/ssh2/packets/PacketServiceAccept.java  |   58 +
 .../ch/ethz/ssh2/packets/PacketServiceRequest.java |   56 +
 .../ssh2/packets/PacketSessionExecCommand.java     |   50 +
 .../ethz/ssh2/packets/PacketSessionPtyRequest.java |   60 +
 .../ethz/ssh2/packets/PacketSessionStartShell.java |   39 +
 .../packets/PacketSessionSubsystemRequest.java     |   43 +
 .../ethz/ssh2/packets/PacketSessionX11Request.java |   56 +
 .../ch/ethz/ssh2/packets/PacketUserauthBanner.java |   64 +
 .../ethz/ssh2/packets/PacketUserauthFailure.java   |   56 +
 .../ssh2/packets/PacketUserauthInfoRequest.java    |   87 +
 .../ssh2/packets/PacketUserauthInfoResponse.java   |   38 +
 .../packets/PacketUserauthRequestInteractive.java  |   45 +
 .../ssh2/packets/PacketUserauthRequestNone.java    |   65 +
 .../packets/PacketUserauthRequestPassword.java     |   71 +
 .../packets/PacketUserauthRequestPublicKey.java    |   69 +
 src/main/java/ch/ethz/ssh2/packets/Packets.java    |  152 ++
 .../java/ch/ethz/ssh2/packets/TypesReader.java     |  179 +++
 .../java/ch/ethz/ssh2/packets/TypesWriter.java     |  164 ++
 src/main/java/ch/ethz/ssh2/sftp/AttrTextHints.java |   41 +
 src/main/java/ch/ethz/ssh2/sftp/AttribBits.java    |  132 ++
 src/main/java/ch/ethz/ssh2/sftp/AttribFlags.java   |  115 ++
 .../java/ch/ethz/ssh2/sftp/AttribPermissions.java  |   35 +
 src/main/java/ch/ethz/ssh2/sftp/AttribTypes.java   |   31 +
 src/main/java/ch/ethz/ssh2/sftp/ErrorCodes.java    |  107 ++
 src/main/java/ch/ethz/ssh2/sftp/OpenFlags.java     |  226 +++
 src/main/java/ch/ethz/ssh2/sftp/Packet.java        |  106 ++
 .../java/ch/ethz/ssh2/signature/DSAPrivateKey.java |   62 +
 .../java/ch/ethz/ssh2/signature/DSAPublicKey.java  |   49 +
 .../java/ch/ethz/ssh2/signature/DSASHA1Verify.java |  210 +++
 .../java/ch/ethz/ssh2/signature/DSASignature.java  |   35 +
 .../java/ch/ethz/ssh2/signature/RSAPrivateKey.java |   47 +
 .../java/ch/ethz/ssh2/signature/RSAPublicKey.java  |   35 +
 .../java/ch/ethz/ssh2/signature/RSASHA1Verify.java |  287 ++++
 .../java/ch/ethz/ssh2/signature/RSASignature.java  |   30 +
 .../ch/ethz/ssh2/transport/ClientServerHello.java  |  105 ++
 .../java/ch/ethz/ssh2/transport/KexManager.java    |  642 ++++++++
 .../java/ch/ethz/ssh2/transport/KexParameters.java |   28 +
 src/main/java/ch/ethz/ssh2/transport/KexState.java |   34 +
 .../ch/ethz/ssh2/transport/MessageHandler.java     |   18 +
 .../ch/ethz/ssh2/transport/NegotiateException.java |   16 +
 .../ethz/ssh2/transport/NegotiatedParameters.java  |   26 +
 .../ethz/ssh2/transport/TransportConnection.java   |  286 ++++
 .../ch/ethz/ssh2/transport/TransportManager.java   |  846 ++++++++++
 src/main/java/ch/ethz/ssh2/util/StringEncoder.java |   40 +
 .../java/ch/ethz/ssh2/util/TimeoutService.java     |  155 ++
 src/main/java/ch/ethz/ssh2/util/Tokenizer.java     |   54 +
 148 files changed, 22913 insertions(+)
 create mode 100644 Android.mk
 create mode 100644 FAQ.html
 create mode 100644 HISTORY.txt
 create mode 100644 LICENSE.txt
 create mode 100644 MODULE_LICENSE_BSD
 create mode 100644 README.txt
 create mode 100644 examples/Basic.java
 create mode 100644 examples/BasicWithHTTPProxy.java
 create mode 100644 examples/PortForwarding.java
 create mode 100644 examples/PublicKeyAuthentication.java
 create mode 100644 examples/SimpleVerifier.java
 create mode 100644 examples/SingleThreadStdoutStderr.java
 create mode 100644 examples/StdoutAndStderr.java
 create mode 100644 examples/SwingShell.java
 create mode 100644 examples/UsingKnownHosts.java
 create mode 100644 overview.html
 create mode 100644 pom.xml
 create mode 100644 src/main/java/ch/ethz/ssh2/ChannelCondition.java
 create mode 100644 src/main/java/ch/ethz/ssh2/Connection.java
 create mode 100644 src/main/java/ch/ethz/ssh2/ConnectionInfo.java
 create mode 100644 src/main/java/ch/ethz/ssh2/ConnectionMonitor.java
 create mode 100644 src/main/java/ch/ethz/ssh2/DHGexParameters.java
 create mode 100644 src/main/java/ch/ethz/ssh2/HTTPProxyData.java
 create mode 100644 src/main/java/ch/ethz/ssh2/HTTPProxyException.java
 create mode 100644 src/main/java/ch/ethz/ssh2/InteractiveCallback.java
 create mode 100644 src/main/java/ch/ethz/ssh2/KnownHosts.java
 create mode 100644 src/main/java/ch/ethz/ssh2/LocalPortForwarder.java
 create mode 100644 src/main/java/ch/ethz/ssh2/LocalStreamForwarder.java
 create mode 100644 src/main/java/ch/ethz/ssh2/PacketListener.java
 create mode 100644 src/main/java/ch/ethz/ssh2/ProxyData.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SCPClient.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SCPInputStream.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SCPOutputStream.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SFTPException.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SFTPInputStream.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SFTPOutputStream.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SFTPv3Client.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SFTPv3DirectoryEntry.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SFTPv3FileAttributes.java
 create mode 100644 src/main/java/ch/ethz/ssh2/SFTPv3FileHandle.java
 create mode 100644 src/main/java/ch/ethz/ssh2/ServerHostKeyVerifier.java
 create mode 100644 src/main/java/ch/ethz/ssh2/Session.java
 create mode 100644 src/main/java/ch/ethz/ssh2/StreamGobbler.java
 create mode 100644 src/main/java/ch/ethz/ssh2/Version.java
 create mode 100644 src/main/java/ch/ethz/ssh2/auth/AuthenticationManager.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/Channel.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/ChannelClosedException.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/ChannelInputStream.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/ChannelManager.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/ChannelOutputStream.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/IChannelWorkerThread.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/LocalAcceptThread.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/RemoteAcceptThread.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/RemoteForwardingData.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/RemoteX11AcceptThread.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/StreamForwarder.java
 create mode 100644 src/main/java/ch/ethz/ssh2/channel/X11ServerData.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/Base64.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/CryptoWishList.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/KeyMaterial.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/PEMDecoder.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/PEMDecryptException.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/PEMStructure.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/SimpleDERReader.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/AES.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipher.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipherFactory.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/BlowFish.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/CBCMode.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/CTRMode.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/CipherInputStream.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/CipherOutputStream.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/DES.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/DESede.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/cipher/NullCipher.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/dh/DhExchange.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/dh/DhGroupExchange.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/digest/Digest.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/digest/HMAC.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/digest/HashForSSH2Types.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/digest/MAC.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/digest/MD5.java
 create mode 100644 src/main/java/ch/ethz/ssh2/crypto/digest/SHA1.java
 create mode 100644 src/main/java/ch/ethz/ssh2/log/Logger.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketChannelOpenConfirmation.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketChannelOpenFailure.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketChannelWindowAdjust.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketDisconnect.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketGlobalCancelForwardRequest.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketGlobalForwardRequest.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketIgnore.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketKexDHInit.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketKexDHReply.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexGroup.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexInit.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexReply.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequest.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequestOld.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketKexInit.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketNewKeys.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketOpenDirectTCPIPChannel.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketOpenSessionChannel.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketServiceAccept.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketServiceRequest.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketSessionExecCommand.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketSessionPtyRequest.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketSessionStartShell.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketSessionSubsystemRequest.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketSessionX11Request.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketUserauthBanner.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketUserauthFailure.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoRequest.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoResponse.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestInteractive.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestNone.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestPassword.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestPublicKey.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/Packets.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/TypesReader.java
 create mode 100644 src/main/java/ch/ethz/ssh2/packets/TypesWriter.java
 create mode 100644 src/main/java/ch/ethz/ssh2/sftp/AttrTextHints.java
 create mode 100644 src/main/java/ch/ethz/ssh2/sftp/AttribBits.java
 create mode 100644 src/main/java/ch/ethz/ssh2/sftp/AttribFlags.java
 create mode 100644 src/main/java/ch/ethz/ssh2/sftp/AttribPermissions.java
 create mode 100644 src/main/java/ch/ethz/ssh2/sftp/AttribTypes.java
 create mode 100644 src/main/java/ch/ethz/ssh2/sftp/ErrorCodes.java
 create mode 100644 src/main/java/ch/ethz/ssh2/sftp/OpenFlags.java
 create mode 100644 src/main/java/ch/ethz/ssh2/sftp/Packet.java
 create mode 100644 src/main/java/ch/ethz/ssh2/signature/DSAPrivateKey.java
 create mode 100644 src/main/java/ch/ethz/ssh2/signature/DSAPublicKey.java
 create mode 100644 src/main/java/ch/ethz/ssh2/signature/DSASHA1Verify.java
 create mode 100644 src/main/java/ch/ethz/ssh2/signature/DSASignature.java
 create mode 100644 src/main/java/ch/ethz/ssh2/signature/RSAPrivateKey.java
 create mode 100644 src/main/java/ch/ethz/ssh2/signature/RSAPublicKey.java
 create mode 100644 src/main/java/ch/ethz/ssh2/signature/RSASHA1Verify.java
 create mode 100644 src/main/java/ch/ethz/ssh2/signature/RSASignature.java
 create mode 100644 src/main/java/ch/ethz/ssh2/transport/ClientServerHello.java
 create mode 100644 src/main/java/ch/ethz/ssh2/transport/KexManager.java
 create mode 100644 src/main/java/ch/ethz/ssh2/transport/KexParameters.java
 create mode 100644 src/main/java/ch/ethz/ssh2/transport/KexState.java
 create mode 100644 src/main/java/ch/ethz/ssh2/transport/MessageHandler.java
 create mode 100644 src/main/java/ch/ethz/ssh2/transport/NegotiateException.java
 create mode 100644 src/main/java/ch/ethz/ssh2/transport/NegotiatedParameters.java
 create mode 100644 src/main/java/ch/ethz/ssh2/transport/TransportConnection.java
 create mode 100644 src/main/java/ch/ethz/ssh2/transport/TransportManager.java
 create mode 100644 src/main/java/ch/ethz/ssh2/util/StringEncoder.java
 create mode 100644 src/main/java/ch/ethz/ssh2/util/TimeoutService.java
 create mode 100644 src/main/java/ch/ethz/ssh2/util/Tokenizer.java

diff --git a/Android.mk b/Android.mk
new file mode 100644
index 0000000..439bf71
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1,27 @@
+#
+# Copyright (C) 2011 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := $(call all-java-files-under,src)
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_MODULE:= ganymed-ssh2
+
+include $(BUILD_STATIC_JAVA_LIBRARY)
diff --git a/FAQ.html b/FAQ.html
new file mode 100644
index 0000000..ff51a79
--- /dev/null
+++ b/FAQ.html
@@ -0,0 +1,403 @@
+<html>
+<title>Ganymed SSH-2 for Java FAQ</title>
+<body>
+
+<a name="oben"></a>
+<h1>Ganymed SSH-2 for Java FAQ</h1>
+
+<p>
+This FAQ includes information regarding topics that were discussed in e-mails between developers and users
+of the Ganymed SSH-2 for Java library.
+</p>
+<p>
+Ganymed SSH-2 for Java homepage: <a href="http://www.cleondris.ch/opensource/ssh2/">http://www.cleondris.ch/opensource/ssh2/</a><br>
+Last update of FAQ: apr-16-2010.
+</p>
+<p>
+Please report bugs, typos and any kind of suggestions to Christian Plattner (christian.plattner at cleondris.ch).
+</p>
+
+<hr>
+
+<h2>Sections:</h2>
+
+<p>
+<ul>
+<li><a href="#env">When I start program XYZ with putty (or openssh, ..., whatever) then everything works.
+However, if I use "Session.execCommand", then XYZ behaves differently or does not work at all!</a></li>
+
+<li><a href="#blocking">My program sometimes hangs when I only read output from stdout!
+Or: can you explain me the story about the shared stdout/stderr window in the SSH-2 protocol?
+Or: what is this "StreamGobbler" thing all about?</a></li>
+
+<li><a href="#buffered">Why are the session's Input- and OutputStreams not buffered?</a></li>
+
+<li><a href="#sessioncommands">Why can't I execute several commands in one single session?</a></li>
+
+<li><a href="#sessionlimit">I cannot open more than 10 concurrent sessions (or SCP clients).</a></li>
+
+<li><a href="#passwordauth">Password authentication fails, I get "Authentication method password not
+supported by the server at this stage".</a></li>
+
+<li><a href="#puttygen">Why does public key authentication fail with my putty key?</a></li>
+
+<li><a href="#catmethod">I am sending data to a remote file using the "cat" method, but not all data is being written.</a></li>
+
+<li><a href="#pumptoremote">I want to pump data into a remote file, but the amount of data to be sent
+is not known at the time the transfer starts.</a></li>
+
+<li><a href="#swingshell">Do you have an example for the usage of feature XYZ?</a></li>
+
+<li><a href="#maven">Where is the official Maven repository?</a></li>
+
+</ul>
+</p>
+
+<hr><a name="env"></a><h2>When I start program XYZ with putty (or openssh, ..., whatever) then everything
+works. However, if I use "Session.execCommand", then XYZ behaves differently or does not work at all!</h2>
+
+<h3>Short answer:</h3>
+
+<p>
+The most often source of problems when executing a command with <tt>Session.execCommand()</tt>
+are missing/wrong set environment variables on the remote machine. Make sure that the minimum needed
+environment for XYZ is the same, independentely on how the shell is being invoked.
+</p>
+
+<p>
+Example quickfix for bash users:
+</p>
+
+<p>
+<ol>
+<li>Define all your settings in the file <tt><b>~/.bashrc</b></tt></li>
+<li>Make sure that the file <tt><b>~/.bash_profile</b></tt> only contains the line <tt><b>source
+~/.bashrc</b></tt>.</li>
+<li>Before executing <tt>Session.execCommand()</tt>, do NOT aquire any type of pseudo terminal in the
+session. Be prepared to consume stdout and stderr data.</li>
+</ol>
+</p>
+
+<p>
+<b>Note:</b> If you really want to mimic the behavior of putty, then don't use Session.execCommand(), 
+instead aquire a pty (pseudo terminal) and then start a shell (use <tt>Session.requestPTY()</tt> and
+<tt>Session.startShell()</tt>). You then have to communicate with the shell process at the other end
+through stdin and stdout. However, you also have to implement terminal logic (e.g., escape sequence
+handling (unless you use a "dumb" pty), "expect-send" logic (output parsing, shell prompt detection), etc.).
+</p>
+
+<h3>Long answer:</h3>
+
+<p>
+If you login by using putty, then putty will normally request a "xterm" pty and your assigned shell
+(e.g., bash) will be started (a so called "interactive login shell"). In contrast, if you use
+<tt>Session.execCommand()</tt> to start a command then (unless you ask for it) no pty will be aquired
+and the command will be given to the shell as an argument (with the shell's "-c" option).
+</p>
+
+<p>
+The way a shell is being invoked has an effect on the set of initialization files which will be read be the shell.
+</p>
+
+<p>
+To demonstrate the difference, try the following (from the command line, e.g., with an OpenSSH client):
+</p>
+
+<p>
+<ol>
+<li>Login interactively and print the environment with the "env" command:<br>&nbsp;<br>
+<tt><b>[user@host ~] ssh 127.0.0.1<br>
+[user@host ~] env</b></tt><br>&nbsp;<br>
+</li>
+<li>Let the ssh server execute the "env" command (equivalent to using <tt>Session.executeCommand()</tt>):<br>&nbsp;<br>
+<tt><b>[user@host ~] ssh 127.0.0.1 "env"</b></tt>
+</li>
+</ol>
+</p>
+
+<p>
+If you compare the two outputs, then you will (unless you have adjusted your shell's settings)
+observe different environments.
+</p>
+
+<p>
+<b>If you are interested in the details, then please read the <tt>INVOCATION</tt> section in man page
+for the bash shell. You may notice that the definitions of "interactive" and "non-interactive" 
+(and combinations with "login") are little bit tricky.</b>
+</p>
+
+[<a href="#oben">TOP</a>]
+
+<hr><a name="blocking"></a><h2>My program sometimes hangs when I only read output from stdout!
+Or: can you explain me the story about the shared stdout/stderr window in the SSH-2 protocol?
+Or: what is this "StreamGobbler" thing all about?</h2>
+
+<p>
+In the SSH-2 low level protocol, each channel (e.g., session) has a receive window. When the remote
+SSH daemon has filled up our receive window, it must wait until we have consumed the input and are ready to accept new data.
+</p>
+
+<p>
+Unfortunately, the SSH-2 protocol defines a shared window for stderr and stdout. As a consequence,
+if, for example, the remote process produces a lot of stderr data and you never consume it, then after
+some time the local receive window will be full and the sender is blocked. If you then try to read()
+from stdout, your call will be blocked: there is no stdout data (locally) available and the SSH daemon
+cannot send you any, since the receive window is full (you would have to read some stderr data first
+to "free" up space in the receive window).
+</p>
+
+<p>
+Fortunately, Ganymed SSH-2 uses a 30KB window - the above described scenario should be very rare.
+</p>
+
+<p>
+Many other SSH-2 client implementations just blindly consume any remotely produced data into a buffer
+which gets automatically extended - however, this can lead to another problem: in the extreme case
+the remote side can overflow you with data (e.g., leading to out of memory errors).
+</p>
+
+<p>
+What can you do about this?
+</p>
+
+<p>
+<ol>
+<li><b>Bad: Do nothing</b> - just work with stderr and stdout Inputstreams and hope that the 30KB
+window is enough for your application.</li>
+
+<li><b>Better, recommended for most users:</b> use two worker threads that consume remote stdout
+and stderr in parallel. Since you probably are not in the mood to program such a thing, you can use
+the StreamGobbler class supplied with Ganymed SSH-2. The Streamgobbler is a special InputStream that
+uses an internal worker thread to read and buffer internally all data produced by another InputStream.
+It is very simple to use:<br> <tt><b><pre>InputStream stdout = new StreamGobbler(mysession.getStdout());
+
+InputStream stderr = new StreamGobbler(mysession.getStderr());</pre></b></tt>
+You then can access stdout and stderr in any order, in the background the StreamGobblers will
+automatically consume all data from the remote side and store in an internal buffer.</li>
+
+<li><b>Advanced:</b> you are paranoid and don't like programs that automatically extend buffers
+without asking you. You then have to implement a state machine. The condition wait facility offered by
+<tt>Session.waitForCondition()</tt> is exactly what you need: you can use it to wait until either stdout
+or stderr data has arrived and can be consumed with the two InputStreams. You can either use the return value
+of <tt>Session.waitForCondition()</tt> or check with <tt>InputStream.available()</tt>
+(for stdout and stderr) which InputStream has data available (i.e., a <tt>read()</tt> call will not block).
+Be careful when wrapping the InputStreams, also do not concurrently call read() on the InputStreams while calling
+<tt>Session.waitForCondition()</tt> (unless you know what you are doing).<br>Please have a look a the
+<tt>SingleThreadStdoutStderr.java</tt> example.</li>
+
+<li><b>The lazy way:</b> you don't mind if stdout and stderr data is being mixed into the same
+stream. Just allocate a "dumb" pty and the server will hopefully not send you any data on the stderr
+stream anymore. <b>Note:</b> by allocating a pty, the shell used to execute the command will probably 
+behave differently in terms of initialization (see also <a href="#env">this question</a>).</li>
+</ol>
+</p>
+
+
+[<a href="#oben">TOP</a>]
+
+<hr><a name="buffered"></a><h2>Why are the session's Input- and OutputStreams not buffered?</h2>
+
+<p>
+If you need it, then this library offers quite a raw type of access to the SSH-2 protocol stack.
+Of course, many people don't need that kind of low level access. If you need buffered streams,
+then you should the do the same thing as you would probably do with the streams of a TCP socket:
+wrap them with instances of BufferedInputStream and BufferedOutputStream. In case you use
+StreamGobblers for the InputStreams, then you don't need any additional wrappers, since the
+StreamGobblers implement buffering already.
+</p>
+<p>
+This code snippet will probably work well for most people:
+</p>
+<p>
+<tt>
+<pre>
+InputStream stdout = new StreamGobbler(mysession.getStdout());
+InputStream stderr = new StreamGobbler(mysession.getStderr());
+OutputStream stdin = new BufferedOutputStream(mysession.getStdin(), 8192);
+</pre>
+</tt>
+</p>
+
+[<a href="#oben">TOP</a>]
+
+<hr><a name="sessioncommands"></a><h2>Why can't I execute several commands in one single session?</h2>
+<p>
+If you use <tt>Session.execCommand()</tt>, then you indeed can only execute only one command per session.
+This is not a restriction of the library, but rather an enforcement by the underlying SSH-2 protocol
+(a <tt>Session</tt> object models the underlying SSH-2 session).
+</p>
+<p>
+There are several solutions:
+</p>
+<p>
+<ul>
+<li><b>Simple: Execute several commands in one batch</b>, e.g., something like <tt>Session.execCommand("echo
+Hello && echo again")</tt>.</li>
+<li><b>Simple: The intended way: simply open a new session for each command</b> - once you have opened a
+connection, you can ask for as many sessions as you want, they are only a "virtual" construct.</li>
+<li><b>Advanced: Don't use <tt>Session.execCommand()</tt>, but rather aquire a shell with
+<tt>Session.startShell()</tt></b>. See also <a href="#env">this question</a>.</li>
+</ul>
+</p>
+
+
+[<a href="#oben">TOP</a>]
+
+<hr><a name="sessionlimit"></a><h2>I cannot open more than 10 concurrent sessions (or SCP clients).</h2>
+<p>
+You are probably using OpenSSH. By looking at their source code you will find out that there
+is a hard-coded constant called MAX_SESSIONS in the session.c file which is set to "10" by default.
+This is a per connection limit. Unfortunately, it is not a run-time tunable parameter.
+However, this limit has no effect on the number of concurrent port forwardings. Please note: this information
+is based on the OpenSSH 4.3 release.
+</p>
+<p>
+Possible solutions:
+<ul>
+<li>(a) Recompile your SSH daemon</li>
+<li>(b) Try to live with this limit and keep the number of concurrent sessions <= 10.</li>
+<li>(c) Distribute your sessions over multiple concurrent SSH connections.</li>
+</ul>
+</p>
+<p>
+Just for completeness: starting from release 210, the thrown exception may look as follows:<br>
+<tt>
+<pre>
+java.io.IOException: Could not open channel (The server refused to open the channel (SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, 'open failed'))
+</pre>
+</tt>
+</p>
+
+[<a href="#oben">TOP</a>]
+
+<hr><a name="passwordauth"></a><h2>Password authentication fails, I get "Authentication method password
+not supported by the server at this stage".</h2>
+
+<p>
+Many default SSH server installations are configured to refuse the authentication type "password".
+Often, they only accept "publickey" and "keyboard-interactive". You have different options:
+</p>
+
+<p>
+<ul>
+<li><b>Enable password authentication.</b> E.g., in case of OpenSSH on Fedora, edit
+<code>/etc/sshd/sshd_config</code> and change the value of "PasswordAuthentication" to "yes",
+then send a HUP signal to the daemon so that it re-reads its configuration.</li>
+<li><b>Switch to public-key authentication.</b> Probably the best choice.</li>
+<li><b>Try to use keyboard-interactive authentication.</b> If you have a GUI that interacts with a user,
+then this is doable (check out the SwingShell.java example).</li>
+</ul>
+</p>
+
+<p>
+In general it is a good idea to call either <code>Connection.getRemainingAuthMethods()</code>
+or <code>Connection.isAuthMethodAvailable()</code> before using a certain authentication method.
+</p>
+
+<p>
+Please note that most servers let you in after one successful authentication step. However, in rare cases
+you may encounter servers that need several steps. I.e., if one of the <code>Connection.authenticateWithXXX()</code>
+methods returns <code>false</code> and <code>Connection.isAuthenticationPartialSuccess()</code> returns
+<code>true</code>, then further authentication is needed. For each step, to find out which authentication methods
+may proceed, you can use either the <code>Connection.getRemainingAuthMethods()</code> 
+or the <code>Connection.isAuthMethodAvailable()</code> method. Again, please have a look into the
+SwingShell.java example.
+</p>
+
+[<a href="#oben">TOP</a>]
+
+<hr><a name="puttygen"></a><h2>Why does public key authentication fail with my putty key?</h2>
+<p>
+When using putty private keys (e.g., .ppk files) with public key authentication, you get a
+"Publickey authentication failed" exception. The reason is that the library currently is not able to
+directly handle private keys in the proprietary format used by putty. However, you can use the
+"puttygen" tool (from the putty website) to convert your key to the desired format: load your key,
+then go to the conversions menu and select "Save OpenSSH key" (which saves the key in openssl PEM format,
+e.g., call it "private.pem").
+</p>
+
+[<a href="#oben">TOP</a>]
+
+<hr><a name="catmethod"></a><h2>I am sending data to a remote file using the "cat" method, but not all data is being written.</h2>
+<p>
+Please read carefully the answer to the following <a href="#pumptoremote">question</a>.
+</p>
+
+[<a href="#oben">TOP</a>]
+
+
+<hr><a name="pumptoremote"></a><h2>I want to pump data into a remote file, but the amount of data to be sent
+is not known at the time the transfer starts.</h2>
+<p>
+The SCP protocol communicates the amount of data to be sent at the start of the transfer,
+so SCP remains out of consideration. Possible other solutions:
+<ul>
+<li>Use the SFTP client. Recommended.</li>
+<li>Execute "cat > filename.txt" on the remote side and pump the data into stdin. This method is NOT recommended (and won't work on Windows...).</li>
+</ul>
+</p>
+<p>
+Be careful if you use the "cat" approach, as it may happen that not all your data will be
+written. If you close the stdin stream and immediatelly close the session (or the whole connection) then
+some SSH servers do not send the pending data to the process being executed ("cat" in this case).
+You have to wait until "cat" has received the EOF and terminates before closing the session. However,
+waiting for the termination may not always work, since SSH servers sometimes "forget" to send the exit code
+of the remote process. The following code MAY work:
+</p>
+<p>
+<tt>
+<pre>
+Session sess = conn.openSession();
+sess.execCommand("cat > test.txt");
+OutputStream stdin = sess.getStdin();
+
+... out.write(...) ... out.write(...) ...
+
+/* The following flush() is only needed if you wrap the  */
+/* stdin stream (e.g., with a BufferedOutputStream).     */
+out.flush();
+
+/* Now let's send EOF */
+out.close();
+
+/* Let's wait until cat has finished                     */
+sess.waitForCondition(ChannelCondition.EXIT_STATUS, 2000);
+/* Better: put the above statement into a while loop!    */
+/* In ANY CASE: read the Javadocs for waitForCondition() */
+
+/* Show exit status, if available (otherwise "null")     */
+System.out.println("ExitCode: " + sess.getExitStatus());
+/* Now its hopefully safe to close the session           */
+sess.close();
+</pre>
+</tt>
+</p>
+<p>
+(Just a thought for another solution: execute <code>cat > test.txt && echo "FINISHED"</code>
+and wait until you get "FINISHED" on stdout... - try it on your own risk =)
+</p>
+
+[<a href="#oben">TOP</a>]
+
+<hr><a name="swingshell"></a><h2>Do you have an example for the usage of feature XYZ?</h2>
+<p>
+Please have at look at the examples section in the distribution, especially at the SwingShell.java example.
+</p>
+
+[<a href="#oben">TOP</a>]
+
+<hr><a name="maven"></a><h2>Where is the official Maven repository?</h2>
+<p>
+We regulary get requests for a Maven repository. Please note that <b>there is no such thing as an official Ganymed SSH-2 for Java Maven repository</b>.
+At the moment, we do not have the resources to support specific build systems (be it Maven or anything else). We know that others
+have setup (and not maintained) such repositories. However, we believe that you should
+download security related software only from a trusted source - in other words, download the precompiled .jar file from our website and add it to your
+project. This generic approach will work with every java development enviroment and build system.
+Last warning: please think twice before you use a foreign "repository" to "auto-update" security related components of your project.
+</p>
+
+[<a href="#oben">TOP</a>]
+
+</body>
+</html>
+
diff --git a/HISTORY.txt b/HISTORY.txt
new file mode 100644
index 0000000..7403412
--- /dev/null
+++ b/HISTORY.txt
@@ -0,0 +1,361 @@
+
+Release Notes:
+==============
+
+build???, 2011-06-??
+
+- Requires Java 5 or later.
+
+- Provide POM for Maven 3 build.
+
+- Performance gains with request parallelism in requests for read and write write operations in SFTPv3Client.
+
+- Bugfix for infinite timeout on socket connect.
+
+- SFTPInputStream and SFTPOutputStream to read or write from a SFTPv3FileHandle compatible with standard I/O operations in Java. 
+
+- SCPClient returning SCPInputStream and SCPOutputStream for get and put operations respectively compatible with stanard I/O operations in Java.
+
+- Option to attach a packet listener to SFTPv3Client for logging purposes.
+
+- Fixed a bug in KnownHosts.getPreferredServerHostkeyAlgorithmOrder (it always returned null, which is a valid return value but wrong).
+
+- Added accessor to query session state and isConnected() in SFTPv3Client returning a boolean
+
+- Adjusted channel window size
+
+- Custom PEMDecryptException to catch PEM decoding failure.
+
+- Option to pass custom user agent string for identification string.
+
+- Continue silently when invalid key is found in known hosts file.
+
+- Add support for file append mode in SFTPv3Client.
+
+- Option to pass charset for commands executed on the remote machine.
+
+build251beta1, 2010-08-23:
+
+- Due to the slightly changed semantics of Thread.interrupt() and Object.wait() in JDK 6,
+  the code had to be adapted in several places. Please do not use Ganymed SSH-2 build250
+  on JDK 6, as the Kex and Streamgobbler code may occasionally consume all CPU resources.
+  
+  Background: the JDK 6 javadocs for Object.wait say: "If the current thread is interrupted
+  by any thread before or while it is waiting, then an InterruptedException is thrown."
+  Unfortunately the Java 1.5 documentation does not say "before", only "while it is waiting".
+  
+  Thanks to Elias Horness.
+  
+build250, 2010-03-15:
+
+- Ganymed SSH-2 for Java is back.
+  The software can be downloaded from http://www.cleondris.ch/ssh2
+
+- Fixed the use of default platform character encodings.
+
+- Fixes for buggy servers.
+
+- Wait for the reply to the ServiceRequest packet before sending the next request.
+
+- Re-assign the interrupted flag after a InterruptedException.
+
+build211beta4, 2006-12-05: (never officially released)
+
+- Added Connection.sendIgnorePacket(...) methods which allow to send SSH_MSG_IGNORE packets.
+  Thanks to Andrei Tchijov.
+
+- Added support for the "none" authentication method.
+
+- Revised the SHA-1 code. Highly optimized. Speed should be more than doubled.
+
+- Changed references to the correct RFCs (instead of the drafts) in the javadocs (where possible).
+
+- Fixed the write() method in the SFTP code. Unsatisfiable preconditions stopped the method
+  from writing any bytes. As stated in the documentation, the SFTP code is still experimental.
+  Thanks to Andreas Pueschel.
+
+- Added a new createLocalPortForwarder(InetSocketAddress addr, ...) method which allows to
+  specify the local address and port to bind to. Thanks to Andrei Tchijov.
+
+- Slightly updated the FAQ.
+
+build210, 2006-10-06:
+
+- Added HTTP proxy support. See Connection.setProxyData() and the HTTPProxyData class.
+  Thanks to Jean-Pierre Schmit for providing example code.
+  
+- Added basic support for SFTP (v3).
+  
+- Beta users: removed support for automatic split of huge read transfers in SFTP,
+  as it was not possible to return EOF in a clean way. The write method still splits huge
+  transfers (in blocks of 32768 bytes). Thanks to Zhong Li.
+  
+- SCP enhancement. It is now possible to specify an empty target directory name when sending
+  files. This is analogous to using "scp file user@host:" (thanks to Bernd Eggink).
+
+- SCP enhancement. It is now possible to receive a remote file and pipe it directly into
+  an OutputStream. Thanks to Bernd Eggink.
+
+- SCP enhancement. It is now possible to specify a different remote filename when sending
+  a file. Thanks to Thomas Tatzel.
+
+- Added more verbose error messages in case a channel open operation fails (e.g., resource
+  shortage on the server). Related to this, added a comment to the FAQ regarding the limitation
+  on the number of concurrent sessions per connection in OpenSSH. Thanks to Ron Warshawsky.
+
+- Added a feature (ConnectionMonitor) to get notified when a connection breaks.
+  Thanks to Daniel Ritz (Alcatel).
+
+- It is now possible to override the used SecureRandom instance (Connection.setSecureRandom()).
+
+- Added getters for the server's hostname and port to the Connection class.
+
+- Added examples for HTTP proxy usage as well as local/remote port forwarding.
+
+- Added support for SSH_MSG_KEX_DH_GEX_REQUEST_OLD in the DHGexParameters class (there
+  is a new, additional constructor). Please check the Javadoc for DHGexParameters.
+
+- Clarified in the javadoc the issue of re-using Connection objects. Changed the exception
+  message in case connect() is invoked on an already connected connection.
+
+- Added an entry to the FAQ regarding pumping data into remote files.
+  Thanks to Daniel Schwager.
+
+- Changed JDialog.show() to JDialog.setVisible(true) in the SwingShell example.
+  The show() method is deprecated in Java 5.0. Thanks to Carlo Dapor.
+
+- Fixed the behavior of the local port forwarder code. Trying to listen on an already bound port
+  will not fail silently anymore. Also, the accept thread will continue accepting connections
+  even if there was a problem with the establishment of the underlying ssh-forwarding of a
+  previous incoming connection (e.g., one tried to establish a forwarding to a remote port that
+  is not in state open (yet)). Thanks to Claudio Nieder (Inodes, Switzerland) and
+  Daniel Ritz (Alcatel) for pointing this out.
+  Note: the interface for managing port forwardings needs to be further improved.
+
+- Tried to implement a workaround for the Sun JVM bug 5092063. Changed InetAddress.getByAddress(byte[])
+  in the "TransportManager.parseIPv4Address" method (which already is a workaround for JDK's that
+  use the resolver for dotted IP addresses, independently from the 5092063 bug) to
+  InetAddress.getByAddress(String, byte[]). Thanks to Alain Philipin.
+
+- Fixed a bug in KnownHosts.addHostkeyToFile. Hostnames were converted to lowercase which is
+  not good in case of hashed hostnames (it leads to a different BASE64 encoding and therefore
+  hashes won't match). Thanks to [unknown].
+
+- Fixed a typo in the SCP client (tag for modification times is 'T' and not 'P').
+  Thanks to Andreas Sahlbach.
+
+- Stupid performance enhancement in the Logger, it did unnecessary calls to System.currentTimeMillis().
+
+- The LICENCE.txt file is now also included in the pre-compiled jar. Of course, redistributions in
+  binary form must *still* include the contents of LICENCE.txt in the documentation and/or other
+  materials provided with the distribution.
+  
+- Small cleanups in the TransportManager code.
+
+build209, 2006-02-14:
+
+- A major release, many new features. Thanks to all who supported me with feedback!
+
+- Added remote port forwarding support.
+  Please consult the docs for Connection.requestRemotePortForwarding().
+
+- Added X11 forwarding support. Please consult Session.requestX11Forwarding().
+  X11 support is based on joint work with Simon Hartl (simon.hartl (at) gmx.net). Thanks, Simon!
+
+- The SCPClient constructor is now public. The factory method is still there (in the Connection
+  class), however, it will probably be marked as deprecated and eventually be removed in the future.
+
+- Added startSubSystem() method to the Session class. Now it is possible to implement subsystems,
+  e.g., sftp, outside of the library.
+
+- For advanced users: there is now a much better condition wait interface in the Session class.
+  It is now also possible to wait for the arrival of "exit-status" and "exit-signal".
+  The Session.waitUntilDataAvailable() method still works, but is marked as deprecated.
+
+  Users that used the beta version, please be aware of the following change: calling the close()
+  method on a Session object will immediatelly raise the ChannelCondition.CLOSED/EOF conditions
+  on the underlying channel - even though the remote side may not have yet responded with a
+  SSH_MSG_CHANNEL_CLOSE message (however, in the background the library still expects the server
+  to send the SSH_MSG_CHANNEL_CLOSE message). See below for an explanation.
+
+- The behavior of Session.close() has changed. If you *kill* a Session (i.e., call Session.close()
+  before EOF (or CLOSE) has been sent by the remote side), then immediatelly EOF will (locally)
+  be raised for both stdout and stderr. Further incoming data (for that particular Session) will
+  be ignored. However, remote data that arrived before we sent our SSH_MSG_CHANNEL_CLOSE message
+  is still available (you can think of having appended the EOF marker to the end of the local
+  incoming stdout and stderr queues).
+  
+  The reason to do this is simply because some SSH servers do sometimes not reply to our
+  SSH_MSG_CHANNEL_CLOSE message (event though they should). As a consequence, a local reader may
+  wait forever for the remote SSH_MSG_CHANNEL_EOF or SSH_MSG_CHANNEL_CLOSE messages to arrive.
+  If you are interested, then you can try to reproduce the problem: Execute something like
+  "tail -f /dev/null" (which should do nothing forever) and then concurrently close the Session
+  (enable debug mode to see the SSH packets on the wire) to check how standard compliant your server
+  implementation is). Thanks to Cristiano Sadun.
+
+- The Session code does not anymore make use of the synchronized attribute for any of its methods.
+  This has the advantage that a call to Session.close() will never by blocked by concurrent
+  calls to the Session object. However, note that in the worst case the call may still block until
+  we can send our SSH_MSG_CHANNEL_CLOSE over the TCP connection.
+
+- The SCP client can now also be used to directly inject the contents of a given byte array
+  into a remote file (thanks to Dieter Baier for suggesting this).
+
+- Added support for specifying timeouts for connection establishment.
+  Thanks to Rob Hasselbaum and Ben XYZ.
+
+- Performance improvement: we use only a single SecureRandom object per connection
+  (until now there were multiple instances).
+
+- Fixed the Swingshell example program, it did not read in the known_hosts file on startup.
+  (thanks to Ashwani Kumar).
+
+- There was a typo in the CBCMode class (srcoff was ignored), however since we always pass
+  a zero offset the bug did not show up (thanks to Alex Pakhomov).
+
+- While implementing X11 support, found a strange X11 bug in OpenSSH (reported, openssh bug 1076).
+  12.10.2005: has been fixed for OpenSSH 4.3 by the OpenSSH crowd.
+
+- Changed the SingleThreadStdoutStderr example so that it uses the new condition wait interface.
+
+- Efficiently handle IPv4 addresses (when creating the underlying socket), there was a report
+  that some JDK's try to lookup dotted addresses with the resolver.
+  (thanks to Alexander Kitaev).
+
+- Added setTCPNoDelay() method to the Connection class.
+
+- Improved handling of unsupported global/channel requests received from the server.
+
+- The KEX code is now more robust. Also, the ServerHostKeyVerifier callback (if specified) will be called
+  before doing any DH calculation.
+
+- Major cleanup (i.e., rewrite) of the SSH channel code.
+
+- Cleanup up Session class, removed unnecessary IOExceptions.
+
+- Implemented 2^32-1 conformance for channel windows.
+
+- I got several times questions by e-mail from people that have problems with "putty" keys.
+  Added an entry to the FAQ.
+
+- Added an entry to the FAQ regarding how to handle servers with disabled password authentication
+  (thanks to Nicolas Raoul).
+
+- Upcoming: SFTP support (in the meantime almost a running gag).
+
+- Changed the name from "Ganymed SSH2" to "Ganymed SSH-2". Will this improve the G**gle ranking? =)
+
+- Latest javadoc is now also online.
+
+
+build208, 2005-08-24:
+
+- Added support for RSA private keys (PEM format), also revised code for RSA signature verification.
+
+- Extended support for encrypted PEM files.
+  Supported encryptions: DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC and AES-256-CBC.
+  
+- Added rather complete support for known_hosts files (in KnownHosts.java).
+  The parser is able to understand the same pseudo-regex (*,?,!) syntax as OpenSSH clients.
+  The class includes support for hostkey comparison as well as functionality to add accepted keys
+  to a known_hosts file. One can also create OpenSSH compatible fingerprints (Hex and Bubblebabble).
+  Hashed hostname entries are understood and can also be generated.
+  
+- Restructured the examples section, added more examples. The examples should cover most issues.
+  There is also a _very_ basic terminal emulator, see SwingShell.java.
+
+- It is now possible to override the default server hostkey algorithm order (for the key exchange)
+  with the Connection.setServerHostKeyAlgorithms method. This makes sense in combination with
+  known_hosts support (e.g., if you already know the server's public ssh-dss key, then
+  you probably prefer the "ssh-dss" over the "ssh-rsa" algorithm).
+  The used server hostkey algorithm is now also reflected in ConnectionInfo.
+
+- The default server hostkey algorithm order is now "ssh-rsa", "ssh-dss".
+
+- Important: revised Input- and OutputStream code, everything is now unbuffered
+  (less memory consumption, more direct interface, see also StreamGobbler class and the FAQ).
+
+- Added StreamGobbler helper class.
+
+- Method verifyServerHostKey() in the ServerHostKeyVerifier may now throw exceptions
+  (an alternative to returning "false").
+
+- All background threads (the per-connection receive thread as well as all threads
+  used in forwarders and StreamGobblers) now use setDaemon(true) on startup.
+
+- Added "diffie-hellman-group14-sha1" support to the key exchange code.
+
+- Added chained IOExceptions where applicable (IOException initialization with initCause()).
+
+- Cleaned up packet building code, removed unnecessary server-side methods.
+
+- Cleaned up javadoc of SCPClient: replaced umask with mode.
+
+- Fixed a bug in the server identification string parser. This actually prevented a successful
+  key exchange with some ssh servers (the server's signature was rejected).
+  Thanks to Alex Molochnikov for the initial bug report and for helping in tracking down the issue.
+
+- Fixed a buffer re-allocation bug in the beta version of the StreamGobbler class
+  (thanks to Marc Lijour).
+
+- Fixed flawed UINT64 support (thanks to Bob Simons).
+
+- Fixed a bug in the build script of the beta builds (sftp beta directory was not completely removed)
+  (thanks to Richard Hash).
+
+- Use zero based padding for unencrypted traffic.
+
+- Changed again the client identification string (the one presented to the server).
+
+- Created a FAQ, available on the website and in the distribution.
+  
+- Revised javadoc comments. Also, the generated documentation is now located in the subdirectory
+  "javadoc" instead of "doc" (in the distribution).
+
+- Added README.txt to the distribution.
+
+
+build207, 2005-07-21:
+
+- Added "Keyboard Interactive" authentication method:
+  authenticateWithKeyboardInteractive() in Connection.java,
+  also have a look at InteractiveCallback.java.
+
+- Extended authentication interface in Connection.java (backwards compatible).
+  New functionality: getRemainingAuthMethods(), isAuthMethodAvailable(),
+  isAuthenticationComplete() and isAuthenticationPartialSuccess().
+
+- Using an authentication method not supported by the server leads now to an exception
+  (instead of returning "false"). Use isAuthMethodAvailable() if you want to check
+  for the availability of an authentication method.
+
+- Fixed a bug in SCPClient which sometimes lead to failed downloads.
+
+- Improved channel window handling.
+
+- Removed bogus (CVS) version string from Connection.java
+
+- Changed client identification string to "Ganymed_buildXXX".
+
+- Changed the jar file naming scheme (ganymed-ssh2-buildXXX.jar).
+
+- Started adding logging support for debugging purposes (currently only for development).
+
+- Cleanup of javadoc and comments at several places.
+
+- Reversed order of entries in HISTORY.TXT
+
+
+build206, 2005-07-04:
+
+- Fixed small resource issue with SCP (thanks to Michaël Giraud).
+
+- Added LocalStreamForwarder.
+
+- Added HISTORY.TXT
+
+
+build205, 2005-06-27:
+
+- Initial release.
+
diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000..ac57b97
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,87 @@
+Copyright (c) 2006 - 2011 Christian Plattner. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+a.) Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+b.) Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+c.) Neither the name of Christian Plattner nor the names of its contributors may
+    be used to endorse or promote products derived from this software
+    without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+
+This software includes work that was released under the following license:
+
+Copyright (c) 2005 - 2006 Swiss Federal Institute of Technology (ETH Zurich),
+  Department of Computer Science (http://www.inf.ethz.ch),
+  Christian Plattner. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+a.) Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+b.) Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+c.) Neither the name of ETH Zurich nor the names of its contributors may
+    be used to endorse or promote products derived from this software
+    without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+
+The Java implementations of the AES, Blowfish and 3DES ciphers have been
+taken (and slightly modified) from the cryptography package released by
+"The Legion Of The Bouncy Castle".
+
+Their license states the following:
+
+Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
+(http://www.bouncycastle.org)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE. 
+
diff --git a/MODULE_LICENSE_BSD b/MODULE_LICENSE_BSD
new file mode 100644
index 0000000..e69de29
diff --git a/README.txt b/README.txt
new file mode 100644
index 0000000..714460f
--- /dev/null
+++ b/README.txt
@@ -0,0 +1,24 @@
+
+Ganymed SSH-2 for Java - build 251 beta1
+========================================
+
+http://www.cleondris.ch/opensource/ssh2/
+
+Ganymed SSH-2 for Java is a library which implements the SSH-2 protocol in pure Java
+(tested on J2SE 1.4.2, 5 and 6). It allows one to connect to SSH servers from within
+Java programs. It supports SSH sessions (remote command execution and shell access),
+local and remote port forwarding, local stream forwarding, X11 forwarding, SCP and SFTP.
+There are no dependencies on any JCE provider, as all crypto functionality is included.
+
+Ganymed SSH-2 for Java was originally developed for the Ganymed replication project
+and a couple of other projects at the IKS group at ETH Zurich (Switzerland).
+
+This distribution contains the source code, examples, javadoc and the FAQ.
+It also includes a pre-compiled jar version of the library which is ready to use.
+
+- Please read the included LICENCE.txt
+- Latest changes can be found in HISTORY.txt
+
+The latest version of the FAQ is available on the website.
+
+Zurich, August 2010
diff --git a/examples/Basic.java b/examples/Basic.java
new file mode 100644
index 0000000..99de4e3
--- /dev/null
+++ b/examples/Basic.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+import ch.ethz.ssh2.Connection;
+import ch.ethz.ssh2.Session;
+import ch.ethz.ssh2.StreamGobbler;
+
+public class Basic
+{
+	public static void main(String[] args)
+	{
+		String hostname = "127.0.0.1";
+		String username = "joe";
+		String password = "joespass";
+
+		try
+		{
+			/* Create a connection instance */
+
+			Connection conn = new Connection(hostname);
+
+			/* Now connect */
+
+			conn.connect();
+
+			/* Authenticate.
+			 * If you get an IOException saying something like
+			 * "Authentication method password not supported by the server at this stage."
+			 * then please check the FAQ.
+			 */
+
+			boolean isAuthenticated = conn.authenticateWithPassword(username, password);
+
+			if (isAuthenticated == false)
+				throw new IOException("Authentication failed.");
+
+			/* Create a session */
+
+			Session sess = conn.openSession();
+
+			sess.execCommand("uname -a && date && uptime && who");
+
+			System.out.println("Here is some information about the remote host:");
+
+			/* 
+			 * This basic example does not handle stderr, which is sometimes dangerous
+			 * (please read the FAQ).
+			 */
+
+			InputStream stdout = new StreamGobbler(sess.getStdout());
+
+			BufferedReader br = new BufferedReader(new InputStreamReader(stdout));
+
+			while (true)
+			{
+				String line = br.readLine();
+				if (line == null)
+					break;
+				System.out.println(line);
+			}
+
+			/* Show exit status, if available (otherwise "null") */
+
+			System.out.println("ExitCode: " + sess.getExitStatus());
+
+			/* Close this session */
+
+			sess.close();
+
+			/* Close the connection */
+
+			conn.close();
+
+		}
+		catch (IOException e)
+		{
+			e.printStackTrace(System.err);
+			System.exit(2);
+		}
+	}
+}
diff --git a/examples/BasicWithHTTPProxy.java b/examples/BasicWithHTTPProxy.java
new file mode 100644
index 0000000..8c34ec8
--- /dev/null
+++ b/examples/BasicWithHTTPProxy.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+import ch.ethz.ssh2.Connection;
+import ch.ethz.ssh2.HTTPProxyData;
+import ch.ethz.ssh2.Session;
+import ch.ethz.ssh2.StreamGobbler;
+
+public class BasicWithHTTPProxy
+{
+	public static void main(String[] args)
+	{
+		String hostname = "my-ssh-server";
+		String username = "joe";
+		String password = "joespass";
+
+		String proxyHost = "192.168.1.1";
+		int proxyPort = 3128; // default port used by squid
+
+		try
+		{
+			/* Create a connection instance */
+
+			Connection conn = new Connection(hostname);
+
+			/* We want to connect through a HTTP proxy */
+
+			conn.setProxyData(new HTTPProxyData(proxyHost, proxyPort));
+
+			// if the proxy requires basic authentication:
+			// conn.setProxyData(new HTTPProxyData(proxyHost, proxyPort, "username", "secret"));
+
+			/* Now connect (through the proxy) */
+
+			conn.connect();
+
+			/* Authenticate.
+			 * If you get an IOException saying something like
+			 * "Authentication method password not supported by the server at this stage."
+			 * then please check the FAQ.
+			 */
+
+			boolean isAuthenticated = conn.authenticateWithPassword(username, password);
+
+			if (isAuthenticated == false)
+				throw new IOException("Authentication failed.");
+
+			/* Create a session */
+
+			Session sess = conn.openSession();
+
+			sess.execCommand("uname -a && date && uptime && who");
+
+			System.out.println("Here is some information about the remote host:");
+
+			/* 
+			 * This basic example does not handle stderr, which is sometimes dangerous
+			 * (please read the FAQ).
+			 */
+
+			InputStream stdout = new StreamGobbler(sess.getStdout());
+
+			BufferedReader br = new BufferedReader(new InputStreamReader(stdout));
+
+			while (true)
+			{
+				String line = br.readLine();
+				if (line == null)
+					break;
+				System.out.println(line);
+			}
+
+			/* Show exit status, if available (otherwise "null") */
+
+			System.out.println("ExitCode: " + sess.getExitStatus());
+
+			/* Close this session */
+
+			sess.close();
+
+			/* Close the connection */
+
+			conn.close();
+
+		}
+		catch (IOException e)
+		{
+			e.printStackTrace(System.err);
+			System.exit(2);
+		}
+	}
+}
diff --git a/examples/PortForwarding.java b/examples/PortForwarding.java
new file mode 100644
index 0000000..cb6d8d5
--- /dev/null
+++ b/examples/PortForwarding.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+import java.io.File;
+import java.io.IOException;
+
+import ch.ethz.ssh2.Connection;
+import ch.ethz.ssh2.LocalPortForwarder;
+
+public class PortForwarding
+{
+	public static void sleepSomeTime(long milliSeconds)
+	{
+		try
+		{
+			Thread.sleep(milliSeconds);
+		}
+		catch (InterruptedException e)
+		{
+		}
+	}
+
+	public static void main(String[] args)
+	{
+		String hostname = "127.0.0.1";
+		String username = "joe";
+
+		File keyfile = new File("~/.ssh/id_rsa"); // or "~/.ssh/id_dsa"
+		String keyfilePass = "joespass"; // will be ignored if not needed
+
+		try
+		{
+			/* Create a connection instance */
+
+			Connection conn = new Connection(hostname);
+
+			/* Now connect */
+
+			conn.connect();
+
+			/* Authenticate */
+
+			boolean isAuthenticated = conn.authenticateWithPublicKey(username, keyfile, keyfilePass);
+
+			if (isAuthenticated == false)
+				throw new IOException("Authentication failed.");
+
+			/* ===== OK, now let's establish some local port forwardings ===== */
+			
+			/* Example Port Forwarding: -L 8080:www.ethz.ch:80 (OpenSSH notation)
+			 * 
+			 * This works by allocating a socket to listen on 8080 on the local interface (127.0.0.1).
+			 * Whenever a connection is made to this port (127.0.0.1:8080), the connection is forwarded
+			 * over the secure channel, and a connection is made to www.ethz.ch:80 from the remote
+			 * machine (i.e., the ssh server).
+			 * 
+			 * (the above text is based partially on the OpenSSH man page)
+			 */
+
+			/* You can create as many of them as you want */
+			
+			LocalPortForwarder lpf1 = conn.createLocalPortForwarder(8080, "www.ethz.ch", 80);
+			
+			/* Now simply point your webbrowser to 127.0.0.1:8080 */
+			/* (on the host where you execute this program)                         */
+
+			/* ===== OK, now let's establish some remote port forwardings ===== */
+			
+			/* Example Port Forwarding: -R 127.0.0.1:8080:www.ganymed.ethz.ch:80 (OpenSSH notation)
+			 * 
+			 * Specifies that the port 127.0.0.1:8080 on the remote server is to be forwarded to the
+			 * given host and port on the local side.  This works by allocating a socket to listen to port
+			 * 8080 on the remote side (the ssh server), and whenever a connection is made to this port, the
+			 * connection is forwarded over the secure channel, and a connection is made to
+			 * www.ganymed.ethz.ch:80 by the Ganymed SSH-2 library.
+			 * 
+			 * (the above text is based partially on the OpenSSH man page)
+			 */
+
+			/* You can create as many of them as you want */
+			
+			conn.requestRemotePortForwarding("127.0.0.1", 8080, "www.ganymed.ethz.ch", 80);
+
+			/* Now, on the ssh server, if you connect to 127.0.0.1:8080, then the connection is forwarded
+			 * through the secure tunnel to the library, which in turn will forward the connection
+			 * to www.ganymed.ethz.ch:80. */
+
+			/* Sleep a bit... (30 seconds) */
+			sleepSomeTime(30000);
+
+			/* Stop accepting remote connections that are being forwarded to www.ganymed.ethz.ch:80 */
+
+			conn.cancelRemotePortForwarding(8080);
+
+			/* Sleep a bit... (20 seconds) */
+			sleepSomeTime(20000);
+
+			/* Stop accepting connections on 127.0.0.1:8080 that are being forwarded to www.ethz.ch:80 */
+
+			lpf1.close();
+			
+			/* Close the connection */
+
+			conn.close();
+
+		}
+		catch (IOException e)
+		{
+			e.printStackTrace(System.err);
+			System.exit(2);
+		}
+	}
+}
diff --git a/examples/PublicKeyAuthentication.java b/examples/PublicKeyAuthentication.java
new file mode 100644
index 0000000..e6649fa
--- /dev/null
+++ b/examples/PublicKeyAuthentication.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+import ch.ethz.ssh2.Connection;
+import ch.ethz.ssh2.Session;
+import ch.ethz.ssh2.StreamGobbler;
+
+public class PublicKeyAuthentication
+{
+	public static void main(String[] args)
+	{
+		String hostname = "127.0.0.1";
+		String username = "joe";
+
+		File keyfile = new File("~/.ssh/id_rsa"); // or "~/.ssh/id_dsa"
+		String keyfilePass = "joespass"; // will be ignored if not needed
+
+		try
+		{
+			/* Create a connection instance */
+
+			Connection conn = new Connection(hostname);
+
+			/* Now connect */
+
+			conn.connect();
+
+			/* Authenticate */
+
+			boolean isAuthenticated = conn.authenticateWithPublicKey(username, keyfile, keyfilePass);
+
+			if (isAuthenticated == false)
+				throw new IOException("Authentication failed.");
+
+			/* Create a session */
+
+			Session sess = conn.openSession();
+
+			sess.execCommand("uname -a && date && uptime && who");
+
+			InputStream stdout = new StreamGobbler(sess.getStdout());
+
+			BufferedReader br = new BufferedReader(new InputStreamReader(stdout));
+
+			System.out.println("Here is some information about the remote host:");
+
+			while (true)
+			{
+				String line = br.readLine();
+				if (line == null)
+					break;
+				System.out.println(line);
+			}
+
+			/* Close this session */
+			
+			sess.close();
+
+			/* Close the connection */
+
+			conn.close();
+
+		}
+		catch (IOException e)
+		{
+			e.printStackTrace(System.err);
+			System.exit(2);
+		}
+	}
+}
diff --git a/examples/SimpleVerifier.java b/examples/SimpleVerifier.java
new file mode 100644
index 0000000..6ce67a2
--- /dev/null
+++ b/examples/SimpleVerifier.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+import ch.ethz.ssh2.KnownHosts;
+import ch.ethz.ssh2.ServerHostKeyVerifier;
+
+class SimpleVerifier implements ServerHostKeyVerifier
+{
+	KnownHosts database;
+
+	/*
+	 * This class is being used by the UsingKnownHosts.java example.
+	 */
+	
+	public SimpleVerifier(KnownHosts database)
+	{
+		if (database == null)
+			throw new IllegalArgumentException();
+
+		this.database = database;
+	}
+
+	public boolean verifyServerHostKey(String hostname, int port, String serverHostKeyAlgorithm, byte[] serverHostKey)
+			throws Exception
+	{
+		int result = database.verifyHostkey(hostname, serverHostKeyAlgorithm, serverHostKey);
+
+		switch (result)
+		{
+		case KnownHosts.HOSTKEY_IS_OK:
+
+			return true; // We are happy
+
+		case KnownHosts.HOSTKEY_IS_NEW:
+
+			// Unknown host? Blindly accept the key and put it into the cache.
+			// Well, you definitely can do better (e.g., ask the user).
+
+			// The following call will ONLY put the key into the memory cache!
+			// To save it in a known hosts file, also call "KnownHosts.addHostkeyToFile(...)"
+			database.addHostkey(new String[] { hostname }, serverHostKeyAlgorithm, serverHostKey);
+
+			return true;
+
+		case KnownHosts.HOSTKEY_HAS_CHANGED:
+
+			// Close the connection if the hostkey has changed.
+			// Better: ask user and add new key to database.
+			return false;
+
+		default:
+			throw new IllegalStateException();
+		}
+	}
+}
\ No newline at end of file
diff --git a/examples/SingleThreadStdoutStderr.java b/examples/SingleThreadStdoutStderr.java
new file mode 100644
index 0000000..10a4d96
--- /dev/null
+++ b/examples/SingleThreadStdoutStderr.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+import java.io.IOException;
+import java.io.InputStream;
+
+import ch.ethz.ssh2.ChannelCondition;
+import ch.ethz.ssh2.Connection;
+import ch.ethz.ssh2.Session;
+
+public class SingleThreadStdoutStderr
+{
+	public static void main(String[] args)
+	{
+		String hostname = "127.0.0.1";
+		String username = "joe";
+		String password = "joespass";
+
+		try
+		{
+			/* Create a connection instance */
+
+			Connection conn = new Connection(hostname);
+
+			/* Now connect */
+
+			conn.connect();
+
+			/* Authenticate */
+
+			boolean isAuthenticated = conn.authenticateWithPassword(username, password);
+
+			if (isAuthenticated == false)
+				throw new IOException("Authentication failed.");
+
+			/* Create a session */
+
+			Session sess = conn.openSession();
+
+			sess.execCommand("echo \"Huge amounts of text on STDOUT\"; echo \"Huge amounts of text on STDERR\" >&2");
+
+			/*
+			 * Advanced:
+			 * The following is a demo on how one can read from stdout and
+			 * stderr without having to use two parallel worker threads (i.e.,
+			 * we don't use the Streamgobblers here) and at the same time not
+			 * risking a deadlock (due to a filled SSH2 channel window, caused
+			 * by the stream which you are currently NOT reading from =).
+			 */
+
+			/* Don't wrap these streams and don't let other threads work on
+			 * these streams while you work with Session.waitForCondition()!!!
+			 */
+
+			InputStream stdout = sess.getStdout();
+			InputStream stderr = sess.getStderr();
+
+			byte[] buffer = new byte[8192];
+
+			while (true)
+			{
+				if ((stdout.available() == 0) && (stderr.available() == 0))
+				{
+					/* Even though currently there is no data available, it may be that new data arrives
+					 * and the session's underlying channel is closed before we call waitForCondition().
+					 * This means that EOF and STDOUT_DATA (or STDERR_DATA, or both) may
+					 * be set together.
+					 */
+
+					int conditions = sess.waitForCondition(ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA
+							| ChannelCondition.EOF, 2000);
+
+					/* Wait no longer than 2 seconds (= 2000 milliseconds) */
+
+					if ((conditions & ChannelCondition.TIMEOUT) != 0)
+					{
+						/* A timeout occured. */
+						throw new IOException("Timeout while waiting for data from peer.");
+					}
+
+					/* Here we do not need to check separately for CLOSED, since CLOSED implies EOF */
+
+					if ((conditions & ChannelCondition.EOF) != 0)
+					{
+						/* The remote side won't send us further data... */
+
+						if ((conditions & (ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA)) == 0)
+						{
+							/* ... and we have consumed all data in the local arrival window. */
+							break;
+						}
+					}
+
+					/* OK, either STDOUT_DATA or STDERR_DATA (or both) is set. */
+
+					// You can be paranoid and check that the library is not going nuts:
+					// if ((conditions & (ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA)) == 0)
+					//	throw new IllegalStateException("Unexpected condition result (" + conditions + ")");
+				}
+
+				/* If you below replace "while" with "if", then the way the output appears on the local
+				 * stdout and stder streams is more "balanced". Addtionally reducing the buffer size
+				 * will also improve the interleaving, but performance will slightly suffer.
+				 * OKOK, that all matters only if you get HUGE amounts of stdout and stderr data =)
+				 */
+
+				while (stdout.available() > 0)
+				{
+					int len = stdout.read(buffer);
+					if (len > 0) // this check is somewhat paranoid
+						System.out.write(buffer, 0, len);
+				}
+
+				while (stderr.available() > 0)
+				{
+					int len = stderr.read(buffer);
+					if (len > 0) // this check is somewhat paranoid
+						System.err.write(buffer, 0, len);
+				}
+			}
+
+			/* Close this session */
+
+			sess.close();
+
+			/* Close the connection */
+
+			conn.close();
+
+		}
+		catch (IOException e)
+		{
+			e.printStackTrace(System.err);
+			System.exit(2);
+		}
+	}
+}
diff --git a/examples/StdoutAndStderr.java b/examples/StdoutAndStderr.java
new file mode 100644
index 0000000..f4cb9bb
--- /dev/null
+++ b/examples/StdoutAndStderr.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+import ch.ethz.ssh2.Connection;
+import ch.ethz.ssh2.Session;
+import ch.ethz.ssh2.StreamGobbler;
+
+public class StdoutAndStderr
+{
+	public static void main(String[] args)
+	{
+		String hostname = "127.0.0.1";
+		String username = "joe";
+		String password = "joespass";
+
+		try
+		{
+			/* Create a connection instance */
+
+			Connection conn = new Connection(hostname);
+
+			/* Now connect */
+
+			conn.connect();
+
+			/* Authenticate */
+
+			boolean isAuthenticated = conn.authenticateWithPassword(username, password);
+
+			if (isAuthenticated == false)
+				throw new IOException("Authentication failed.");
+
+			/* Create a session */
+
+			Session sess = conn.openSession();
+
+			sess.execCommand("echo \"Text on STDOUT\"; echo \"Text on STDERR\" >&2");
+
+			InputStream stdout = new StreamGobbler(sess.getStdout());
+			InputStream stderr = new StreamGobbler(sess.getStderr());
+	
+			BufferedReader stdoutReader = new BufferedReader(new InputStreamReader(stdout));
+			BufferedReader stderrReader = new BufferedReader(new InputStreamReader(stderr));
+			
+			System.out.println("Here is the output from stdout:");
+	
+			while (true)
+			{
+				String line = stdoutReader.readLine();
+				if (line == null)
+					break;
+				System.out.println(line);
+			}
+			
+			System.out.println("Here is the output from stderr:");
+			
+			while (true)
+			{
+				String line = stderrReader.readLine();
+				if (line == null)
+					break;
+				System.out.println(line);
+			}
+			
+			/* Close this session */
+			
+			sess.close();
+
+			/* Close the connection */
+
+			conn.close();
+
+		}
+		catch (IOException e)
+		{
+			e.printStackTrace(System.err);
+			System.exit(2);
+		}
+	}
+}
diff --git a/examples/SwingShell.java b/examples/SwingShell.java
new file mode 100644
index 0000000..12554cf
--- /dev/null
+++ b/examples/SwingShell.java
@@ -0,0 +1,788 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+import java.awt.BorderLayout;
+import java.awt.Color;
+import java.awt.FlowLayout;
+import java.awt.Font;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+import java.awt.event.KeyAdapter;
+import java.awt.event.KeyEvent;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import javax.swing.BoxLayout;
+import javax.swing.JButton;
+import javax.swing.JDialog;
+import javax.swing.JFrame;
+import javax.swing.JLabel;
+import javax.swing.JOptionPane;
+import javax.swing.JPanel;
+import javax.swing.JPasswordField;
+import javax.swing.JTextArea;
+import javax.swing.JTextField;
+import javax.swing.SwingUtilities;
+
+import ch.ethz.ssh2.Connection;
+import ch.ethz.ssh2.InteractiveCallback;
+import ch.ethz.ssh2.KnownHosts;
+import ch.ethz.ssh2.ServerHostKeyVerifier;
+import ch.ethz.ssh2.Session;
+
+/**
+ *
+ * This is a very primitive SSH-2 dumb terminal (Swing based).
+ * 
+ * The purpose of this class is to demonstrate:
+ * 
+ * - Verifying server hostkeys with an existing known_hosts file
+ * - Displaying fingerprints of server hostkeys
+ * - Adding a server hostkey to a known_hosts file (+hashing the hostname for security) 
+ * - Authentication with DSA, RSA, password and keyboard-interactive methods
+ *
+ */
+public class SwingShell
+{
+
+	/* 
+	 * NOTE: to get this feature to work, replace the "tilde" with your home directory,
+	 * at least my JVM does not understand it. Need to check the specs.
+	 */
+
+	static final String knownHostPath = "~/.ssh/known_hosts";
+	static final String idDSAPath = "~/.ssh/id_dsa";
+	static final String idRSAPath = "~/.ssh/id_rsa";
+
+	JFrame loginFrame = null;
+	JLabel hostLabel;
+	JLabel userLabel;
+	JTextField hostField;
+	JTextField userField;
+	JButton loginButton;
+
+	KnownHosts database = new KnownHosts();
+
+	public SwingShell()
+	{
+		File knownHostFile = new File(knownHostPath);
+		if (knownHostFile.exists())
+		{
+			try
+			{
+				database.addHostkeys(knownHostFile);
+			}
+			catch (IOException e)
+			{
+			}
+		}
+	}
+
+	/**
+	 * This dialog displays a number of text lines and a text field.
+	 * The text field can either be plain text or a password field.
+	 */
+	class EnterSomethingDialog extends JDialog
+	{
+		private static final long serialVersionUID = 1L;
+
+		JTextField answerField;
+		JPasswordField passwordField;
+
+		final boolean isPassword;
+
+		String answer;
+
+		public EnterSomethingDialog(JFrame parent, String title, String content, boolean isPassword)
+		{
+			this(parent, title, new String[] { content }, isPassword);
+		}
+
+		public EnterSomethingDialog(JFrame parent, String title, String[] content, boolean isPassword)
+		{
+			super(parent, title, true);
+
+			this.isPassword = isPassword;
+
+			JPanel pan = new JPanel();
+			pan.setLayout(new BoxLayout(pan, BoxLayout.Y_AXIS));
+
+			for (int i = 0; i < content.length; i++)
+			{
+				if ((content[i] == null) || (content[i] == ""))
+					continue;
+				JLabel contentLabel = new JLabel(content[i]);
+				pan.add(contentLabel);
+
+			}
+
+			answerField = new JTextField(20);
+			passwordField = new JPasswordField(20);
+
+			if (isPassword)
+				pan.add(passwordField);
+			else
+				pan.add(answerField);
+
+			KeyAdapter kl = new KeyAdapter()
+			{
+				public void keyTyped(KeyEvent e)
+				{
+					if (e.getKeyChar() == '\n')
+						finish();
+				}
+			};
+
+			answerField.addKeyListener(kl);
+			passwordField.addKeyListener(kl);
+
+			getContentPane().add(BorderLayout.CENTER, pan);
+
+			setResizable(false);
+			pack();
+			setLocationRelativeTo(null);
+		}
+
+		private void finish()
+		{
+			if (isPassword)
+				answer = new String(passwordField.getPassword());
+			else
+				answer = answerField.getText();
+
+			dispose();
+		}
+	}
+
+	/**
+	 * TerminalDialog is probably the worst terminal emulator ever written - implementing
+	 * a real vt100 is left as an exercise to the reader, i.e., to you =)
+	 *
+	 */
+	class TerminalDialog extends JDialog
+	{
+		private static final long serialVersionUID = 1L;
+
+		JPanel botPanel;
+		JButton logoffButton;
+		JTextArea terminalArea;
+
+		Session sess;
+		InputStream in;
+		OutputStream out;
+
+		int x, y;
+
+		/**
+		 * This thread consumes output from the remote server and displays it in
+		 * the terminal window.
+		 *
+		 */
+		class RemoteConsumer extends Thread
+		{
+			char[][] lines = new char[y][];
+			int posy = 0;
+			int posx = 0;
+
+			private void addText(byte[] data, int len)
+			{
+				for (int i = 0; i < len; i++)
+				{
+					char c = (char) (data[i] & 0xff);
+
+					if (c == 8) // Backspace, VERASE
+					{
+						if (posx < 0)
+							continue;
+						posx--;
+						continue;
+					}
+
+					if (c == '\r')
+					{
+						posx = 0;
+						continue;
+					}
+
+					if (c == '\n')
+					{
+						posy++;
+						if (posy >= y)
+						{
+							for (int k = 1; k < y; k++)
+								lines[k - 1] = lines[k];
+							posy--;
+							lines[y - 1] = new char[x];
+							for (int k = 0; k < x; k++)
+								lines[y - 1][k] = ' ';
+						}
+						continue;
+					}
+
+					if (c < 32)
+					{
+						continue;
+					}
+
+					if (posx >= x)
+					{
+						posx = 0;
+						posy++;
+						if (posy >= y)
+						{
+							posy--;
+							for (int k = 1; k < y; k++)
+								lines[k - 1] = lines[k];
+							lines[y - 1] = new char[x];
+							for (int k = 0; k < x; k++)
+								lines[y - 1][k] = ' ';
+						}
+					}
+
+					if (lines[posy] == null)
+					{
+						lines[posy] = new char[x];
+						for (int k = 0; k < x; k++)
+							lines[posy][k] = ' ';
+					}
+
+					lines[posy][posx] = c;
+					posx++;
+				}
+
+				StringBuffer sb = new StringBuffer(x * y);
+
+				for (int i = 0; i < lines.length; i++)
+				{
+					if (i != 0)
+						sb.append('\n');
+
+					if (lines[i] != null)
+					{
+						sb.append(lines[i]);
+					}
+
+				}
+				setContent(sb.toString());
+			}
+
+			public void run()
+			{
+				byte[] buff = new byte[8192];
+
+				try
+				{
+					while (true)
+					{
+						int len = in.read(buff);
+						if (len == -1)
+							return;
+						addText(buff, len);
+					}
+				}
+				catch (Exception e)
+				{
+				}
+			}
+		}
+
+		public TerminalDialog(JFrame parent, String title, Session sess, int x, int y) throws IOException
+		{
+			super(parent, title, true);
+
+			this.sess = sess;
+
+			in = sess.getStdout();
+			out = sess.getStdin();
+
+			this.x = x;
+			this.y = y;
+
+			botPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));
+
+			logoffButton = new JButton("Logout");
+			botPanel.add(logoffButton);
+
+			logoffButton.addActionListener(new ActionListener()
+			{
+				public void actionPerformed(ActionEvent e)
+				{
+					/* Dispose the dialog, "setVisible(true)" method will return */
+					dispose();
+				}
+			});
+
+			Font f = new Font("Monospaced", Font.PLAIN, 16);
+
+			terminalArea = new JTextArea(y, x);
+			terminalArea.setFont(f);
+			terminalArea.setBackground(Color.BLACK);
+			terminalArea.setForeground(Color.ORANGE);
+			/* This is a hack. We cannot disable the caret,
+			 * since setting editable to false also changes
+			 * the meaning of the TAB key - and I want to use it in bash.
+			 * Again - this is a simple DEMO terminal =)
+			 */
+			terminalArea.setCaretColor(Color.BLACK);
+
+			KeyAdapter kl = new KeyAdapter()
+			{
+				public void keyTyped(KeyEvent e)
+				{
+					int c = e.getKeyChar();
+
+					try
+					{
+						out.write(c);
+					}
+					catch (IOException e1)
+					{
+					}
+					e.consume();
+				}
+			};
+
+			terminalArea.addKeyListener(kl);
+
+			getContentPane().add(terminalArea, BorderLayout.CENTER);
+			getContentPane().add(botPanel, BorderLayout.PAGE_END);
+
+			setResizable(false);
+			pack();
+			setLocationRelativeTo(parent);
+
+			new RemoteConsumer().start();
+		}
+
+		public void setContent(String lines)
+		{
+			// setText is thread safe, it does not have to be called from
+			// the Swing GUI thread.
+			terminalArea.setText(lines);
+		}
+	}
+
+	/**
+	 * This ServerHostKeyVerifier asks the user on how to proceed if a key cannot be found
+	 * in the in-memory database.
+	 *
+	 */
+	class AdvancedVerifier implements ServerHostKeyVerifier
+	{
+		public boolean verifyServerHostKey(String hostname, int port, String serverHostKeyAlgorithm,
+				byte[] serverHostKey) throws Exception
+		{
+			final String host = hostname;
+			final String algo = serverHostKeyAlgorithm;
+
+			String message;
+
+			/* Check database */
+
+			int result = database.verifyHostkey(hostname, serverHostKeyAlgorithm, serverHostKey);
+
+			switch (result)
+			{
+			case KnownHosts.HOSTKEY_IS_OK:
+				return true;
+
+			case KnownHosts.HOSTKEY_IS_NEW:
+				message = "Do you want to accept the hostkey (type " + algo + ") from " + host + " ?\n";
+				break;
+
+			case KnownHosts.HOSTKEY_HAS_CHANGED:
+				message = "WARNING! Hostkey for " + host + " has changed!\nAccept anyway?\n";
+				break;
+
+			default:
+				throw new IllegalStateException();
+			}
+
+			/* Include the fingerprints in the message */
+
+			String hexFingerprint = KnownHosts.createHexFingerprint(serverHostKeyAlgorithm, serverHostKey);
+			String bubblebabbleFingerprint = KnownHosts.createBubblebabbleFingerprint(serverHostKeyAlgorithm,
+					serverHostKey);
+
+			message += "Hex Fingerprint: " + hexFingerprint + "\nBubblebabble Fingerprint: " + bubblebabbleFingerprint;
+
+			/* Now ask the user */
+
+			int choice = JOptionPane.showConfirmDialog(loginFrame, message);
+
+			if (choice == JOptionPane.YES_OPTION)
+			{
+				/* Be really paranoid. We use a hashed hostname entry */
+
+				String hashedHostname = KnownHosts.createHashedHostname(hostname);
+
+				/* Add the hostkey to the in-memory database */
+
+				database.addHostkey(new String[] { hashedHostname }, serverHostKeyAlgorithm, serverHostKey);
+
+				/* Also try to add the key to a known_host file */
+
+				try
+				{
+					KnownHosts.addHostkeyToFile(new File(knownHostPath), new String[] { hashedHostname },
+							serverHostKeyAlgorithm, serverHostKey);
+				}
+				catch (IOException ignore)
+				{
+				}
+
+				return true;
+			}
+
+			if (choice == JOptionPane.CANCEL_OPTION)
+			{
+				throw new Exception("The user aborted the server hostkey verification.");
+			}
+
+			return false;
+		}
+	}
+
+	/**
+	 * The logic that one has to implement if "keyboard-interactive" autentication shall be
+	 * supported.
+	 *
+	 */
+	class InteractiveLogic implements InteractiveCallback
+	{
+		int promptCount = 0;
+		String lastError;
+
+		public InteractiveLogic(String lastError)
+		{
+			this.lastError = lastError;
+		}
+
+		/* the callback may be invoked several times, depending on how many questions-sets the server sends */
+
+		public String[] replyToChallenge(String name, String instruction, int numPrompts, String[] prompt,
+				boolean[] echo) throws IOException
+		{
+			String[] result = new String[numPrompts];
+
+			for (int i = 0; i < numPrompts; i++)
+			{
+				/* Often, servers just send empty strings for "name" and "instruction" */
+
+				String[] content = new String[] { lastError, name, instruction, prompt[i] };
+
+				if (lastError != null)
+				{
+					/* show lastError only once */
+					lastError = null;
+				}
+
+				EnterSomethingDialog esd = new EnterSomethingDialog(loginFrame, "Keyboard Interactive Authentication",
+						content, !echo[i]);
+
+				esd.setVisible(true);
+
+				if (esd.answer == null)
+					throw new IOException("Login aborted by user");
+
+				result[i] = esd.answer;
+				promptCount++;
+			}
+
+			return result;
+		}
+
+		/* We maintain a prompt counter - this enables the detection of situations where the ssh
+		 * server is signaling "authentication failed" even though it did not send a single prompt.
+		 */
+
+		public int getPromptCount()
+		{
+			return promptCount;
+		}
+	}
+
+	/**
+	 * The SSH-2 connection is established in this thread.
+	 * If we would not use a separate thread (e.g., put this code in
+	 * the event handler of the "Login" button) then the GUI would not
+	 * be responsive (missing window repaints if you move the window etc.)
+	 */
+	class ConnectionThread extends Thread
+	{
+		String hostname;
+		String username;
+
+		public ConnectionThread(String hostname, String username)
+		{
+			this.hostname = hostname;
+			this.username = username;
+		}
+
+		public void run()
+		{
+			Connection conn = new Connection(hostname);
+
+			try
+			{
+				/*
+				 * 
+				 * CONNECT AND VERIFY SERVER HOST KEY (with callback)
+				 * 
+				 */
+
+				String[] hostkeyAlgos = database.getPreferredServerHostkeyAlgorithmOrder(hostname);
+
+				if (hostkeyAlgos != null)
+					conn.setServerHostKeyAlgorithms(hostkeyAlgos);
+
+				conn.connect(new AdvancedVerifier());
+
+				/*
+				 * 
+				 * AUTHENTICATION PHASE
+				 * 
+				 */
+
+				boolean enableKeyboardInteractive = true;
+				boolean enableDSA = true;
+				boolean enableRSA = true;
+
+				String lastError = null;
+
+				while (true)
+				{
+					if ((enableDSA || enableRSA) && conn.isAuthMethodAvailable(username, "publickey"))
+					{
+						if (enableDSA)
+						{
+							File key = new File(idDSAPath);
+
+							if (key.exists())
+							{
+								EnterSomethingDialog esd = new EnterSomethingDialog(loginFrame, "DSA Authentication",
+										new String[] { lastError, "Enter DSA private key password:" }, true);
+								esd.setVisible(true);
+
+								boolean res = conn.authenticateWithPublicKey(username, key, esd.answer);
+
+								if (res == true)
+									break;
+
+								lastError = "DSA authentication failed.";
+							}
+							enableDSA = false; // do not try again
+						}
+
+						if (enableRSA)
+						{
+							File key = new File(idRSAPath);
+
+							if (key.exists())
+							{
+								EnterSomethingDialog esd = new EnterSomethingDialog(loginFrame, "RSA Authentication",
+										new String[] { lastError, "Enter RSA private key password:" }, true);
+								esd.setVisible(true);
+
+								boolean res = conn.authenticateWithPublicKey(username, key, esd.answer);
+
+								if (res == true)
+									break;
+
+								lastError = "RSA authentication failed.";
+							}
+							enableRSA = false; // do not try again
+						}
+
+						continue;
+					}
+
+					if (enableKeyboardInteractive && conn.isAuthMethodAvailable(username, "keyboard-interactive"))
+					{
+						InteractiveLogic il = new InteractiveLogic(lastError);
+
+						boolean res = conn.authenticateWithKeyboardInteractive(username, il);
+
+						if (res == true)
+							break;
+
+						if (il.getPromptCount() == 0)
+						{
+							// aha. the server announced that it supports "keyboard-interactive", but when
+							// we asked for it, it just denied the request without sending us any prompt.
+							// That happens with some server versions/configurations.
+							// We just disable the "keyboard-interactive" method and notify the user.
+
+							lastError = "Keyboard-interactive does not work.";
+
+							enableKeyboardInteractive = false; // do not try this again
+						}
+						else
+						{
+							lastError = "Keyboard-interactive auth failed."; // try again, if possible
+						}
+
+						continue;
+					}
+
+					if (conn.isAuthMethodAvailable(username, "password"))
+					{
+						final EnterSomethingDialog esd = new EnterSomethingDialog(loginFrame,
+								"Password Authentication",
+								new String[] { lastError, "Enter password for " + username }, true);
+
+						esd.setVisible(true);
+
+						if (esd.answer == null)
+							throw new IOException("Login aborted by user");
+
+						boolean res = conn.authenticateWithPassword(username, esd.answer);
+
+						if (res == true)
+							break;
+
+						lastError = "Password authentication failed."; // try again, if possible
+
+						continue;
+					}
+
+					throw new IOException("No supported authentication methods available.");
+				}
+
+				/*
+				 * 
+				 * AUTHENTICATION OK. DO SOMETHING.
+				 * 
+				 */
+
+				Session sess = conn.openSession();
+
+				int x_width = 90;
+				int y_width = 30;
+
+				sess.requestPTY("dumb", x_width, y_width, 0, 0, null);
+				sess.startShell();
+
+				TerminalDialog td = new TerminalDialog(loginFrame, username + "@" + hostname, sess, x_width, y_width);
+
+				/* The following call blocks until the dialog has been closed */
+
+				td.setVisible(true);
+
+			}
+			catch (IOException e)
+			{
+				//e.printStackTrace();
+				JOptionPane.showMessageDialog(loginFrame, "Exception: " + e.getMessage());
+			}
+
+			/*
+			 * 
+			 * CLOSE THE CONNECTION.
+			 * 
+			 */
+
+			conn.close();
+
+			/*
+			 * 
+			 * CLOSE THE LOGIN FRAME - APPLICATION WILL BE EXITED (no more frames)
+			 * 
+			 */
+
+			Runnable r = new Runnable()
+			{
+				public void run()
+				{
+					loginFrame.dispose();
+				}
+			};
+
+			SwingUtilities.invokeLater(r);
+		}
+	}
+
+	void loginPressed()
+	{
+		String hostname = hostField.getText().trim();
+		String username = userField.getText().trim();
+
+		if ((hostname.length() == 0) || (username.length() == 0))
+		{
+			JOptionPane.showMessageDialog(loginFrame, "Please fill out both fields!");
+			return;
+		}
+
+		loginButton.setEnabled(false);
+		hostField.setEnabled(false);
+		userField.setEnabled(false);
+
+		ConnectionThread ct = new ConnectionThread(hostname, username);
+
+		ct.start();
+	}
+
+	void showGUI()
+	{
+		loginFrame = new JFrame("Ganymed SSH2 SwingShell");
+
+		hostLabel = new JLabel("Hostname:");
+		userLabel = new JLabel("Username:");
+
+		hostField = new JTextField("", 20);
+		userField = new JTextField("", 10);
+
+		loginButton = new JButton("Login");
+
+		loginButton.addActionListener(new ActionListener()
+		{
+			public void actionPerformed(java.awt.event.ActionEvent e)
+			{
+				loginPressed();
+			}
+		});
+
+		JPanel loginPanel = new JPanel();
+
+		loginPanel.add(hostLabel);
+		loginPanel.add(hostField);
+		loginPanel.add(userLabel);
+		loginPanel.add(userField);
+		loginPanel.add(loginButton);
+
+		loginFrame.getRootPane().setDefaultButton(loginButton);
+
+		loginFrame.getContentPane().add(loginPanel, BorderLayout.PAGE_START);
+		//loginFrame.getContentPane().add(textArea, BorderLayout.CENTER);
+
+		loginFrame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
+
+		loginFrame.pack();
+		loginFrame.setResizable(false);
+		loginFrame.setLocationRelativeTo(null);
+		loginFrame.setVisible(true);
+	}
+
+	void startGUI()
+	{
+		Runnable r = new Runnable()
+		{
+			public void run()
+			{
+				showGUI();
+			}
+		};
+
+		SwingUtilities.invokeLater(r);
+
+	}
+
+	public static void main(String[] args)
+	{
+		SwingShell client = new SwingShell();
+		client.startGUI();
+	}
+}
diff --git a/examples/UsingKnownHosts.java b/examples/UsingKnownHosts.java
new file mode 100644
index 0000000..71262dd
--- /dev/null
+++ b/examples/UsingKnownHosts.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+import ch.ethz.ssh2.Connection;
+import ch.ethz.ssh2.KnownHosts;
+import ch.ethz.ssh2.Session;
+import ch.ethz.ssh2.StreamGobbler;
+
+public class UsingKnownHosts
+{
+	static KnownHosts database = new KnownHosts();
+
+	public static void main(String[] args) throws IOException
+	{
+		String hostname = "somehost";
+		String username = "joe";
+		String password = "joespass";
+
+		File knownHosts = new File("~/.ssh/known_hosts");
+
+		try
+		{
+			/* Load known_hosts file into in-memory database */
+
+			if (knownHosts.exists())
+				database.addHostkeys(knownHosts);
+
+			/* Create a connection instance */
+
+			Connection conn = new Connection(hostname);
+
+			/* Now connect and use the SimpleVerifier */
+
+			conn.connect(new SimpleVerifier(database));
+
+			/* Authenticate */
+
+			boolean isAuthenticated = conn.authenticateWithPassword(username, password);
+
+			if (isAuthenticated == false)
+				throw new IOException("Authentication failed.");
+
+			/* Create a session */
+
+			Session sess = conn.openSession();
+
+			sess.execCommand("uname -a && date && uptime && who");
+
+			InputStream stdout = new StreamGobbler(sess.getStdout());
+			BufferedReader br = new BufferedReader(new InputStreamReader(stdout));
+
+			System.out.println("Here is some information about the remote host:");
+
+			while (true)
+			{
+				String line = br.readLine();
+				if (line == null)
+					break;
+				System.out.println(line);
+			}
+
+			/* Close this session */
+
+			sess.close();
+
+			/* Close the connection */
+
+			conn.close();
+
+		}
+		catch (IOException e)
+		{
+			e.printStackTrace(System.err);
+			System.exit(2);
+		}
+	}
+}
diff --git a/overview.html b/overview.html
new file mode 100644
index 0000000..b099a87
--- /dev/null
+++ b/overview.html
@@ -0,0 +1,14 @@
+<body>
+Ganymed SSH2 for Java is a library which implements the SSH-2 protocol in pure Java.
+It allows one to connect to SSH servers from within Java programs. It supports SSH sessions
+(remote command execution and shell access),
+local and remote port forwarding, local stream forwarding, X11 forwarding, SCP and SFTP.
+There are no dependencies on any JCE provider, as all crypto functionality is included.
+<p>
+Ganymed SSH2 for Java was first developed for the Ganymed replication project and a
+couple of other projects at the IKS group at ETH Zurich. 
+<p>
+Website: <a href="http://www.cleondris.ch/opensource/ssh2/">http://www.cleondris.ch/opensource/ssh2/</a>.
+<p>
+Please read the included LICENCE.txt, latest changes can be found in HISTORY.txt.
+</body>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..96da9cc
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.googlecode.ganymed-ssh-2</groupId>
+    <artifactId>ganymed-ssh-2</artifactId>
+    <packaging>jar</packaging>
+    <version>260</version>
+    <name>ganymed-ssh-2</name>
+    <developers>
+        <developer>
+            <name>Christian Plattner</name>
+            <id>cleondris</id>
+            <email>info@cleondris.ch</email>
+            <organization>Cleondris GmbH</organization>
+        </developer>
+        <developer>
+            <name>David Kocher</name>
+            <id>dkocher</id>
+            <email>dkocher@sudo.ch</email>
+            <organization>iterate GmbH</organization>
+        </developer>
+    </developers>
+    <properties>
+        <maven.compile.source>1.5</maven.compile.source>
+        <maven.compile.target>1.5</maven.compile.target>
+        <source.encoding>UTF-8</source.encoding>
+    </properties>
+    <repositories/>
+    <pluginRepositories/>
+    <dependencyManagement/>
+    <dependencies/>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.3.2</version>
+                <configuration>
+                    <source>${maven.compile.source}</source>
+                    <target>${maven.compile.target}</target>
+                    <encoding>${source.encoding}</encoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.4.3</version>
+                <configuration>
+                    <encoding>UTF-8</encoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>2.3.1</version>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+                            <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
+                        </manifest>
+                    </archive>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.1.2</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>jar-no-fork</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.7.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-site-plugin</artifactId>
+                <version>3.0-beta-3</version>
+            </plugin>
+        </plugins>
+    </build>
+    <profiles/>
+    <reporting>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-project-info-reports-plugin</artifactId>
+                <version>2.4</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jxr-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <inputEncoding>${source.encoding}</inputEncoding>
+                    <outputEncoding>${source.encoding}</outputEncoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-pmd-plugin</artifactId>
+                <version>2.5</version>
+                <configuration>
+                    <minimumTokens>100</minimumTokens>
+                    <targetJdk>${maven.compile.target}</targetJdk>
+                    <outputEncoding>${source.encoding}</outputEncoding>
+                    <sourceEncoding>${source.encoding}</sourceEncoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>2.7</version>
+                <configuration>
+                    <links>
+                        <link>http://download.oracle.com/javase/${maven.compile.target}/docs/api/</link>
+                    </links>
+                    <encoding>${source.encoding}</encoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+                <version>2.8.1</version>
+            </plugin>
+        </plugins>
+    </reporting>
+</project>
diff --git a/src/main/java/ch/ethz/ssh2/ChannelCondition.java b/src/main/java/ch/ethz/ssh2/ChannelCondition.java
new file mode 100644
index 0000000..70c563e
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/ChannelCondition.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * Contains constants that can be used to specify what conditions to wait for on
+ * a SSH-2 channel (e.g., represented by a {@link Session}).
+ *
+ * @see Session#waitForCondition(int, long)
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public abstract interface ChannelCondition
+{
+	/**
+	 * A timeout has occurred, none of your requested conditions is fulfilled.
+	 * However, other conditions may be true - therefore, NEVER use the "=="
+	 * operator to test for this (or any other) condition. Always use
+	 * something like <code>((cond & ChannelCondition.CLOSED) != 0)</code>.
+	 */
+	public static final int TIMEOUT = 1;
+
+	/**
+	 * The underlying SSH-2 channel, however not necessarily the whole connection,
+	 * has been closed. This implies <code>EOF</code>. Note that there may still
+	 * be unread stdout or stderr data in the local window, i.e, <code>STDOUT_DATA</code>
+	 * or/and <code>STDERR_DATA</code> may be set at the same time.
+	 */
+	public static final int CLOSED = 2;
+
+	/**
+	 * There is stdout data available that is ready to be consumed.
+	 */
+	public static final int STDOUT_DATA = 4;
+
+	/**
+	 * There is stderr data available that is ready to be consumed.
+	 */
+	public static final int STDERR_DATA = 8;
+
+	/**
+	 * EOF on has been reached, no more _new_ stdout or stderr data will arrive
+	 * from the remote server. However, there may be unread stdout or stderr
+	 * data, i.e, <code>STDOUT_DATA</code> or/and <code>STDERR_DATA</code>
+	 * may be set at the same time.
+	 */
+	public static final int EOF = 16;
+
+	/**
+	 * The exit status of the remote process is available.
+	 * Some servers never send the exist status, or occasionally "forget" to do so.
+	 */
+	public static final int EXIT_STATUS = 32;
+
+	/**
+	 * The exit signal of the remote process is available.
+	 */
+	public static final int EXIT_SIGNAL = 64;
+
+}
diff --git a/src/main/java/ch/ethz/ssh2/Connection.java b/src/main/java/ch/ethz/ssh2/Connection.java
new file mode 100644
index 0000000..0dc011a
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/Connection.java
@@ -0,0 +1,1368 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.CharArrayWriter;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketTimeoutException;
+import java.security.SecureRandom;
+import java.util.List;
+import java.util.Vector;
+
+import ch.ethz.ssh2.auth.AuthenticationManager;
+import ch.ethz.ssh2.channel.ChannelManager;
+import ch.ethz.ssh2.crypto.CryptoWishList;
+import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
+import ch.ethz.ssh2.crypto.digest.MAC;
+import ch.ethz.ssh2.packets.PacketIgnore;
+import ch.ethz.ssh2.transport.KexManager;
+import ch.ethz.ssh2.transport.TransportManager;
+import ch.ethz.ssh2.util.TimeoutService;
+import ch.ethz.ssh2.util.TimeoutService.TimeoutToken;
+
+/**
+ * A <code>Connection</code> is used to establish an encrypted TCP/IP
+ * connection to a SSH-2 server.
+ * <p>
+ * Typically, one
+ * <ol>
+ * <li>creates a {@link #Connection(String) Connection} object.</li>
+ * <li>calls the {@link #connect() connect()} method.</li>
+ * <li>calls some of the authentication methods (e.g., {@link #authenticateWithPublicKey(String, File, String) authenticateWithPublicKey()}).</li>
+ * <li>calls one or several times the {@link #openSession() openSession()} method.</li>
+ * <li>finally, one must close the connection and release resources with the {@link #close() close()} method.</li>
+ * </ol>
+ *
+ * @author Christian Plattner
+ * @version $Id: Connection.java 37 2011-05-28 22:31:46Z dkocher@sudo.ch $
+ */
+
+public class Connection
+{
+	/**
+	 * The identifier presented to the SSH-2 server.
+	 */
+	private String identification = "Ganymed-" + Version.getSpecification();
+
+	/* Will be used to generate all random data needed for the current connection.
+	 * Note: SecureRandom.nextBytes() is thread safe.
+	 */
+
+	private SecureRandom generator;
+
+	/**
+	 * Unless you know what you are doing, you will never need this.
+	 *
+	 * @return The list of supported cipher algorithms by this implementation.
+	 */
+	public static synchronized String[] getAvailableCiphers()
+	{
+		return BlockCipherFactory.getDefaultCipherList();
+	}
+
+	/**
+	 * Unless you know what you are doing, you will never need this.
+	 *
+	 * @return The list of supported MAC algorthims by this implementation.
+	 */
+	public static synchronized String[] getAvailableMACs()
+	{
+		return MAC.getMacList();
+	}
+
+	/**
+	 * Unless you know what you are doing, you will never need this.
+	 *
+	 * @return The list of supported server host key algorthims by this implementation.
+	 */
+	public static synchronized String[] getAvailableServerHostKeyAlgorithms()
+	{
+		return KexManager.getDefaultServerHostkeyAlgorithmList();
+	}
+
+	private AuthenticationManager am;
+
+	private boolean authenticated = false;
+	private ChannelManager cm;
+
+	private CryptoWishList cryptoWishList = new CryptoWishList();
+
+	private DHGexParameters dhgexpara = new DHGexParameters();
+
+	private final String hostname;
+
+	private final int port;
+
+	private TransportManager tm;
+
+	private boolean tcpNoDelay = false;
+
+	private ProxyData proxyData = null;
+
+	private List<ConnectionMonitor> connectionMonitors = new Vector<ConnectionMonitor>();
+
+	/**
+	 * Prepares a fresh <code>Connection</code> object which can then be used
+	 * to establish a connection to the specified SSH-2 server.
+	 * <p>
+	 * Same as {@link #Connection(String, int) Connection(hostname, 22)}.
+	 *
+	 * @param hostname the hostname of the SSH-2 server.
+	 */
+	public Connection(String hostname)
+	{
+		this(hostname, 22);
+	}
+
+	/**
+	 * Prepares a fresh <code>Connection</code> object which can then be used
+	 * to establish a connection to the specified SSH-2 server.
+	 *
+	 * @param hostname
+	 *            the host where we later want to connect to.
+	 * @param port
+	 *            port on the server, normally 22.
+	 */
+	public Connection(String hostname, int port)
+	{
+		this.hostname = hostname;
+		this.port = port;
+	}
+
+	public Connection(String hostname, int port, String identification)
+	{
+		this.hostname = hostname;
+		this.port = port;
+        this.identification = identification;
+	}
+
+	/**
+	 * After a successful connect, one has to authenticate oneself. This method
+	 * is based on DSA (it uses DSA to sign a challenge sent by the server).
+	 * <p>
+	 * If the authentication phase is complete, <code>true</code> will be
+	 * returned. If the server does not accept the request (or if further
+	 * authentication steps are needed), <code>false</code> is returned and
+	 * one can retry either by using this or any other authentication method
+	 * (use the <code>getRemainingAuthMethods</code> method to get a list of
+	 * the remaining possible methods).
+	 *
+	 * @param user
+	 *            A <code>String</code> holding the username.
+	 * @param pem
+	 *            A <code>String</code> containing the DSA private key of the
+	 *            user in OpenSSH key format (PEM, you can't miss the
+	 *            "-----BEGIN DSA PRIVATE KEY-----" tag). The string may contain
+	 *            linefeeds.
+	 * @param password
+	 *            If the PEM string is 3DES encrypted ("DES-EDE3-CBC"), then you
+	 *            must specify the password. Otherwise, this argument will be
+	 *            ignored and can be set to <code>null</code>.
+	 *
+	 * @return whether the connection is now authenticated.
+	 * @throws IOException
+	 *
+	 * @deprecated You should use one of the {@link #authenticateWithPublicKey(String, File, String) authenticateWithPublicKey()}
+	 * 		      methods, this method is just a wrapper for it and will
+	 *            disappear in future builds.
+	 *
+	 */
+	public synchronized boolean authenticateWithDSA(String user, String pem, String password) throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("Connection is not established!");
+
+		if (authenticated)
+			throw new IllegalStateException("Connection is already authenticated!");
+
+		if (am == null)
+			am = new AuthenticationManager(tm);
+
+		if (cm == null)
+			cm = new ChannelManager(tm);
+
+		if (user == null)
+			throw new IllegalArgumentException("user argument is null");
+
+		if (pem == null)
+			throw new IllegalArgumentException("pem argument is null");
+
+		authenticated = am.authenticatePublicKey(user, pem.toCharArray(), password, getOrCreateSecureRND());
+
+		return authenticated;
+	}
+
+	/**
+	 * A wrapper that calls {@link #authenticateWithKeyboardInteractive(String, String[], InteractiveCallback)
+	 * authenticateWithKeyboardInteractivewith} a <code>null</code> submethod list.
+	 *
+	 * @param user
+	 *            A <code>String</code> holding the username.
+	 * @param cb
+	 *            An <code>InteractiveCallback</code> which will be used to
+	 *            determine the responses to the questions asked by the server.
+	 * @return whether the connection is now authenticated.
+	 * @throws IOException
+	 */
+	public synchronized boolean authenticateWithKeyboardInteractive(String user, InteractiveCallback cb)
+			throws IOException
+	{
+		return authenticateWithKeyboardInteractive(user, null, cb);
+	}
+
+	/**
+	 * After a successful connect, one has to authenticate oneself. This method
+	 * is based on "keyboard-interactive", specified in
+	 * draft-ietf-secsh-auth-kbdinteract-XX. Basically, you have to define a
+	 * callback object which will be feeded with challenges generated by the
+	 * server. Answers are then sent back to the server. It is possible that the
+	 * callback will be called several times during the invocation of this
+	 * method (e.g., if the server replies to the callback's answer(s) with
+	 * another challenge...)
+	 * <p>
+	 * If the authentication phase is complete, <code>true</code> will be
+	 * returned. If the server does not accept the request (or if further
+	 * authentication steps are needed), <code>false</code> is returned and
+	 * one can retry either by using this or any other authentication method
+	 * (use the <code>getRemainingAuthMethods</code> method to get a list of
+	 * the remaining possible methods).
+	 * <p>
+	 * Note: some SSH servers advertise "keyboard-interactive", however, any
+	 * interactive request will be denied (without having sent any challenge to
+	 * the client).
+	 *
+	 * @param user
+	 *            A <code>String</code> holding the username.
+	 * @param submethods
+	 *            An array of submethod names, see
+	 *            draft-ietf-secsh-auth-kbdinteract-XX. May be <code>null</code>
+	 *            to indicate an empty list.
+	 * @param cb
+	 *            An <code>InteractiveCallback</code> which will be used to
+	 *            determine the responses to the questions asked by the server.
+	 *
+	 * @return whether the connection is now authenticated.
+	 * @throws IOException
+	 */
+	public synchronized boolean authenticateWithKeyboardInteractive(String user, String[] submethods,
+			InteractiveCallback cb) throws IOException
+	{
+		if (cb == null)
+			throw new IllegalArgumentException("Callback may not ne NULL!");
+
+		if (tm == null)
+			throw new IllegalStateException("Connection is not established!");
+
+		if (authenticated)
+			throw new IllegalStateException("Connection is already authenticated!");
+
+		if (am == null)
+			am = new AuthenticationManager(tm);
+
+		if (cm == null)
+			cm = new ChannelManager(tm);
+
+		if (user == null)
+			throw new IllegalArgumentException("user argument is null");
+
+		authenticated = am.authenticateInteractive(user, submethods, cb);
+
+		return authenticated;
+	}
+
+	/**
+	 * After a successful connect, one has to authenticate oneself. This method
+	 * sends username and password to the server.
+	 * <p>
+	 * If the authentication phase is complete, <code>true</code> will be
+	 * returned. If the server does not accept the request (or if further
+	 * authentication steps are needed), <code>false</code> is returned and
+	 * one can retry either by using this or any other authentication method
+	 * (use the <code>getRemainingAuthMethods</code> method to get a list of
+	 * the remaining possible methods).
+	 * <p>
+	 * Note: if this method fails, then please double-check that it is actually
+	 * offered by the server (use {@link #getRemainingAuthMethods(String) getRemainingAuthMethods()}.
+	 * <p>
+	 * Often, password authentication is disabled, but users are not aware of it.
+	 * Many servers only offer "publickey" and "keyboard-interactive". However,
+	 * even though "keyboard-interactive" *feels* like password authentication
+	 * (e.g., when using the putty or openssh clients) it is *not* the same mechanism.
+	 *
+	 * @param user
+	 * @param password
+	 * @return if the connection is now authenticated.
+	 * @throws IOException
+	 */
+	public synchronized boolean authenticateWithPassword(String user, String password) throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("Connection is not established!");
+
+		if (authenticated)
+			throw new IllegalStateException("Connection is already authenticated!");
+
+		if (am == null)
+			am = new AuthenticationManager(tm);
+
+		if (cm == null)
+			cm = new ChannelManager(tm);
+
+		if (user == null)
+			throw new IllegalArgumentException("user argument is null");
+
+		if (password == null)
+			throw new IllegalArgumentException("password argument is null");
+
+		authenticated = am.authenticatePassword(user, password);
+
+		return authenticated;
+	}
+
+	/**
+	 * After a successful connect, one has to authenticate oneself.
+	 * This method can be used to explicitly use the special "none"
+	 * authentication method (where only a username has to be specified).
+	 * <p>
+	 * Note 1: The "none" method may always be tried by clients, however as by
+	 * the specs, the server will not explicitly announce it. In other words,
+	 * the "none" token will never show up in the list returned by
+	 * {@link #getRemainingAuthMethods(String)}.
+	 * <p>
+	 * Note 2: no matter which one of the authenticateWithXXX() methods
+	 * you call, the library will always issue exactly one initial "none"
+	 * authentication request to retrieve the initially allowed list of
+	 * authentication methods by the server. Please read RFC 4252 for the
+	 * details.
+	 * <p>
+	 * If the authentication phase is complete, <code>true</code> will be
+	 * returned. If further authentication steps are needed, <code>false</code>
+	 * is returned and one can retry by any other authentication method
+	 * (use the <code>getRemainingAuthMethods</code> method to get a list of
+	 * the remaining possible methods).
+	 *
+	 * @param user
+	 * @return if the connection is now authenticated.
+	 * @throws IOException
+	 */
+	public synchronized boolean authenticateWithNone(String user) throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("Connection is not established!");
+
+		if (authenticated)
+			throw new IllegalStateException("Connection is already authenticated!");
+
+		if (am == null)
+			am = new AuthenticationManager(tm);
+
+		if (cm == null)
+			cm = new ChannelManager(tm);
+
+		if (user == null)
+			throw new IllegalArgumentException("user argument is null");
+
+		/* Trigger the sending of the PacketUserauthRequestNone packet */
+		/* (if not already done)                                       */
+
+		authenticated = am.authenticateNone(user);
+
+		return authenticated;
+	}
+
+	/**
+	 * After a successful connect, one has to authenticate oneself.
+	 * The authentication method "publickey" works by signing a challenge
+	 * sent by the server. The signature is either DSA or RSA based - it
+	 * just depends on the type of private key you specify, either a DSA
+	 * or RSA private key in PEM format. And yes, this is may seem to be a
+	 * little confusing, the method is called "publickey" in the SSH-2 protocol
+	 * specification, however since we need to generate a signature, you
+	 * actually have to supply a private key =).
+	 * <p>
+	 * The private key contained in the PEM file may also be encrypted ("Proc-Type: 4,ENCRYPTED").
+	 * The library supports DES-CBC and DES-EDE3-CBC encryption, as well
+	 * as the more exotic PEM encrpytions AES-128-CBC, AES-192-CBC and AES-256-CBC.
+	 * <p>
+	 * If the authentication phase is complete, <code>true</code> will be
+	 * returned. If the server does not accept the request (or if further
+	 * authentication steps are needed), <code>false</code> is returned and
+	 * one can retry either by using this or any other authentication method
+	 * (use the <code>getRemainingAuthMethods</code> method to get a list of
+	 * the remaining possible methods).
+	 * <p>
+	 * NOTE PUTTY USERS: Event though your key file may start with "-----BEGIN..."
+	 * it is not in the expected format. You have to convert it to the OpenSSH
+	 * key format by using the "puttygen" tool (can be downloaded from the Putty
+	 * website). Simply load your key and then use the "Conversions/Export OpenSSH key"
+	 * functionality to get a proper PEM file.
+	 *
+	 * @param user
+	 *            A <code>String</code> holding the username.
+	 * @param pemPrivateKey
+	 *            A <code>char[]</code> containing a DSA or RSA private key of the
+	 *            user in OpenSSH key format (PEM, you can't miss the
+	 *            "-----BEGIN DSA PRIVATE KEY-----" or "-----BEGIN RSA PRIVATE KEY-----"
+	 *            tag). The char array may contain linebreaks/linefeeds.
+	 * @param password
+	 *            If the PEM structure is encrypted ("Proc-Type: 4,ENCRYPTED") then
+	 *            you must specify a password. Otherwise, this argument will be ignored
+	 *            and can be set to <code>null</code>.
+	 *
+	 * @return whether the connection is now authenticated.
+	 * @throws IOException
+	 */
+	public synchronized boolean authenticateWithPublicKey(String user, char[] pemPrivateKey, String password)
+			throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("Connection is not established!");
+
+		if (authenticated)
+			throw new IllegalStateException("Connection is already authenticated!");
+
+		if (am == null)
+			am = new AuthenticationManager(tm);
+
+		if (cm == null)
+			cm = new ChannelManager(tm);
+
+		if (user == null)
+			throw new IllegalArgumentException("user argument is null");
+
+		if (pemPrivateKey == null)
+			throw new IllegalArgumentException("pemPrivateKey argument is null");
+
+		authenticated = am.authenticatePublicKey(user, pemPrivateKey, password, getOrCreateSecureRND());
+
+		return authenticated;
+	}
+
+	/**
+	 * A convenience wrapper function which reads in a private key (PEM format, either DSA or RSA)
+	 * and then calls <code>authenticateWithPublicKey(String, char[], String)</code>.
+	 * <p>
+	 * NOTE PUTTY USERS: Event though your key file may start with "-----BEGIN..."
+	 * it is not in the expected format. You have to convert it to the OpenSSH
+	 * key format by using the "puttygen" tool (can be downloaded from the Putty
+	 * website). Simply load your key and then use the "Conversions/Export OpenSSH key"
+	 * functionality to get a proper PEM file.
+	 *
+	 * @param user
+	 *            A <code>String</code> holding the username.
+	 * @param pemFile
+	 *            A <code>File</code> object pointing to a file containing a DSA or RSA
+	 *            private key of the user in OpenSSH key format (PEM, you can't miss the
+	 *            "-----BEGIN DSA PRIVATE KEY-----" or "-----BEGIN RSA PRIVATE KEY-----"
+	 *            tag).
+	 * @param password
+	 *            If the PEM file is encrypted then you must specify the password.
+	 *            Otherwise, this argument will be ignored and can be set to <code>null</code>.
+	 *
+	 * @return whether the connection is now authenticated.
+	 * @throws IOException
+	 */
+	public synchronized boolean authenticateWithPublicKey(String user, File pemFile, String password)
+			throws IOException
+	{
+		if (pemFile == null)
+			throw new IllegalArgumentException("pemFile argument is null");
+
+		char[] buff = new char[256];
+
+		CharArrayWriter cw = new CharArrayWriter();
+
+		FileReader fr = new FileReader(pemFile);
+
+		while (true)
+		{
+			int len = fr.read(buff);
+			if (len < 0)
+				break;
+			cw.write(buff, 0, len);
+		}
+
+		fr.close();
+
+		return authenticateWithPublicKey(user, cw.toCharArray(), password);
+	}
+
+	/**
+	 * Add a {@link ConnectionMonitor} to this connection. Can be invoked at any time,
+	 * but it is best to add connection monitors before invoking
+	 * <code>connect()</code> to avoid glitches (e.g., you add a connection monitor after
+	 * a successful connect(), but the connection has died in the mean time. Then,
+	 * your connection monitor won't be notified.)
+	 * <p>
+	 * You can add as many monitors as you like.
+	 *
+	 * @see ConnectionMonitor
+	 *
+	 * @param cmon An object implementing the <code>ConnectionMonitor</code> interface.
+	 */
+	public synchronized void addConnectionMonitor(ConnectionMonitor cmon)
+	{
+		if (cmon == null)
+			throw new IllegalArgumentException("cmon argument is null");
+
+		connectionMonitors.add(cmon);
+
+		if (tm != null)
+			tm.setConnectionMonitors(connectionMonitors);
+	}
+
+	/**
+	 * Close the connection to the SSH-2 server. All assigned sessions will be
+	 * closed, too. Can be called at any time. Don't forget to call this once
+	 * you don't need a connection anymore - otherwise the receiver thread may
+	 * run forever.
+	 */
+	public synchronized void close()
+	{
+		Throwable t = new Throwable("Closed due to user request.");
+		close(t, false);
+	}
+
+    public void close(Throwable t, boolean hard)
+	{
+		if (cm != null)
+			cm.closeAllChannels();
+
+		if (tm != null)
+		{
+			tm.close(t, hard == false);
+			tm = null;
+		}
+		am = null;
+		cm = null;
+		authenticated = false;
+	}
+
+	/**
+	 * Same as {@link #connect(ServerHostKeyVerifier, int, int) connect(null, 0, 0)}.
+	 *
+	 * @return see comments for the {@link #connect(ServerHostKeyVerifier, int, int) connect(ServerHostKeyVerifier, int, int)} method.
+	 * @throws IOException
+	 */
+	public synchronized ConnectionInfo connect() throws IOException
+	{
+		return connect(null, 0, 0);
+	}
+
+	/**
+	 * Same as {@link #connect(ServerHostKeyVerifier, int, int) connect(verifier, 0, 0)}.
+	 *
+	 * @return see comments for the {@link #connect(ServerHostKeyVerifier, int, int) connect(ServerHostKeyVerifier, int, int)} method.
+	 * @throws IOException
+	 */
+	public synchronized ConnectionInfo connect(ServerHostKeyVerifier verifier) throws IOException
+	{
+		return connect(verifier, 0, 0);
+	}
+
+	/**
+	 * Connect to the SSH-2 server and, as soon as the server has presented its
+	 * host key, use the {@link ServerHostKeyVerifier#verifyServerHostKey(String,
+	 * int, String, byte[]) ServerHostKeyVerifier.verifyServerHostKey()}
+	 * method of the <code>verifier</code> to ask for permission to proceed.
+	 * If <code>verifier</code> is <code>null</code>, then any host key will be
+	 * accepted - this is NOT recommended, since it makes man-in-the-middle attackes
+	 * VERY easy (somebody could put a proxy SSH server between you and the real server).
+	 * <p>
+	 * Note: The verifier will be called before doing any crypto calculations
+	 * (i.e., diffie-hellman). Therefore, if you don't like the presented host key then
+	 * no CPU cycles are wasted (and the evil server has less information about us).
+	 * <p>
+	 * However, it is still possible that the server presented a fake host key: the server
+	 * cheated (typically a sign for a man-in-the-middle attack) and is not able to generate
+	 * a signature that matches its host key. Don't worry, the library will detect such
+	 * a scenario later when checking the signature (the signature cannot be checked before
+	 * having completed the diffie-hellman exchange).
+	 * <p>
+	 * Note 2: The  {@link ServerHostKeyVerifier#verifyServerHostKey(String,
+	 * int, String, byte[]) ServerHostKeyVerifier.verifyServerHostKey()} method
+	 * will *NOT* be called from the current thread, the call is being made from a
+	 * background thread (there is a background dispatcher thread for every
+	 * established connection).
+	 * <p>
+	 * Note 3: This method will block as long as the key exchange of the underlying connection
+	 * has not been completed (and you have not specified any timeouts).
+	 * <p>
+	 * Note 4: If you want to re-use a connection object that was successfully connected,
+	 * then you must call the {@link #close()} method before invoking <code>connect()</code> again.
+	 *
+	 * @param verifier
+	 *            An object that implements the
+	 *            {@link ServerHostKeyVerifier} interface. Pass <code>null</code>
+	 *            to accept any server host key - NOT recommended.
+	 *
+	 * @param connectTimeout
+	 *            Connect the underlying TCP socket to the server with the given timeout
+	 *            value (non-negative, in milliseconds). Zero means no timeout. If a proxy is being
+	 *            used (see {@link #setProxyData(ProxyData)}), then this timeout is used for the
+	 *            connection establishment to the proxy.
+	 *
+	 * @param kexTimeout
+	 *            Timeout for complete connection establishment (non-negative,
+	 *            in milliseconds). Zero means no timeout. The timeout counts from the
+	 *            moment you invoke the connect() method and is cancelled as soon as the
+	 *            first key-exchange round has finished. It is possible that
+	 *            the timeout event will be fired during the invocation of the
+	 *            <code>verifier</code> callback, but it will only have an effect after
+	 *            the <code>verifier</code> returns.
+	 *
+	 * @return A {@link ConnectionInfo} object containing the details of
+	 *            the established connection.
+	 *
+	 * @throws IOException
+	 *            If any problem occurs, e.g., the server's host key is not
+	 *            accepted by the <code>verifier</code> or there is problem during
+	 *            the initial crypto setup (e.g., the signature sent by the server is wrong).
+	 *            <p>
+	 *            In case of a timeout (either connectTimeout or kexTimeout)
+	 *            a SocketTimeoutException is thrown.
+	 *            <p>
+	 *            An exception may also be thrown if the connection was already successfully
+	 *            connected (no matter if the connection broke in the mean time) and you invoke
+	 *            <code>connect()</code> again without having called {@link #close()} first.
+	 *            <p>
+	 *            If a HTTP proxy is being used and the proxy refuses the connection,
+	 *            then a {@link HTTPProxyException} may be thrown, which
+	 *            contains the details returned by the proxy. If the proxy is buggy and does
+	 *            not return a proper HTTP response, then a normal IOException is thrown instead.
+	 */
+	public synchronized ConnectionInfo connect(ServerHostKeyVerifier verifier, int connectTimeout, int kexTimeout)
+			throws IOException
+	{
+		final class TimeoutState
+		{
+			boolean isCancelled = false;
+			boolean timeoutSocketClosed = false;
+		}
+
+		if (tm != null)
+			throw new IOException("Connection to " + hostname + " is already in connected state!");
+
+		if (connectTimeout < 0)
+			throw new IllegalArgumentException("connectTimeout must be non-negative!");
+
+		if (kexTimeout < 0)
+			throw new IllegalArgumentException("kexTimeout must be non-negative!");
+
+		final TimeoutState state = new TimeoutState();
+
+		tm = new TransportManager(hostname, port);
+        tm.setSoTimeout(connectTimeout);
+		tm.setConnectionMonitors(connectionMonitors);
+
+		/* Make sure that the runnable below will observe the new value of "tm"
+		 * and "state" (the runnable will be executed in a different thread, which
+		 * may be already running, that is why we need a memory barrier here).
+		 * See also the comment in Channel.java if you
+		 * are interested in the details.
+		 * 
+		 * OKOK, this is paranoid since adding the runnable to the todo list
+		 * of the TimeoutService will ensure that all writes have been flushed
+		 * before the Runnable reads anything
+		 * (there is a synchronized block in TimeoutService.addTimeoutHandler).
+		 */
+
+		synchronized (tm)
+		{
+			/* We could actually synchronize on anything. */
+		}
+
+		try
+		{
+			TimeoutToken token = null;
+
+			if (kexTimeout > 0)
+			{
+				final Runnable timeoutHandler = new Runnable()
+				{
+					public void run()
+					{
+						synchronized (state)
+						{
+							if (state.isCancelled)
+								return;
+							state.timeoutSocketClosed = true;
+							tm.close(new SocketTimeoutException("The connect timeout expired"), false);
+						}
+					}
+				};
+
+				long timeoutHorizont = System.currentTimeMillis() + kexTimeout;
+
+				token = TimeoutService.addTimeoutHandler(timeoutHorizont, timeoutHandler);
+			}
+
+			try
+			{
+				tm.initialize(identification, cryptoWishList, verifier, dhgexpara, connectTimeout,
+                        getOrCreateSecureRND(), proxyData);
+			}
+			catch (SocketTimeoutException se)
+			{
+				throw (SocketTimeoutException) new SocketTimeoutException(
+						"The connect() operation on the socket timed out.").initCause(se);
+			}
+
+			tm.setTcpNoDelay(tcpNoDelay);
+
+			/* Wait until first KEX has finished */
+
+			ConnectionInfo ci = tm.getConnectionInfo(1);
+
+			/* Now try to cancel the timeout, if needed */
+
+			if (token != null)
+			{
+				TimeoutService.cancelTimeoutHandler(token);
+
+				/* Were we too late? */
+
+				synchronized (state)
+				{
+					if (state.timeoutSocketClosed)
+						throw new IOException("This exception will be replaced by the one below =)");
+					/* Just in case the "cancelTimeoutHandler" invocation came just a little bit
+					 * too late but the handler did not enter the semaphore yet - we can
+					 * still stop it.
+					 */
+					state.isCancelled = true;
+				}
+			}
+
+			return ci;
+		}
+		catch (SocketTimeoutException ste)
+		{
+			throw ste;
+		}
+		catch (IOException e1)
+		{
+			/* This will also invoke any registered connection monitors */
+			close(new Throwable("There was a problem during connect."), false);
+
+			synchronized (state)
+			{
+				/* Show a clean exception, not something like "the socket is closed!?!" */
+				if (state.timeoutSocketClosed)
+					throw new SocketTimeoutException("The kexTimeout (" + kexTimeout + " ms) expired.");
+			}
+
+			/* Do not wrap a HTTPProxyException */
+			if (e1 instanceof HTTPProxyException)
+				throw e1;
+
+			throw (IOException) new IOException("There was a problem while connecting to " + hostname + ":" + port)
+					.initCause(e1);
+		}
+	}
+
+	/**
+	 * Creates a new {@link LocalPortForwarder}.
+	 * A <code>LocalPortForwarder</code> forwards TCP/IP connections that arrive at a local
+	 * port via the secure tunnel to another host (which may or may not be
+	 * identical to the remote SSH-2 server).
+	 * <p>
+	 * This method must only be called after one has passed successfully the authentication step.
+	 * There is no limit on the number of concurrent forwardings.
+	 *
+	 * @param local_port the local port the LocalPortForwarder shall bind to.
+	 * @param host_to_connect target address (IP or hostname)
+	 * @param port_to_connect target port
+	 * @return A {@link LocalPortForwarder} object.
+	 * @throws IOException
+	 */
+	public synchronized LocalPortForwarder createLocalPortForwarder(int local_port, String host_to_connect,
+			int port_to_connect) throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("Cannot forward ports, you need to establish a connection first.");
+
+		if (!authenticated)
+			throw new IllegalStateException("Cannot forward ports, connection is not authenticated.");
+
+		return new LocalPortForwarder(cm, local_port, host_to_connect, port_to_connect);
+	}
+
+	/**
+	 * Creates a new {@link LocalPortForwarder}.
+	 * A <code>LocalPortForwarder</code> forwards TCP/IP connections that arrive at a local
+	 * port via the secure tunnel to another host (which may or may not be
+	 * identical to the remote SSH-2 server).
+	 * <p>
+	 * This method must only be called after one has passed successfully the authentication step.
+	 * There is no limit on the number of concurrent forwardings.
+	 *
+	 * @param addr specifies the InetSocketAddress where the local socket shall be bound to.
+	 * @param host_to_connect target address (IP or hostname)
+	 * @param port_to_connect target port
+	 * @return A {@link LocalPortForwarder} object.
+	 * @throws IOException
+	 */
+	public synchronized LocalPortForwarder createLocalPortForwarder(InetSocketAddress addr, String host_to_connect,
+			int port_to_connect) throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("Cannot forward ports, you need to establish a connection first.");
+
+		if (!authenticated)
+			throw new IllegalStateException("Cannot forward ports, connection is not authenticated.");
+
+		return new LocalPortForwarder(cm, addr, host_to_connect, port_to_connect);
+	}
+
+	/**
+	 * Creates a new {@link LocalStreamForwarder}.
+	 * A <code>LocalStreamForwarder</code> manages an Input/Outputstream pair
+	 * that is being forwarded via the secure tunnel into a TCP/IP connection to another host
+	 * (which may or may not be identical to the remote SSH-2 server).
+	 *
+	 * @param host_to_connect
+	 * @param port_to_connect
+	 * @return A {@link LocalStreamForwarder} object.
+	 * @throws IOException
+	 */
+	public synchronized LocalStreamForwarder createLocalStreamForwarder(String host_to_connect, int port_to_connect)
+			throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("Cannot forward, you need to establish a connection first.");
+
+		if (!authenticated)
+			throw new IllegalStateException("Cannot forward, connection is not authenticated.");
+
+		return new LocalStreamForwarder(cm, host_to_connect, port_to_connect);
+	}
+
+	/**
+	 * Create a very basic {@link SCPClient} that can be used to copy
+	 * files from/to the SSH-2 server.
+	 * <p>
+	 * Works only after one has passed successfully the authentication step.
+	 * There is no limit on the number of concurrent SCP clients.
+	 * <p>
+	 * Note: This factory method will probably disappear in the future.
+	 *
+	 * @return A {@link SCPClient} object.
+	 * @throws IOException
+	 */
+	public synchronized SCPClient createSCPClient() throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("Cannot create SCP client, you need to establish a connection first.");
+
+		if (!authenticated)
+			throw new IllegalStateException("Cannot create SCP client, connection is not authenticated.");
+
+		return new SCPClient(this);
+	}
+
+	/**
+	 * Force an asynchronous key re-exchange (the call does not block). The
+	 * latest values set for MAC, Cipher and DH group exchange parameters will
+	 * be used. If a key exchange is currently in progress, then this method has
+	 * the only effect that the so far specified parameters will be used for the
+	 * next (server driven) key exchange.
+	 * <p>
+	 * Note: This implementation will never start a key exchange (other than the initial one)
+	 * unless you or the SSH-2 server ask for it.
+	 *
+	 * @throws IOException
+	 *             In case of any failure behind the scenes.
+	 */
+	public synchronized void forceKeyExchange() throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("You need to establish a connection first.");
+
+		tm.forceKeyExchange(cryptoWishList, dhgexpara);
+	}
+
+	/**
+	 * Returns the hostname that was passed to the constructor.
+	 *
+	 * @return the hostname
+	 */
+	public synchronized String getHostname()
+	{
+		return hostname;
+	}
+
+	/**
+	 * Returns the port that was passed to the constructor.
+	 *
+	 * @return the TCP port
+	 */
+	public synchronized int getPort()
+	{
+		return port;
+	}
+
+	/**
+	 * Returns a {@link ConnectionInfo} object containing the details of
+	 * the connection. Can be called as soon as the connection has been
+	 * established (successfully connected).
+	 *
+	 * @return A {@link ConnectionInfo} object.
+	 * @throws IOException
+	 *             In case of any failure behind the scenes.
+	 */
+	public synchronized ConnectionInfo getConnectionInfo() throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException(
+					"Cannot get details of connection, you need to establish a connection first.");
+		return tm.getConnectionInfo(1);
+	}
+
+	/**
+	 * After a successful connect, one has to authenticate oneself. This method
+	 * can be used to tell which authentication methods are supported by the
+	 * server at a certain stage of the authentication process (for the given
+	 * username).
+	 * <p>
+	 * Note 1: the username will only be used if no authentication step was done
+	 * so far (it will be used to ask the server for a list of possible
+	 * authentication methods by sending the initial "none" request). Otherwise,
+	 * this method ignores the user name and returns a cached method list
+	 * (which is based on the information contained in the last negative server response).
+	 * <p>
+	 * Note 2: the server may return method names that are not supported by this
+	 * implementation.
+	 * <p>
+	 * After a successful authentication, this method must not be called
+	 * anymore.
+	 *
+	 * @param user
+	 *            A <code>String</code> holding the username.
+	 *
+	 * @return a (possibly emtpy) array holding authentication method names.
+	 * @throws IOException
+	 */
+	public synchronized String[] getRemainingAuthMethods(String user) throws IOException
+	{
+		if (user == null)
+			throw new IllegalArgumentException("user argument may not be NULL!");
+
+		if (tm == null)
+			throw new IllegalStateException("Connection is not established!");
+
+		if (authenticated)
+			throw new IllegalStateException("Connection is already authenticated!");
+
+		if (am == null)
+			am = new AuthenticationManager(tm);
+
+		if (cm == null)
+			cm = new ChannelManager(tm);
+
+		return am.getRemainingMethods(user);
+	}
+
+	/**
+	 * Determines if the authentication phase is complete. Can be called at any
+	 * time.
+	 *
+	 * @return <code>true</code> if no further authentication steps are
+	 *         needed.
+	 */
+	public synchronized boolean isAuthenticationComplete()
+	{
+		return authenticated;
+	}
+
+	/**
+	 * Returns true if there was at least one failed authentication request and
+	 * the last failed authentication request was marked with "partial success"
+	 * by the server. This is only needed in the rare case of SSH-2 server setups
+	 * that cannot be satisfied with a single successful authentication request
+	 * (i.e., multiple authentication steps are needed.)
+	 * <p>
+	 * If you are interested in the details, then have a look at RFC4252.
+	 *
+	 * @return if the there was a failed authentication step and the last one
+	 *         was marked as a "partial success".
+	 */
+	public synchronized boolean isAuthenticationPartialSuccess()
+	{
+		if (am == null)
+			return false;
+
+		return am.getPartialSuccess();
+	}
+
+	/**
+	 * Checks if a specified authentication method is available. This method is
+	 * actually just a wrapper for {@link #getRemainingAuthMethods(String)
+	 * getRemainingAuthMethods()}.
+	 *
+	 * @param user
+	 *            A <code>String</code> holding the username.
+	 * @param method
+	 *            An authentication method name (e.g., "publickey", "password",
+	 *            "keyboard-interactive") as specified by the SSH-2 standard.
+	 * @return if the specified authentication method is currently available.
+	 * @throws IOException
+	 */
+	public synchronized boolean isAuthMethodAvailable(String user, String method) throws IOException
+	{
+		if (method == null)
+			throw new IllegalArgumentException("method argument may not be NULL!");
+
+		String methods[] = getRemainingAuthMethods(user);
+
+		for (int i = 0; i < methods.length; i++)
+		{
+			if (methods[i].compareTo(method) == 0)
+				return true;
+		}
+
+		return false;
+	}
+
+	private SecureRandom getOrCreateSecureRND()
+	{
+		if (generator == null)
+			generator = new SecureRandom();
+
+		return generator;
+	}
+
+	/**
+	 * Open a new {@link Session} on this connection. Works only after one has passed
+	 * successfully the authentication step. There is no limit on the number of
+	 * concurrent sessions.
+	 *
+	 * @return A {@link Session} object.
+	 * @throws IOException
+	 */
+	public synchronized Session openSession() throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("Cannot open session, you need to establish a connection first.");
+
+		if (!authenticated)
+			throw new IllegalStateException("Cannot open session, connection is not authenticated.");
+
+		return new Session(cm, getOrCreateSecureRND());
+	}
+
+	/**
+	 * Send an SSH_MSG_IGNORE packet. This method will generate a random data attribute
+	 * (length between 0 (invlusive) and 16 (exclusive) bytes, contents are random bytes).
+	 * <p>
+	 * This method must only be called once the connection is established.
+	 *
+	 * @throws IOException
+	 */
+	public synchronized void sendIgnorePacket() throws IOException
+	{
+		SecureRandom rnd = getOrCreateSecureRND();
+
+		byte[] data = new byte[rnd.nextInt(16)];
+		rnd.nextBytes(data);
+
+		sendIgnorePacket(data);
+	}
+
+	/**
+	 * Send an SSH_MSG_IGNORE packet with the given data attribute.
+	 * <p>
+	 * This method must only be called once the connection is established.
+	 *
+	 * @throws IOException
+	 */
+	public synchronized void sendIgnorePacket(byte[] data) throws IOException
+	{
+		if (data == null)
+			throw new IllegalArgumentException("data argument must not be null.");
+
+		if (tm == null)
+			throw new IllegalStateException(
+					"Cannot send SSH_MSG_IGNORE packet, you need to establish a connection first.");
+
+		PacketIgnore pi = new PacketIgnore();
+		pi.setData(data);
+
+		tm.sendMessage(pi.getPayload());
+	}
+
+	/**
+	 * Removes duplicates from a String array, keeps only first occurence
+	 * of each element. Does not destroy order of elements; can handle nulls.
+	 * Uses a very efficient O(N^2) algorithm =)
+	 *
+	 * @param list a String array.
+	 * @return a cleaned String array.
+	 */
+	private String[] removeDuplicates(String[] list)
+	{
+		if ((list == null) || (list.length < 2))
+			return list;
+
+		String[] list2 = new String[list.length];
+
+		int count = 0;
+
+		for (int i = 0; i < list.length; i++)
+		{
+			boolean duplicate = false;
+
+			String element = list[i];
+
+			for (int j = 0; j < count; j++)
+			{
+				if (((element == null) && (list2[j] == null)) || ((element != null) && (element.equals(list2[j]))))
+				{
+					duplicate = true;
+					break;
+				}
+			}
+
+			if (duplicate)
+				continue;
+
+			list2[count++] = list[i];
+		}
+
+		if (count == list2.length)
+			return list2;
+
+		String[] tmp = new String[count];
+		System.arraycopy(list2, 0, tmp, 0, count);
+
+		return tmp;
+	}
+
+	/**
+	 * Unless you know what you are doing, you will never need this.
+	 *
+	 * @param ciphers
+	 */
+	public synchronized void setClient2ServerCiphers(String[] ciphers)
+	{
+		if ((ciphers == null) || (ciphers.length == 0))
+			throw new IllegalArgumentException();
+		ciphers = removeDuplicates(ciphers);
+		BlockCipherFactory.checkCipherList(ciphers);
+		cryptoWishList.c2s_enc_algos = ciphers;
+	}
+
+	/**
+	 * Unless you know what you are doing, you will never need this.
+	 *
+	 * @param macs
+	 */
+	public synchronized void setClient2ServerMACs(String[] macs)
+	{
+		if ((macs == null) || (macs.length == 0))
+			throw new IllegalArgumentException();
+		macs = removeDuplicates(macs);
+		MAC.checkMacList(macs);
+		cryptoWishList.c2s_mac_algos = macs;
+	}
+
+	/**
+	 * Sets the parameters for the diffie-hellman group exchange. Unless you
+	 * know what you are doing, you will never need this. Default values are
+	 * defined in the {@link DHGexParameters} class.
+	 *
+	 * @param dgp {@link DHGexParameters}, non null.
+	 *
+	 */
+	public synchronized void setDHGexParameters(DHGexParameters dgp)
+	{
+		if (dgp == null)
+			throw new IllegalArgumentException();
+
+		dhgexpara = dgp;
+	}
+
+	/**
+	 * Unless you know what you are doing, you will never need this.
+	 *
+	 * @param ciphers
+	 */
+	public synchronized void setServer2ClientCiphers(String[] ciphers)
+	{
+		if ((ciphers == null) || (ciphers.length == 0))
+			throw new IllegalArgumentException();
+		ciphers = removeDuplicates(ciphers);
+		BlockCipherFactory.checkCipherList(ciphers);
+		cryptoWishList.s2c_enc_algos = ciphers;
+	}
+
+	/**
+	 * Unless you know what you are doing, you will never need this.
+	 *
+	 * @param macs
+	 */
+	public synchronized void setServer2ClientMACs(String[] macs)
+	{
+		if ((macs == null) || (macs.length == 0))
+			throw new IllegalArgumentException();
+
+		macs = removeDuplicates(macs);
+		MAC.checkMacList(macs);
+		cryptoWishList.s2c_mac_algos = macs;
+	}
+
+	/**
+	 * Define the set of allowed server host key algorithms to be used for
+	 * the following key exchange operations.
+	 * <p>
+	 * Unless you know what you are doing, you will never need this.
+	 *
+	 * @param algos An array of allowed server host key algorithms.
+	 * 	SSH-2 defines <code>ssh-dss</code> and <code>ssh-rsa</code>.
+	 * 	The entries of the array must be ordered after preference, i.e.,
+	 *  the entry at index 0 is the most preferred one. You must specify
+	 *  at least one entry.
+	 */
+	public synchronized void setServerHostKeyAlgorithms(String[] algos)
+	{
+		if ((algos == null) || (algos.length == 0))
+			throw new IllegalArgumentException();
+
+		algos = removeDuplicates(algos);
+		KexManager.checkServerHostkeyAlgorithmsList(algos);
+		cryptoWishList.serverHostKeyAlgorithms = algos;
+	}
+
+	/**
+	 * Enable/disable TCP_NODELAY (disable/enable Nagle's algorithm) on the underlying socket.
+	 * <p>
+	 * Can be called at any time. If the connection has not yet been established
+	 * then the passed value will be stored and set after the socket has been set up.
+	 * The default value that will be used is <code>false</code>.
+	 *
+	 * @param enable the argument passed to the <code>Socket.setTCPNoDelay()</code> method.
+	 * @throws IOException
+	 */
+	public synchronized void setTCPNoDelay(boolean enable) throws IOException
+	{
+		tcpNoDelay = enable;
+
+		if (tm != null)
+			tm.setTcpNoDelay(enable);
+	}
+
+	/**
+	 * Used to tell the library that the connection shall be established through a proxy server.
+	 * It only makes sense to call this method before calling the {@link #connect() connect()}
+	 * method.
+	 * <p>
+	 * At the moment, only HTTP proxies are supported.
+	 * <p>
+	 * Note: This method can be called any number of times. The {@link #connect() connect()}
+	 * method will use the value set in the last preceding invocation of this method.
+	 *
+	 * @see HTTPProxyData
+	 *
+	 * @param proxyData Connection information about the proxy. If <code>null</code>, then
+	 *                  no proxy will be used (non surprisingly, this is also the default).
+	 */
+	public synchronized void setProxyData(ProxyData proxyData)
+	{
+		this.proxyData = proxyData;
+	}
+
+	/**
+	 * Request a remote port forwarding.
+	 * If successful, then forwarded connections will be redirected to the given target address.
+	 * You can cancle a requested remote port forwarding by calling
+	 * {@link #cancelRemotePortForwarding(int) cancelRemotePortForwarding()}.
+	 * <p>
+	 * A call of this method will block until the peer either agreed or disagreed to your request-
+	 * <p>
+	 * Note 1: this method typically fails if you
+	 * <ul>
+	 * <li>pass a port number for which the used remote user has not enough permissions (i.e., port
+	 * &lt; 1024)</li>
+	 * <li>or pass a port number that is already in use on the remote server</li>
+	 * <li>or if remote port forwarding is disabled on the server.</li>
+	 * </ul>
+	 * <p>
+	 * Note 2: (from the openssh man page): By default, the listening socket on the server will be
+	 * bound to the loopback interface only. This may be overriden by specifying a bind address.
+	 * Specifying a remote bind address will only succeed if the server's <b>GatewayPorts</b> option
+	 * is enabled (see sshd_config(5)).
+	 *
+	 * @param bindAddress address to bind to on the server:
+	 *                    <ul>
+	 *                    <li>"" means that connections are to be accepted on all protocol families
+	 *                    supported by the SSH implementation</li>
+	 *                    <li>"0.0.0.0" means to listen on all IPv4 addresses</li>
+	 *                    <li>"::" means to listen on all IPv6 addresses</li>
+	 *                    <li>"localhost" means to listen on all protocol families supported by the SSH
+	 *                    implementation on loopback addresses only, [RFC3330] and RFC3513]</li>
+	 *                    <li>"127.0.0.1" and "::1" indicate listening on the loopback interfaces for
+	 *                    IPv4 and IPv6 respectively</li>
+	 *                    </ul>
+	 * @param bindPort port number to bind on the server (must be &gt; 0)
+	 * @param targetAddress the target address (IP or hostname)
+	 * @param targetPort the target port
+	 * @throws IOException
+	 */
+	public synchronized void requestRemotePortForwarding(String bindAddress, int bindPort, String targetAddress,
+			int targetPort) throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("You need to establish a connection first.");
+
+		if (!authenticated)
+			throw new IllegalStateException("The connection is not authenticated.");
+
+		if ((bindAddress == null) || (targetAddress == null) || (bindPort <= 0) || (targetPort <= 0))
+			throw new IllegalArgumentException();
+
+		cm.requestGlobalForward(bindAddress, bindPort, targetAddress, targetPort);
+	}
+
+	/**
+	 * Cancel an earlier requested remote port forwarding.
+	 * Currently active forwardings will not be affected (e.g., disrupted).
+	 * Note that further connection forwarding requests may be received until
+	 * this method has returned.
+	 *
+	 * @param bindPort the allocated port number on the server
+	 * @throws IOException if the remote side refuses the cancel request or another low
+	 *         level error occurs (e.g., the underlying connection is closed)
+	 */
+	public synchronized void cancelRemotePortForwarding(int bindPort) throws IOException
+	{
+		if (tm == null)
+			throw new IllegalStateException("You need to establish a connection first.");
+
+		if (!authenticated)
+			throw new IllegalStateException("The connection is not authenticated.");
+
+		cm.requestCancelGlobalForward(bindPort);
+	}
+
+	/**
+	 * Provide your own instance of SecureRandom. Can be used, e.g., if you
+	 * want to seed the used SecureRandom generator manually.
+	 * <p>
+	 * The SecureRandom instance is used during key exchanges, public key authentication,
+	 * x11 cookie generation and the like.
+	 *
+	 * @param rnd a SecureRandom instance
+	 */
+	public synchronized void setSecureRandom(SecureRandom rnd)
+	{
+		if (rnd == null)
+			throw new IllegalArgumentException();
+
+		this.generator = rnd;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/ConnectionInfo.java b/src/main/java/ch/ethz/ssh2/ConnectionInfo.java
new file mode 100644
index 0000000..787876e
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/ConnectionInfo.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * In most cases you probably do not need the information contained in here.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class ConnectionInfo
+{
+	/**
+	 * The used key exchange (KEX) algorithm in the latest key exchange.
+	 */
+	public String keyExchangeAlgorithm;
+
+	/**
+	 * The currently used crypto algorithm for packets from to the client to the
+	 * server.
+	 */
+	public String clientToServerCryptoAlgorithm;
+	/**
+	 * The currently used crypto algorithm for packets from to the server to the
+	 * client.
+	 */
+	public String serverToClientCryptoAlgorithm;
+
+	/**
+	 * The currently used MAC algorithm for packets from to the client to the
+	 * server.
+	 */
+	public String clientToServerMACAlgorithm;
+	/**
+	 * The currently used MAC algorithm for packets from to the server to the
+	 * client.
+	 */
+	public String serverToClientMACAlgorithm;
+
+	/**
+	 * The type of the server host key (currently either "ssh-dss" or
+	 * "ssh-rsa").
+	 */
+	public String serverHostKeyAlgorithm;
+	/**
+	 * The server host key that was sent during the latest key exchange.
+	 */
+	public byte[] serverHostKey;
+
+	/**
+	 * Number of kex exchanges performed on this connection so far.
+	 */
+	public int keyExchangeCounter = 0;
+}
diff --git a/src/main/java/ch/ethz/ssh2/ConnectionMonitor.java b/src/main/java/ch/ethz/ssh2/ConnectionMonitor.java
new file mode 100644
index 0000000..06d3c3f
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/ConnectionMonitor.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A <code>ConnectionMonitor</code> is used to get notified when the
+ * underlying socket of a connection is closed. 
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public interface ConnectionMonitor
+{
+	/**
+	 * This method is called after the connection's underlying
+	 * socket has been closed. E.g., due to the {@link Connection#close()} request of the
+	 * user, if the peer closed the connection, due to a fatal error during connect()
+	 * (also if the socket cannot be established) or if a fatal error occured on
+	 * an established connection.
+	 * <p>
+	 * This is an experimental feature.
+	 * <p>
+	 * You MUST NOT make any assumption about the thread that invokes this method.
+	 * <p>
+	 * <b>Please note: if the connection is not connected (e.g., there was no successful
+	 * connect() call), then the invocation of {@link Connection#close()} will NOT trigger
+	 * this method.</b>
+	 * 
+	 * @see Connection#addConnectionMonitor(ConnectionMonitor)
+	 * 
+	 * @param reason Includes an indication why the socket was closed.
+	 */
+	public void connectionLost(Throwable reason);
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/DHGexParameters.java b/src/main/java/ch/ethz/ssh2/DHGexParameters.java
new file mode 100644
index 0000000..8c18c06
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/DHGexParameters.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A <code>DHGexParameters</code> object can be used to specify parameters for
+ * the diffie-hellman group exchange.
+ * <p>
+ * Depending on which constructor is used, either the use of a
+ * <code>SSH_MSG_KEX_DH_GEX_REQUEST</code> or <code>SSH_MSG_KEX_DH_GEX_REQUEST_OLD</code>
+ * can be forced.
+ * 
+ * @see Connection#setDHGexParameters(DHGexParameters)
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class DHGexParameters
+{
+	private final int min_group_len;
+	private final int pref_group_len;
+	private final int max_group_len;
+
+	private static final int MIN_ALLOWED = 1024;
+	private static final int MAX_ALLOWED = 8192;
+
+	/**
+	 * Same as calling {@link #DHGexParameters(int, int, int) DHGexParameters(1024, 1024, 4096)}.
+	 * This is also the default used by the Connection class.
+	 * 
+	 */
+	public DHGexParameters()
+	{
+		this(1024, 1024, 4096);
+	}
+
+	/**
+	 * This constructor can be used to force the sending of a
+	 * <code>SSH_MSG_KEX_DH_GEX_REQUEST_OLD</code> request.
+	 * Internally, the minimum and maximum group lengths will
+	 * be set to zero.
+	 * 
+	 * @param pref_group_len has to be &gt= 1024 and &lt;= 8192
+	 */
+	public DHGexParameters(int pref_group_len)
+	{
+		if ((pref_group_len < MIN_ALLOWED) || (pref_group_len > MAX_ALLOWED))
+			throw new IllegalArgumentException("pref_group_len out of range!");
+
+		this.pref_group_len = pref_group_len;
+		this.min_group_len = 0;
+		this.max_group_len = 0;
+	}
+
+	/**
+	 * This constructor can be used to force the sending of a
+	 * <code>SSH_MSG_KEX_DH_GEX_REQUEST</code> request.
+	 * <p>
+	 * Note: older OpenSSH servers don't understand this request, in which
+	 * case you should use the {@link #DHGexParameters(int)} constructor.
+	 * <p>
+	 * All values have to be &gt= 1024 and &lt;= 8192. Furthermore,
+	 * min_group_len &lt;= pref_group_len &lt;= max_group_len.
+	 * 
+	 * @param min_group_len
+	 * @param pref_group_len
+	 * @param max_group_len
+	 */
+	public DHGexParameters(int min_group_len, int pref_group_len, int max_group_len)
+	{
+		if ((min_group_len < MIN_ALLOWED) || (min_group_len > MAX_ALLOWED))
+			throw new IllegalArgumentException("min_group_len out of range!");
+
+		if ((pref_group_len < MIN_ALLOWED) || (pref_group_len > MAX_ALLOWED))
+			throw new IllegalArgumentException("pref_group_len out of range!");
+
+		if ((max_group_len < MIN_ALLOWED) || (max_group_len > MAX_ALLOWED))
+			throw new IllegalArgumentException("max_group_len out of range!");
+
+		if ((pref_group_len < min_group_len) || (pref_group_len > max_group_len))
+			throw new IllegalArgumentException("pref_group_len is incompatible with min and max!");
+
+		if (max_group_len < min_group_len)
+			throw new IllegalArgumentException("max_group_len must not be smaller than min_group_len!");
+
+		this.min_group_len = min_group_len;
+		this.pref_group_len = pref_group_len;
+		this.max_group_len = max_group_len;
+	}
+
+	/**
+	 * Get the maximum group length.
+	 * 
+	 * @return the maximum group length, may be <code>zero</code> if
+	 *         SSH_MSG_KEX_DH_GEX_REQUEST_OLD should be requested
+	 */
+	public int getMax_group_len()
+	{
+		return max_group_len;
+	}
+
+	/**
+	 * Get the minimum group length.
+	 * 
+	 * @return minimum group length, may be <code>zero</code> if
+	 *         SSH_MSG_KEX_DH_GEX_REQUEST_OLD should be requested
+	 */
+	public int getMin_group_len()
+	{
+		return min_group_len;
+	}
+
+	/**
+	 * Get the preferred group length.
+	 * 
+	 * @return the preferred group length
+	 */
+	public int getPref_group_len()
+	{
+		return pref_group_len;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/HTTPProxyData.java b/src/main/java/ch/ethz/ssh2/HTTPProxyData.java
new file mode 100644
index 0000000..e02ad93
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/HTTPProxyData.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A <code>HTTPProxyData</code> object is used to specify the needed connection data
+ * to connect through a HTTP proxy. 
+ * 
+ * @see Connection#setProxyData(ProxyData)
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class HTTPProxyData implements ProxyData
+{
+	public final String proxyHost;
+	public final int proxyPort;
+	public final String proxyUser;
+	public final String proxyPass;
+	public final String[] requestHeaderLines;
+
+	/**
+	 * Same as calling {@link #HTTPProxyData(String, int, String, String) HTTPProxyData(proxyHost, proxyPort, <code>null</code>, <code>null</code>)}
+	 * 
+	 * @param proxyHost Proxy hostname.
+	 * @param proxyPort Proxy port.
+	 */
+	public HTTPProxyData(String proxyHost, int proxyPort)
+	{
+		this(proxyHost, proxyPort, null, null);
+	}
+
+	/**
+	 * Same as calling {@link #HTTPProxyData(String, int, String, String, String[]) HTTPProxyData(proxyHost, proxyPort, <code>null</code>, <code>null</code>, <code>null</code>)}
+	 *
+	 * @param proxyHost Proxy hostname.
+	 * @param proxyPort Proxy port.
+	 * @param proxyUser Username for basic authentication (<code>null</code> if no authentication is needed).
+	 * @param proxyPass Password for basic authentication (<code>null</code> if no authentication is needed).
+	 */
+	public HTTPProxyData(String proxyHost, int proxyPort, String proxyUser, String proxyPass)
+	{
+		this(proxyHost, proxyPort, proxyUser, proxyPass, null);
+	}
+
+	/**
+	 * Connection data for a HTTP proxy. It is possible to specify a username and password
+	 * if the proxy requires basic authentication. Also, additional request header lines can
+	 * be specified (e.g., "User-Agent: CERN-LineMode/2.15 libwww/2.17b3").
+	 * <p>
+	 * Please note: if you want to use basic authentication, then both <code>proxyUser</code>
+	 * and <code>proxyPass</code> must be non-null.
+	 * <p>
+	 * Here is an example:
+	 * <p>
+	 * <code>
+	 * new HTTPProxyData("192.168.1.1", "3128", "proxyuser", "secret", new String[] {"User-Agent: GanymedBasedClient/1.0", "X-My-Proxy-Option: something"});
+	 * </code>
+	 * 
+	 * @param proxyHost Proxy hostname.
+	 * @param proxyPort Proxy port.
+	 * @param proxyUser Username for basic authentication (<code>null</code> if no authentication is needed).
+	 * @param proxyPass Password for basic authentication (<code>null</code> if no authentication is needed).
+	 * @param requestHeaderLines An array with additional request header lines (without end-of-line markers)
+	 *        that have to be sent to the server. May be <code>null</code>.
+	 */
+
+	public HTTPProxyData(String proxyHost, int proxyPort, String proxyUser, String proxyPass,
+			String[] requestHeaderLines)
+	{
+		if (proxyHost == null)
+			throw new IllegalArgumentException("proxyHost must be non-null");
+
+		if (proxyPort < 0)
+			throw new IllegalArgumentException("proxyPort must be non-negative");
+
+		this.proxyHost = proxyHost;
+		this.proxyPort = proxyPort;
+		this.proxyUser = proxyUser;
+		this.proxyPass = proxyPass;
+		this.requestHeaderLines = requestHeaderLines;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/HTTPProxyException.java b/src/main/java/ch/ethz/ssh2/HTTPProxyException.java
new file mode 100644
index 0000000..6d6efac
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/HTTPProxyException.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+
+/**
+ * May be thrown upon connect() if a HTTP proxy is being used.
+ * 
+ * @see Connection#connect()
+ * @see Connection#setProxyData(ProxyData)
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class HTTPProxyException extends IOException
+{
+	private static final long serialVersionUID = 2241537397104426186L;
+
+	public final String httpResponse;
+	public final int httpErrorCode;
+
+	public HTTPProxyException(String httpResponse, int httpErrorCode)
+	{
+		super("HTTP Proxy Error (" + httpErrorCode + " " + httpResponse + ")");
+		this.httpResponse = httpResponse;
+		this.httpErrorCode = httpErrorCode;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/InteractiveCallback.java b/src/main/java/ch/ethz/ssh2/InteractiveCallback.java
new file mode 100644
index 0000000..a87e223
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/InteractiveCallback.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * An <code>InteractiveCallback</code> is used to respond to challenges sent
+ * by the server if authentication mode "keyboard-interactive" is selected.
+ * 
+ * @see Connection#authenticateWithKeyboardInteractive(String,
+ *      String[], InteractiveCallback)
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public interface InteractiveCallback
+{
+	/**
+	 * This callback interface is used during a "keyboard-interactive"
+	 * authentication. Every time the server sends a set of challenges (however,
+	 * most often just one challenge at a time), this callback function will be
+	 * called to give your application a chance to talk to the user and to
+	 * determine the response(s).
+	 * <p>
+	 * Some copy-paste information from the standard: a command line interface
+	 * (CLI) client SHOULD print the name and instruction (if non-empty), adding
+	 * newlines. Then for each prompt in turn, the client SHOULD display the
+	 * prompt and read the user input. The name and instruction fields MAY be
+	 * empty strings, the client MUST be prepared to handle this correctly. The
+	 * prompt field(s) MUST NOT be empty strings.
+	 * <p>
+	 * Please refer to draft-ietf-secsh-auth-kbdinteract-XX.txt for the details.
+	 * <p>
+	 * Note: clients SHOULD use control character filtering as discussed in
+	 * RFC4251 to avoid attacks by including
+	 * terminal control characters in the fields to be displayed.
+	 * 
+	 * @param name
+	 *            the name String sent by the server.
+	 * @param instruction
+	 *            the instruction String sent by the server.
+	 * @param numPrompts
+	 *            number of prompts - may be zero (in this case, you should just
+	 *            return a String array of length zero).
+	 * @param prompt
+	 *            an array (length <code>numPrompts</code>) of Strings
+	 * @param echo
+	 *            an array (length <code>numPrompts</code>) of booleans. For
+	 *            each prompt, the corresponding echo field indicates whether or
+	 *            not the user input should be echoed as characters are typed.
+	 * @return an array of reponses - the array size must match the parameter
+	 *         <code>numPrompts</code>.
+	 */
+	public String[] replyToChallenge(String name, String instruction, int numPrompts, String[] prompt, boolean[] echo)
+			throws Exception;
+}
diff --git a/src/main/java/ch/ethz/ssh2/KnownHosts.java b/src/main/java/ch/ethz/ssh2/KnownHosts.java
new file mode 100644
index 0000000..3f430bb
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/KnownHosts.java
@@ -0,0 +1,951 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+
+package ch.ethz.ssh2;
+
+import java.io.BufferedReader;
+import java.io.CharArrayReader;
+import java.io.CharArrayWriter;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.security.SecureRandom;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Vector;
+
+import ch.ethz.ssh2.crypto.Base64;
+import ch.ethz.ssh2.crypto.digest.Digest;
+import ch.ethz.ssh2.crypto.digest.HMAC;
+import ch.ethz.ssh2.crypto.digest.MD5;
+import ch.ethz.ssh2.crypto.digest.SHA1;
+import ch.ethz.ssh2.signature.DSAPublicKey;
+import ch.ethz.ssh2.signature.DSASHA1Verify;
+import ch.ethz.ssh2.signature.RSAPublicKey;
+import ch.ethz.ssh2.signature.RSASHA1Verify;
+import ch.ethz.ssh2.util.StringEncoder;
+
+/**
+ * The <code>KnownHosts</code> class is a handy tool to verify received server hostkeys
+ * based on the information in <code>known_hosts</code> files (the ones used by OpenSSH).
+ * <p/>
+ * It offers basically an in-memory database for known_hosts entries, as well as some
+ * helper functions. Entries from a <code>known_hosts</code> file can be loaded at construction time.
+ * It is also possible to add more keys later (e.g., one can parse different
+ * <code>known_hosts<code> files).
+ * <p/>
+ * It is a thread safe implementation, therefore, you need only to instantiate one
+ * <code>KnownHosts</code> for your whole application.
+ *
+ * @author Christian Plattner
+ * @version $Id: KnownHosts.java 37 2011-05-28 22:31:46Z dkocher@sudo.ch $
+ */
+
+public class KnownHosts
+{
+	public static final int HOSTKEY_IS_OK = 0;
+	public static final int HOSTKEY_IS_NEW = 1;
+	public static final int HOSTKEY_HAS_CHANGED = 2;
+
+	private class KnownHostsEntry
+	{
+		String[] patterns;
+		Object key;
+
+		KnownHostsEntry(String[] patterns, Object key)
+		{
+			this.patterns = patterns;
+			this.key = key;
+		}
+	}
+
+	private final LinkedList<KnownHostsEntry> publicKeys = new LinkedList<KnownHosts.KnownHostsEntry>();
+
+	public KnownHosts()
+	{
+	}
+
+	public KnownHosts(char[] knownHostsData) throws IOException
+	{
+		initialize(knownHostsData);
+	}
+
+	public KnownHosts(String knownHosts) throws IOException
+	{
+		initialize(new File(knownHosts));
+	}
+
+	public KnownHosts(File knownHosts) throws IOException
+	{
+		initialize(knownHosts);
+	}
+
+	/**
+	 * Adds a single public key entry to the database. Note: this will NOT add the public key
+	 * to any physical file (e.g., "~/.ssh/known_hosts") - use <code>addHostkeyToFile()</code> for that purpose.
+	 * This method is designed to be used in a {@link ServerHostKeyVerifier}.
+	 *
+	 * @param hostnames a list of hostname patterns - at least one most be specified. Check out the
+	 * OpenSSH sshd man page for a description of the pattern matching algorithm.
+	 * @param serverHostKeyAlgorithm as passed to the {@link ServerHostKeyVerifier}.
+	 * @param serverHostKey as passed to the {@link ServerHostKeyVerifier}.
+	 * @throws IOException
+	 */
+	public void addHostkey(String hostnames[], String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException
+	{
+		if (hostnames == null)
+		{
+			throw new IllegalArgumentException("hostnames may not be null");
+		}
+
+		if ("ssh-rsa".equals(serverHostKeyAlgorithm))
+		{
+			RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(serverHostKey);
+
+			synchronized (publicKeys)
+			{
+				publicKeys.add(new KnownHostsEntry(hostnames, rpk));
+			}
+		}
+		else if ("ssh-dss".equals(serverHostKeyAlgorithm))
+		{
+			DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(serverHostKey);
+
+			synchronized (publicKeys)
+			{
+				publicKeys.add(new KnownHostsEntry(hostnames, dpk));
+			}
+		}
+		else
+		{
+			throw new IOException("Unknwon host key type (" + serverHostKeyAlgorithm + ")");
+		}
+	}
+
+	/**
+	 * Parses the given known_hosts data and adds entries to the database.
+	 *
+	 * @param knownHostsData
+	 * @throws IOException
+	 */
+	public void addHostkeys(char[] knownHostsData) throws IOException
+	{
+		initialize(knownHostsData);
+	}
+
+	/**
+	 * Parses the given known_hosts file and adds entries to the database.
+	 *
+	 * @param knownHosts
+	 * @throws IOException
+	 */
+	public void addHostkeys(File knownHosts) throws IOException
+	{
+		initialize(knownHosts);
+	}
+
+	/**
+	 * Generate the hashed representation of the given hostname. Useful for adding entries
+	 * with hashed hostnames to a known_hosts file. (see -H option of OpenSSH key-gen).
+	 *
+	 * @param hostname
+	 * @return the hashed representation, e.g., "|1|cDhrv7zwEUV3k71CEPHnhHZezhA=|Xo+2y6rUXo2OIWRAYhBOIijbJMA="
+	 */
+	public static String createHashedHostname(String hostname)
+	{
+		SHA1 sha1 = new SHA1();
+
+		byte[] salt = new byte[sha1.getDigestLength()];
+
+		new SecureRandom().nextBytes(salt);
+
+		byte[] hash = hmacSha1Hash(salt, hostname);
+
+		String base64_salt = new String(Base64.encode(salt));
+		String base64_hash = new String(Base64.encode(hash));
+
+		return new String("|1|" + base64_salt + "|" + base64_hash);
+	}
+
+	private static byte[] hmacSha1Hash(byte[] salt, String hostname)
+	{
+		SHA1 sha1 = new SHA1();
+
+		if (salt.length != sha1.getDigestLength())
+		{
+			throw new IllegalArgumentException("Salt has wrong length (" + salt.length + ")");
+		}
+
+		HMAC hmac = new HMAC(sha1, salt, salt.length);
+
+		hmac.update(StringEncoder.GetBytes(hostname));
+
+		byte[] dig = new byte[hmac.getDigestLength()];
+
+		hmac.digest(dig);
+
+		return dig;
+	}
+
+	private boolean checkHashed(String entry, String hostname)
+	{
+		if (entry.startsWith("|1|") == false)
+		{
+			return false;
+		}
+
+		int delim_idx = entry.indexOf('|', 3);
+
+		if (delim_idx == -1)
+		{
+			return false;
+		}
+
+		String salt_base64 = entry.substring(3, delim_idx);
+		String hash_base64 = entry.substring(delim_idx + 1);
+
+		byte[] salt = null;
+		byte[] hash = null;
+
+		try
+		{
+			salt = Base64.decode(salt_base64.toCharArray());
+			hash = Base64.decode(hash_base64.toCharArray());
+		}
+		catch (IOException e)
+		{
+			return false;
+		}
+
+		SHA1 sha1 = new SHA1();
+
+		if (salt.length != sha1.getDigestLength())
+		{
+			return false;
+		}
+
+		byte[] dig = hmacSha1Hash(salt, hostname);
+
+		for (int i = 0; i < dig.length; i++)
+		{
+			if (dig[i] != hash[i])
+			{
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	private int checkKey(String remoteHostname, Object remoteKey)
+	{
+		int result = HOSTKEY_IS_NEW;
+
+		synchronized (publicKeys)
+		{
+			for (KnownHostsEntry ke : publicKeys)
+			{
+				if (hostnameMatches(ke.patterns, remoteHostname) == false)
+				{
+					continue;
+				}
+
+				boolean res = matchKeys(ke.key, remoteKey);
+
+				if (res == true)
+				{
+					return HOSTKEY_IS_OK;
+				}
+
+				result = HOSTKEY_HAS_CHANGED;
+			}
+		}
+		return result;
+	}
+
+	private List<Object> getAllKeys(String hostname)
+	{
+		List<Object> keys = new Vector<Object>();
+
+		synchronized (publicKeys)
+		{
+			for (KnownHostsEntry ke : publicKeys)
+			{
+				if (hostnameMatches(ke.patterns, hostname) == false)
+				{
+					continue;
+				}
+
+				keys.add(ke.key);
+			}
+		}
+
+		return keys;
+	}
+
+	/**
+	 * Try to find the preferred order of hostkey algorithms for the given hostname.
+	 * Based on the type of hostkey that is present in the internal database
+	 * (i.e., either <code>ssh-rsa</code> or <code>ssh-dss</code>)
+	 * an ordered list of hostkey algorithms is returned which can be passed
+	 * to <code>Connection.setServerHostKeyAlgorithms</code>.
+	 *
+	 * @param hostname
+	 * @return <code>null</code> if no key for the given hostname is present or
+	 *         there are keys of multiple types present for the given hostname. Otherwise,
+	 *         an array with hostkey algorithms is returned (i.e., an array of length 2).
+	 */
+	public String[] getPreferredServerHostkeyAlgorithmOrder(String hostname)
+	{
+		String[] algos = recommendHostkeyAlgorithms(hostname);
+
+		if (algos != null)
+		{
+			return algos;
+		}
+
+		InetAddress[] ipAdresses = null;
+
+		try
+		{
+			ipAdresses = InetAddress.getAllByName(hostname);
+		}
+		catch (UnknownHostException e)
+		{
+			return null;
+		}
+
+		for (int i = 0; i < ipAdresses.length; i++)
+		{
+			algos = recommendHostkeyAlgorithms(ipAdresses[i].getHostAddress());
+
+			if (algos != null)
+			{
+				return algos;
+			}
+		}
+
+		return null;
+	}
+
+	private boolean hostnameMatches(String[] hostpatterns, String hostname)
+	{
+		boolean isMatch = false;
+		boolean negate = false;
+
+		hostname = hostname.toLowerCase();
+
+		for (int k = 0; k < hostpatterns.length; k++)
+		{
+			if (hostpatterns[k] == null)
+			{
+				continue;
+			}
+
+			String pattern = null;
+
+			/* In contrast to OpenSSH we also allow negated hash entries (as well as hashed
+							* entries in lines with multiple entries).
+							*/
+
+			if ((hostpatterns[k].length() > 0) && (hostpatterns[k].charAt(0) == '!'))
+			{
+				pattern = hostpatterns[k].substring(1);
+				negate = true;
+			}
+			else
+			{
+				pattern = hostpatterns[k];
+				negate = false;
+			}
+
+			/* Optimize, no need to check this entry */
+
+			if ((isMatch) && (negate == false))
+			{
+				continue;
+			}
+
+			/* Now compare */
+
+			if (pattern.charAt(0) == '|')
+			{
+				if (checkHashed(pattern, hostname))
+				{
+					if (negate)
+					{
+						return false;
+					}
+					isMatch = true;
+				}
+			}
+			else
+			{
+				pattern = pattern.toLowerCase();
+
+				if ((pattern.indexOf('?') != -1) || (pattern.indexOf('*') != -1))
+				{
+					if (pseudoRegex(pattern.toCharArray(), 0, hostname.toCharArray(), 0))
+					{
+						if (negate)
+						{
+							return false;
+						}
+						isMatch = true;
+					}
+				}
+				else if (pattern.compareTo(hostname) == 0)
+				{
+					if (negate)
+					{
+						return false;
+					}
+					isMatch = true;
+				}
+			}
+		}
+
+		return isMatch;
+	}
+
+	private void initialize(char[] knownHostsData) throws IOException
+	{
+		BufferedReader br = new BufferedReader(new CharArrayReader(knownHostsData));
+
+		while (true)
+		{
+			String line = br.readLine();
+
+			if (line == null)
+			{
+				break;
+			}
+
+			line = line.trim();
+
+			if (line.startsWith("#"))
+			{
+				continue;
+			}
+
+			String[] arr = line.split(" ");
+
+			if (arr.length >= 3)
+			{
+				if ((arr[1].compareTo("ssh-rsa") == 0) || (arr[1].compareTo("ssh-dss") == 0))
+				{
+					String[] hostnames = arr[0].split(",");
+
+					byte[] msg = Base64.decode(arr[2].toCharArray());
+
+					try
+					{
+						addHostkey(hostnames, arr[1], msg);
+					}
+					catch (IOException e)
+					{
+						continue;
+					}
+				}
+			}
+		}
+	}
+
+	private void initialize(File knownHosts) throws IOException
+	{
+		char[] buff = new char[512];
+
+		CharArrayWriter cw = new CharArrayWriter();
+
+		knownHosts.createNewFile();
+
+		FileReader fr = new FileReader(knownHosts);
+
+		while (true)
+		{
+			int len = fr.read(buff);
+			if (len < 0)
+			{
+				break;
+			}
+			cw.write(buff, 0, len);
+		}
+
+		fr.close();
+
+		initialize(cw.toCharArray());
+	}
+
+	private boolean matchKeys(Object key1, Object key2)
+	{
+		if ((key1 instanceof RSAPublicKey) && (key2 instanceof RSAPublicKey))
+		{
+			RSAPublicKey savedRSAKey = (RSAPublicKey) key1;
+			RSAPublicKey remoteRSAKey = (RSAPublicKey) key2;
+
+			if (savedRSAKey.getE().equals(remoteRSAKey.getE()) == false)
+			{
+				return false;
+			}
+
+			if (savedRSAKey.getN().equals(remoteRSAKey.getN()) == false)
+			{
+				return false;
+			}
+
+			return true;
+		}
+
+		if ((key1 instanceof DSAPublicKey) && (key2 instanceof DSAPublicKey))
+		{
+			DSAPublicKey savedDSAKey = (DSAPublicKey) key1;
+			DSAPublicKey remoteDSAKey = (DSAPublicKey) key2;
+
+			if (savedDSAKey.getG().equals(remoteDSAKey.getG()) == false)
+			{
+				return false;
+			}
+
+			if (savedDSAKey.getP().equals(remoteDSAKey.getP()) == false)
+			{
+				return false;
+			}
+
+			if (savedDSAKey.getQ().equals(remoteDSAKey.getQ()) == false)
+			{
+				return false;
+			}
+
+			if (savedDSAKey.getY().equals(remoteDSAKey.getY()) == false)
+			{
+				return false;
+			}
+
+			return true;
+		}
+
+		return false;
+	}
+
+	private boolean pseudoRegex(char[] pattern, int i, char[] match, int j)
+	{
+		/* This matching logic is equivalent to the one present in OpenSSH 4.1 */
+
+		while (true)
+		{
+			/* Are we at the end of the pattern? */
+
+			if (pattern.length == i)
+			{
+				return (match.length == j);
+			}
+
+			if (pattern[i] == '*')
+			{
+				i++;
+
+				if (pattern.length == i)
+				{
+					return true;
+				}
+
+				if ((pattern[i] != '*') && (pattern[i] != '?'))
+				{
+					while (true)
+					{
+						if ((pattern[i] == match[j]) && pseudoRegex(pattern, i + 1, match, j + 1))
+						{
+							return true;
+						}
+						j++;
+						if (match.length == j)
+						{
+							return false;
+						}
+					}
+				}
+
+				while (true)
+				{
+					if (pseudoRegex(pattern, i, match, j))
+					{
+						return true;
+					}
+					j++;
+					if (match.length == j)
+					{
+						return false;
+					}
+				}
+			}
+
+			if (match.length == j)
+			{
+				return false;
+			}
+
+			if ((pattern[i] != '?') && (pattern[i] != match[j]))
+			{
+				return false;
+			}
+
+			i++;
+			j++;
+		}
+	}
+
+	private String[] recommendHostkeyAlgorithms(String hostname)
+	{
+		String preferredAlgo = null;
+
+		List<Object> keys = getAllKeys(hostname);
+
+		for (Object key : keys)
+		{
+			String thisAlgo = null;
+
+			if (key instanceof RSAPublicKey)
+			{
+				thisAlgo = "ssh-rsa";
+			}
+			else if (key instanceof DSAPublicKey)
+			{
+				thisAlgo = "ssh-dss";
+			}
+			else
+			{
+				continue;
+			}
+
+			if (preferredAlgo != null)
+			{
+				/* If we find different key types, then return null */
+
+				if (preferredAlgo.compareTo(thisAlgo) != 0)
+				{
+					return null;
+				}
+			}
+			else
+			{
+				preferredAlgo = thisAlgo;
+			}
+		}
+
+		/* If we did not find anything that we know of, return null */
+
+		if (preferredAlgo == null)
+		{
+			return null;
+		}
+
+		/* Now put the preferred algo to the start of the array.
+				   * You may ask yourself why we do it that way - basically, we could just
+				   * return only the preferred algorithm: since we have a saved key of that
+				   * type (sent earlier from the remote host), then that should work out.
+				   * However, imagine that the server is (for whatever reasons) not offering
+				   * that type of hostkey anymore (e.g., "ssh-rsa" was disabled and
+				   * now "ssh-dss" is being used). If we then do not let the server send us
+				   * a fresh key of the new type, then we shoot ourself into the foot:
+				   * the connection cannot be established and hence the user cannot decide
+				   * if he/she wants to accept the new key.
+				   */
+
+		if (preferredAlgo.equals("ssh-rsa"))
+		{
+			return new String[] { "ssh-rsa", "ssh-dss" };
+		}
+
+		return new String[] { "ssh-dss", "ssh-rsa" };
+	}
+
+	/**
+	 * Checks the internal hostkey database for the given hostkey.
+	 * If no matching key can be found, then the hostname is resolved to an IP address
+	 * and the search is repeated using that IP address.
+	 *
+	 * @param hostname the server's hostname, will be matched with all hostname patterns
+	 * @param serverHostKeyAlgorithm type of hostkey, either <code>ssh-rsa</code> or <code>ssh-dss</code>
+	 * @param serverHostKey the key blob
+	 * @return <ul>
+	 *         <li><code>HOSTKEY_IS_OK</code>: the given hostkey matches an entry for the given hostname</li>
+	 *         <li><code>HOSTKEY_IS_NEW</code>: no entries found for this hostname and this type of hostkey</li>
+	 *         <li><code>HOSTKEY_HAS_CHANGED</code>: hostname is known, but with another key of the same type
+	 *         (man-in-the-middle attack?)</li>
+	 *         </ul>
+	 * @throws IOException if the supplied key blob cannot be parsed or does not match the given hostkey type.
+	 */
+	public int verifyHostkey(String hostname, String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException
+	{
+		Object remoteKey = null;
+
+		if ("ssh-rsa".equals(serverHostKeyAlgorithm))
+		{
+			remoteKey = RSASHA1Verify.decodeSSHRSAPublicKey(serverHostKey);
+		}
+		else if ("ssh-dss".equals(serverHostKeyAlgorithm))
+		{
+			remoteKey = DSASHA1Verify.decodeSSHDSAPublicKey(serverHostKey);
+		}
+		else
+		{
+			throw new IllegalArgumentException("Unknown hostkey type " + serverHostKeyAlgorithm);
+		}
+
+		int result = checkKey(hostname, remoteKey);
+
+		if (result == HOSTKEY_IS_OK)
+		{
+			return result;
+		}
+
+		InetAddress[] ipAdresses = null;
+
+		try
+		{
+			ipAdresses = InetAddress.getAllByName(hostname);
+		}
+		catch (UnknownHostException e)
+		{
+			return result;
+		}
+
+		for (int i = 0; i < ipAdresses.length; i++)
+		{
+			int newresult = checkKey(ipAdresses[i].getHostAddress(), remoteKey);
+
+			if (newresult == HOSTKEY_IS_OK)
+			{
+				return newresult;
+			}
+
+			if (newresult == HOSTKEY_HAS_CHANGED)
+			{
+				result = HOSTKEY_HAS_CHANGED;
+			}
+		}
+
+		return result;
+	}
+
+	/**
+	 * Adds a single public key entry to the a known_hosts file.
+	 * This method is designed to be used in a {@link ServerHostKeyVerifier}.
+	 *
+	 * @param knownHosts the file where the publickey entry will be appended.
+	 * @param hostnames a list of hostname patterns - at least one most be specified. Check out the
+	 * OpenSSH sshd man page for a description of the pattern matching algorithm.
+	 * @param serverHostKeyAlgorithm as passed to the {@link ServerHostKeyVerifier}.
+	 * @param serverHostKey as passed to the {@link ServerHostKeyVerifier}.
+	 * @throws IOException
+	 */
+	public static void addHostkeyToFile(File knownHosts, String[] hostnames, String serverHostKeyAlgorithm,
+			byte[] serverHostKey) throws IOException
+	{
+		if ((hostnames == null) || (hostnames.length == 0))
+		{
+			throw new IllegalArgumentException("Need at least one hostname specification");
+		}
+
+		if ((serverHostKeyAlgorithm == null) || (serverHostKey == null))
+		{
+			throw new IllegalArgumentException();
+		}
+
+		CharArrayWriter writer = new CharArrayWriter();
+
+		for (int i = 0; i < hostnames.length; i++)
+		{
+			if (i != 0)
+			{
+				writer.write(',');
+			}
+			writer.write(hostnames[i]);
+		}
+
+		writer.write(' ');
+		writer.write(serverHostKeyAlgorithm);
+		writer.write(' ');
+		writer.write(Base64.encode(serverHostKey));
+		writer.write("\n");
+
+		char[] entry = writer.toCharArray();
+
+		RandomAccessFile raf = new RandomAccessFile(knownHosts, "rw");
+
+		long len = raf.length();
+
+		if (len > 0)
+		{
+			raf.seek(len - 1);
+			int last = raf.read();
+			if (last != '\n')
+			{
+				raf.write('\n');
+			}
+		}
+
+		raf.write(StringEncoder.GetBytes(new String(entry)));
+		raf.close();
+	}
+
+	/**
+	 * Generates a "raw" fingerprint of a hostkey.
+	 *
+	 * @param type either "md5" or "sha1"
+	 * @param keyType either "ssh-rsa" or "ssh-dss"
+	 * @param hostkey the hostkey
+	 * @return the raw fingerprint
+	 */
+	static private byte[] rawFingerPrint(String type, String keyType, byte[] hostkey)
+	{
+		Digest dig = null;
+
+		if ("md5".equals(type))
+		{
+			dig = new MD5();
+		}
+		else if ("sha1".equals(type))
+		{
+			dig = new SHA1();
+		}
+		else
+		{
+			throw new IllegalArgumentException("Unknown hash type " + type);
+		}
+
+		if ("ssh-rsa".equals(keyType))
+		{
+		}
+		else if ("ssh-dss".equals(keyType))
+		{
+		}
+		else
+		{
+			throw new IllegalArgumentException("Unknown key type " + keyType);
+		}
+
+		if (hostkey == null)
+		{
+			throw new IllegalArgumentException("hostkey is null");
+		}
+
+		dig.update(hostkey);
+		byte[] res = new byte[dig.getDigestLength()];
+		dig.digest(res);
+		return res;
+	}
+
+	/**
+	 * Convert a raw fingerprint to hex representation (XX:YY:ZZ...).
+	 *
+	 * @param fingerprint raw fingerprint
+	 * @return the hex representation
+	 */
+	static private String rawToHexFingerprint(byte[] fingerprint)
+	{
+		final char[] alpha = "0123456789abcdef".toCharArray();
+
+		StringBuilder sb = new StringBuilder();
+
+		for (int i = 0; i < fingerprint.length; i++)
+		{
+			if (i != 0)
+			{
+				sb.append(':');
+			}
+			int b = fingerprint[i] & 0xff;
+			sb.append(alpha[b >> 4]);
+			sb.append(alpha[b & 15]);
+		}
+
+		return sb.toString();
+	}
+
+	/**
+	 * Convert a raw fingerprint to bubblebabble representation.
+	 *
+	 * @param raw raw fingerprint
+	 * @return the bubblebabble representation
+	 */
+	static private String rawToBubblebabbleFingerprint(byte[] raw)
+	{
+		final char[] v = "aeiouy".toCharArray();
+		final char[] c = "bcdfghklmnprstvzx".toCharArray();
+
+		StringBuilder sb = new StringBuilder();
+
+		int seed = 1;
+
+		int rounds = (raw.length / 2) + 1;
+
+		sb.append('x');
+
+		for (int i = 0; i < rounds; i++)
+		{
+			if (((i + 1) < rounds) || ((raw.length) % 2 != 0))
+			{
+				sb.append(v[(((raw[2 * i] >> 6) & 3) + seed) % 6]);
+				sb.append(c[(raw[2 * i] >> 2) & 15]);
+				sb.append(v[((raw[2 * i] & 3) + (seed / 6)) % 6]);
+
+				if ((i + 1) < rounds)
+				{
+					sb.append(c[(((raw[(2 * i) + 1])) >> 4) & 15]);
+					sb.append('-');
+					sb.append(c[(((raw[(2 * i) + 1]))) & 15]);
+					// As long as seed >= 0, seed will be >= 0 afterwards
+					seed = ((seed * 5) + (((raw[2 * i] & 0xff) * 7) + (raw[(2 * i) + 1] & 0xff))) % 36;
+				}
+			}
+			else
+			{
+				sb.append(v[seed % 6]); // seed >= 0, therefore index positive
+				sb.append('x');
+				sb.append(v[seed / 6]);
+			}
+		}
+
+		sb.append('x');
+
+		return sb.toString();
+	}
+
+	/**
+	 * Convert a ssh2 key-blob into a human readable hex fingerprint.
+	 * Generated fingerprints are identical to those generated by OpenSSH.
+	 * <p/>
+	 * Example fingerprint: d0:cb:76:19:99:5a:03:fc:73:10:70:93:f2:44:63:47.
+	 *
+	 * @param keytype either "ssh-rsa" or "ssh-dss"
+	 * @param publickey key blob
+	 * @return Hex fingerprint
+	 */
+	public static String createHexFingerprint(String keytype, byte[] publickey)
+	{
+		byte[] raw = rawFingerPrint("md5", keytype, publickey);
+		return rawToHexFingerprint(raw);
+	}
+
+	/**
+	 * Convert a ssh2 key-blob into a human readable bubblebabble fingerprint.
+	 * The used bubblebabble algorithm (taken from OpenSSH) generates fingerprints
+	 * that are easier to remember for humans.
+	 * <p/>
+	 * Example fingerprint: xofoc-bubuz-cazin-zufyl-pivuk-biduk-tacib-pybur-gonar-hotat-lyxux.
+	 *
+	 * @param keytype either "ssh-rsa" or "ssh-dss"
+	 * @param publickey key data
+	 * @return Bubblebabble fingerprint
+	 */
+	public static String createBubblebabbleFingerprint(String keytype, byte[] publickey)
+	{
+		byte[] raw = rawFingerPrint("sha1", keytype, publickey);
+		return rawToBubblebabbleFingerprint(raw);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/LocalPortForwarder.java b/src/main/java/ch/ethz/ssh2/LocalPortForwarder.java
new file mode 100644
index 0000000..4637e3a
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/LocalPortForwarder.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+
+import ch.ethz.ssh2.channel.ChannelManager;
+import ch.ethz.ssh2.channel.LocalAcceptThread;
+
+/**
+ * A <code>LocalPortForwarder</code> forwards TCP/IP connections to a local
+ * port via the secure tunnel to another host (which may or may not be identical
+ * to the remote SSH-2 server). Checkout {@link Connection#createLocalPortForwarder(int, String, int)}
+ * on how to create one.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class LocalPortForwarder
+{
+	ChannelManager cm;
+
+	String host_to_connect;
+
+	int port_to_connect;
+
+	LocalAcceptThread lat;
+
+	LocalPortForwarder(ChannelManager cm, int local_port, String host_to_connect, int port_to_connect)
+			throws IOException
+	{
+		this.cm = cm;
+		this.host_to_connect = host_to_connect;
+		this.port_to_connect = port_to_connect;
+
+		lat = new LocalAcceptThread(cm, local_port, host_to_connect, port_to_connect);
+		lat.setDaemon(true);
+		lat.start();
+	}
+
+	LocalPortForwarder(ChannelManager cm, InetSocketAddress addr, String host_to_connect, int port_to_connect)
+			throws IOException
+	{
+		this.cm = cm;
+		this.host_to_connect = host_to_connect;
+		this.port_to_connect = port_to_connect;
+
+		lat = new LocalAcceptThread(cm, addr, host_to_connect, port_to_connect);
+		lat.setDaemon(true);
+		lat.start();
+	}
+
+	/**
+	 * Stop TCP/IP forwarding of newly arriving connections.
+	 * 
+	 * @throws IOException
+	 */
+	public void close() throws IOException
+	{
+		lat.stopWorking();
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/LocalStreamForwarder.java b/src/main/java/ch/ethz/ssh2/LocalStreamForwarder.java
new file mode 100644
index 0000000..c7985b9
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/LocalStreamForwarder.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetAddress;
+
+import ch.ethz.ssh2.channel.Channel;
+import ch.ethz.ssh2.channel.ChannelManager;
+
+/**
+ * A <code>LocalStreamForwarder</code> forwards an Input- and Outputstream
+ * pair via the secure tunnel to another host (which may or may not be identical
+ * to the remote SSH-2 server).
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class LocalStreamForwarder
+{
+	private ChannelManager cm;
+
+	private Channel cn;
+
+	LocalStreamForwarder(ChannelManager cm, String host_to_connect, int port_to_connect) throws IOException
+	{
+		this.cm = cm;
+		cn = cm.openDirectTCPIPChannel(host_to_connect, port_to_connect,
+				InetAddress.getLocalHost().getHostAddress(), 0);
+	}
+
+	/**
+	 * @return An <code>InputStream</code> object.
+	 * @throws IOException
+	 */
+	public InputStream getInputStream() throws IOException
+	{
+		return cn.getStdoutStream();
+	}
+
+	/**
+	 * Get the OutputStream. Please be aware that the implementation MAY use an
+	 * internal buffer. To make sure that the buffered data is sent over the
+	 * tunnel, you have to call the <code>flush</code> method of the
+	 * <code>OutputStream</code>. To signal EOF, please use the
+	 * <code>close</code> method of the <code>OutputStream</code>.
+	 *
+	 * @return An <code>OutputStream</code> object.
+	 * @throws IOException
+	 */
+	public OutputStream getOutputStream() throws IOException
+	{
+		return cn.getStdinStream();
+	}
+
+	/**
+	 * Close the underlying SSH forwarding channel and free up resources.
+	 * You can also use this method to force the shutdown of the underlying
+	 * forwarding channel. Pending output (OutputStream not flushed) will NOT
+	 * be sent. Pending input (InputStream) can still be read. If the shutdown
+	 * operation is already in progress (initiated from either side), then this
+	 * call is a no-op.
+	 *
+	 * @throws IOException
+	 */
+	public void close() throws IOException
+	{
+		cm.closeChannel(cn, "Closed due to user request.", true);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/PacketListener.java b/src/main/java/ch/ethz/ssh2/PacketListener.java
new file mode 100644
index 0000000..4d2cde2
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/PacketListener.java
@@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2011 David Kocher. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * @version $Id:$
+ */
+public interface PacketListener {
+    void read(String packet);
+
+    void write(String packet);
+}
diff --git a/src/main/java/ch/ethz/ssh2/ProxyData.java b/src/main/java/ch/ethz/ssh2/ProxyData.java
new file mode 100644
index 0000000..a11b4d0
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/ProxyData.java
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * An abstract marker interface implemented by all proxy data implementations.
+ * 
+ * @see HTTPProxyData
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public abstract interface ProxyData
+{
+}
diff --git a/src/main/java/ch/ethz/ssh2/SCPClient.java b/src/main/java/ch/ethz/ssh2/SCPClient.java
new file mode 100644
index 0000000..e1a1bdb
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SCPClient.java
@@ -0,0 +1,232 @@
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.Charset;
+import java.nio.charset.UnsupportedCharsetException;
+
+/**
+ * A very basic <code>SCPClient</code> that can be used to copy files from/to
+ * the SSH-2 server. On the server side, the "scp" program must be in the PATH.
+ * <p/>
+ * This scp client is thread safe - you can download (and upload) different sets
+ * of files concurrently without any troubles. The <code>SCPClient</code> is
+ * actually mapping every request to a distinct {@link ch.ethz.ssh2.Session}.
+ *
+ * @author Christian Plattner, plattner@inf.ethz.ch
+ * @version $Id: SCPClient.java 32 2011-05-28 21:56:21Z dkocher@sudo.ch $
+ */
+
+public class SCPClient
+{
+	Connection conn;
+
+	String charsetName = null;
+
+	/**
+	 * Set the charset used to convert between Java Unicode Strings and byte encodings
+	 * used by the server for paths and file names.
+	 *
+	 * @param charset the name of the charset to be used or <code>null</code> to use the platform's
+	 * default encoding.
+	 * @throws IOException
+	 * @see #getCharset()
+	 */
+	public void setCharset(String charset) throws IOException
+	{
+		if (charset == null)
+		{
+			charsetName = charset;
+			return;
+		}
+
+		try
+		{
+			Charset.forName(charset);
+		}
+		catch (UnsupportedCharsetException e)
+		{
+			throw (IOException) new IOException("This charset is not supported").initCause(e);
+		}
+		charsetName = charset;
+	}
+
+	/**
+	 * The currently used charset for filename encoding/decoding.
+	 *
+	 * @return The name of the charset (<code>null</code> if the platform's default charset is being used)
+	 * @see #setCharset(String)
+	 */
+	public String getCharset()
+	{
+		return charsetName;
+	}
+
+	public class LenNamePair
+	{
+		public long length;
+		String filename;
+	}
+
+	public SCPClient(Connection conn)
+	{
+		if (conn == null)
+			throw new IllegalArgumentException("Cannot accept null argument!");
+		this.conn = conn;
+	}
+
+	protected void readResponse(InputStream is) throws IOException
+	{
+		int c = is.read();
+
+		if (c == 0)
+			return;
+
+		if (c == -1)
+			throw new IOException("Remote scp terminated unexpectedly.");
+
+		if ((c != 1) && (c != 2))
+			throw new IOException("Remote scp sent illegal error code.");
+
+		if (c == 2)
+			throw new IOException("Remote scp terminated with error.");
+
+		String err = receiveLine(is);
+		throw new IOException("Remote scp terminated with error (" + err + ").");
+	}
+
+	protected String receiveLine(InputStream is) throws IOException
+	{
+		StringBuilder sb = new StringBuilder(30);
+
+		while (true)
+		{
+			/* This is a random limit - if your path names are longer, then adjust it */
+
+			if (sb.length() > 8192)
+				throw new IOException("Remote scp sent a too long line");
+
+			int c = is.read();
+
+			if (c < 0)
+				throw new IOException("Remote scp terminated unexpectedly.");
+
+			if (c == '\n')
+				break;
+
+			sb.append((char) c);
+
+		}
+		return sb.toString();
+	}
+
+	protected LenNamePair parseCLine(String line) throws IOException
+	{
+		/* Minimum line: "xxxx y z" ---> 8 chars */
+
+		if (line.length() < 8)
+			throw new IOException("Malformed C line sent by remote SCP binary, line too short.");
+
+		if ((line.charAt(4) != ' ') || (line.charAt(5) == ' '))
+			throw new IOException("Malformed C line sent by remote SCP binary.");
+
+		int length_name_sep = line.indexOf(' ', 5);
+
+		if (length_name_sep == -1)
+			throw new IOException("Malformed C line sent by remote SCP binary.");
+
+		String length_substring = line.substring(5, length_name_sep);
+		String name_substring = line.substring(length_name_sep + 1);
+
+		if ((length_substring.length() <= 0) || (name_substring.length() <= 0))
+			throw new IOException("Malformed C line sent by remote SCP binary.");
+
+		if ((6 + length_substring.length() + name_substring.length()) != line.length())
+			throw new IOException("Malformed C line sent by remote SCP binary.");
+
+		final long len;
+		try
+		{
+			len = Long.parseLong(length_substring);
+		}
+		catch (NumberFormatException e)
+		{
+			throw new IOException("Malformed C line sent by remote SCP binary, cannot parse file length.");
+		}
+
+		if (len < 0)
+			throw new IOException("Malformed C line sent by remote SCP binary, illegal file length.");
+
+		LenNamePair lnp = new LenNamePair();
+		lnp.length = len;
+		lnp.filename = name_substring;
+
+		return lnp;
+	}
+
+	/**
+	 * The session for opened for this SCP transfer must be closed using
+	 * SCPOutputStream#close
+	 *
+	 * @param remoteFile
+	 * @param length The size of the file to send
+	 * @param remoteTargetDirectory
+	 * @param mode
+	 * @return
+	 * @throws IOException
+	 */
+	public SCPOutputStream put(final String remoteFile, long length, String remoteTargetDirectory, String mode)
+			throws IOException
+	{
+		Session sess = null;
+
+		if (null == remoteFile)
+			throw new IllegalArgumentException("Null argument.");
+		if (null == remoteTargetDirectory)
+			remoteTargetDirectory = "";
+		if (null == mode)
+			mode = "0600";
+		if (mode.length() != 4)
+			throw new IllegalArgumentException("Invalid mode.");
+
+		for (int i = 0; i < mode.length(); i++)
+			if (Character.isDigit(mode.charAt(i)) == false)
+				throw new IllegalArgumentException("Invalid mode.");
+
+		remoteTargetDirectory = (remoteTargetDirectory.length() > 0) ? remoteTargetDirectory : ".";
+
+		String cmd = "scp -t -d \"" + remoteTargetDirectory + "\"";
+
+		sess = conn.openSession();
+		sess.execCommand(cmd, charsetName);
+
+		return new SCPOutputStream(this, sess, remoteFile, length, mode);
+	}
+
+	/**
+	 * The session for opened for this SCP transfer must be closed using
+	 * SCPInputStream#close
+	 *
+	 * @param remoteFile
+	 * @return
+	 * @throws IOException
+	 */
+	public SCPInputStream get(final String remoteFile) throws IOException
+	{
+		Session sess = null;
+
+		if (null == remoteFile)
+			throw new IllegalArgumentException("Null argument.");
+
+		if (remoteFile.length() == 0)
+			throw new IllegalArgumentException("Cannot accept empty filename.");
+
+		String cmd = "scp -f";
+		cmd += (" \"" + remoteFile + "\"");
+
+		sess = conn.openSession();
+		sess.execCommand(cmd, charsetName);
+
+		return new SCPInputStream(this, sess);
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/SCPInputStream.java b/src/main/java/ch/ethz/ssh2/SCPInputStream.java
new file mode 100644
index 0000000..3fc77a8
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SCPInputStream.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2011 David Kocher. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * @version $Id:$
+ */
+public class SCPInputStream extends BufferedInputStream
+{
+	private Session session;
+
+	/**
+	 * Bytes remaining to be read from the stream
+	 */
+	private long remaining;
+
+	public SCPInputStream(SCPClient client, Session session) throws IOException
+	{
+		super(session.getStdout());
+
+		this.session = session;
+
+		OutputStream os = new BufferedOutputStream(session.getStdin(), 512);
+
+		os.write(0x0);
+		os.flush();
+
+		final SCPClient.LenNamePair lnp;
+
+		while (true)
+		{
+			int c = session.getStdout().read();
+			if (c < 0)
+			{
+				throw new IOException("Remote scp terminated unexpectedly.");
+			}
+
+			String line = client.receiveLine(session.getStdout());
+
+			if (c == 'T')
+			{
+				/* Ignore modification times */
+				continue;
+			}
+
+			if ((c == 1) || (c == 2))
+			{
+				throw new IOException("Remote SCP error: " + line);
+			}
+
+			if (c == 'C')
+			{
+				lnp = client.parseCLine(line);
+				break;
+
+			}
+			throw new IOException("Remote SCP error: " + ((char) c) + line);
+		}
+
+		os.write(0x0);
+		os.flush();
+
+		this.remaining = lnp.length;
+	}
+
+	@Override
+	public int read() throws IOException
+	{
+		if (!(remaining > 0))
+		{
+			return -1;
+		}
+
+		int read = super.read();
+		if (read < 0)
+		{
+			throw new IOException("Remote scp terminated connection unexpectedly");
+		}
+
+		remaining -= read;
+
+		return read;
+	}
+
+	@Override
+	public int read(byte b[], int off, int len) throws IOException
+	{
+		if (!(remaining > 0))
+		{
+			return -1;
+		}
+
+		int trans = (int) remaining;
+		if (remaining > len)
+		{
+			trans = len;
+		}
+
+		int read = super.read(b, off, trans);
+		if (read < 0)
+		{
+			throw new IOException("Remote scp terminated connection unexpectedly");
+		}
+
+		remaining -= read;
+
+		return read;
+	}
+
+	@Override
+	public void close() throws IOException
+	{
+		try
+		{
+			session.getStdin().write(0x0);
+			session.getStdin().flush();
+		}
+		finally
+		{
+			if (session != null)
+			{
+				session.close();
+			}
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/SCPOutputStream.java b/src/main/java/ch/ethz/ssh2/SCPOutputStream.java
new file mode 100644
index 0000000..8c511ea
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SCPOutputStream.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2011 David Kocher. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import ch.ethz.ssh2.util.StringEncoder;
+
+/**
+ * @version $Id:$
+ */
+public class SCPOutputStream extends BufferedOutputStream
+{
+
+	private Session session;
+
+	private SCPClient scp;
+
+	public SCPOutputStream(SCPClient client, Session session, final String remoteFile, long length, String mode) throws IOException
+	{
+		super(session.getStdin(), 40000);
+		this.session = session;
+		this.scp = client;
+
+		InputStream is = new BufferedInputStream(session.getStdout(), 512);
+
+		scp.readResponse(is);
+
+		String cline = "C" + mode + " " + length + " " + remoteFile + "\n";
+
+		super.write(StringEncoder.GetBytes(cline));
+		this.flush();
+
+		scp.readResponse(is);
+	}
+
+	@Override
+	public void close() throws IOException
+	{
+		try
+		{
+			this.write(0);
+			this.flush();
+
+			scp.readResponse(session.getStdout());
+
+			this.write(StringEncoder.GetBytes("E\n"));
+			this.flush();
+		}
+		finally
+		{
+			if (session != null)
+				session.close();
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/SFTPException.java b/src/main/java/ch/ethz/ssh2/SFTPException.java
new file mode 100644
index 0000000..d429a90
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SFTPException.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please see the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+
+import ch.ethz.ssh2.sftp.ErrorCodes;
+
+/**
+ * Used in combination with the SFTPv3Client. This exception wraps
+ * error messages sent by the SFTP server.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class SFTPException extends IOException
+{
+	private static final long serialVersionUID = 578654644222421811L;
+
+	private final String sftpErrorMessage;
+	private final int sftpErrorCode;
+
+	private static String constructMessage(String s, int errorCode)
+	{
+		String[] detail = ErrorCodes.getDescription(errorCode);
+
+		if (detail == null)
+			return s + " (UNKNOWN SFTP ERROR CODE)";
+
+		return s + " (" + detail[0] + ": " + detail[1] + ")";
+	}
+
+	SFTPException(String msg, int errorCode)
+	{
+		super(constructMessage(msg, errorCode));
+		sftpErrorMessage = msg;
+		sftpErrorCode = errorCode;
+	}
+
+	/**
+	 * Get the error message sent by the server. Often, this
+	 * message does not help a lot (e.g., "failure").
+	 * 
+	 * @return the plain string as sent by the server.
+	 */
+	public String getServerErrorMessage()
+	{
+		return sftpErrorMessage;
+	}
+
+	/**
+	 * Get the error code sent by the server.
+	 * 
+	 * @return an error code as defined in the SFTP specs.
+	 */
+	public int getServerErrorCode()
+	{
+		return sftpErrorCode;
+	}
+
+	/**
+	 * Get the symbolic name of the error code as given in the SFTP specs.
+	 * 
+	 * @return e.g., "SSH_FX_INVALID_FILENAME".
+	 */
+	public String getServerErrorCodeSymbol()
+	{
+		String[] detail = ErrorCodes.getDescription(sftpErrorCode);
+
+		if (detail == null)
+			return "UNKNOWN SFTP ERROR CODE " + sftpErrorCode;
+
+		return detail[0];
+	}
+
+	/**
+	 * Get the description of the error code as given in the SFTP specs.
+	 * 
+	 * @return e.g., "The filename is not valid."
+	 */
+	public String getServerErrorCodeVerbose()
+	{
+		String[] detail = ErrorCodes.getDescription(sftpErrorCode);
+
+		if (detail == null)
+			return "The error code " + sftpErrorCode + " is unknown.";
+
+		return detail[1];
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/SFTPInputStream.java b/src/main/java/ch/ethz/ssh2/SFTPInputStream.java
new file mode 100644
index 0000000..6d997ec
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SFTPInputStream.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2011 David Kocher. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * @version $Id:$
+ */
+public class SFTPInputStream extends InputStream
+{
+
+    private SFTPv3FileHandle handle;
+
+    /**
+     * Offset (in bytes) in the file to read
+     */
+    private long readOffset = 0;
+
+    public SFTPInputStream(SFTPv3FileHandle handle) {
+        this.handle = handle;
+    }
+
+    /**
+     * Reads up to <code>len</code> bytes of data from the input stream into
+     * an array of bytes.  An attempt is made to read as many as
+     * <code>len</code> bytes, but a smaller number may be read, possibly
+     * zero. The number of bytes actually read is returned as an integer.
+     *
+     * @see SFTPv3Client#read(SFTPv3FileHandle,long,byte[],int,int)
+     */
+    @Override
+    public int read(byte[] buffer, int offset, int len) throws IOException
+	{
+        int read = handle.getClient().read(handle, readOffset, buffer, offset, len);
+        if(read > 0) {
+            readOffset += read;
+        }
+        return read;
+    }
+
+    /**
+     * Reads the next byte of data from the input stream. The value byte is
+     * returned as an <code>int</code> in the range <code>0</code> to
+     * <code>255</code>. If no byte is available because the end of the stream
+     * has been reached, the value <code>-1</code> is returned. This method
+     * blocks until input data is available, the end of the stream is detected,
+     * or an exception is thrown.
+     * <p/>
+     * <p> A subclass must provide an implementation of this method.
+     *
+     * @return the next byte of data, or <code>-1</code> if the end of the
+     *         stream is reached.
+     * @throws IOException if an I/O error occurs.
+     */
+    @Override
+    public int read() throws IOException {
+        byte[] buffer = new byte[1];
+        int read = handle.getClient().read(handle, readOffset, buffer, 0, 1);
+        if(read > 0) {
+            readOffset += read;
+        }
+        return read;
+    }
+
+    /**
+     * Skips over and discards <code>n</code> bytes of data from this input
+     * stream.
+     *
+     * @param n the number of bytes to be skipped.
+     * @return the actual number of bytes skipped.
+     */
+    @Override
+    public long skip(long n) {
+        readOffset += n;
+        return n;
+    }
+
+    @Override
+    public void close() throws IOException {
+        handle.getClient().closeFile(handle);
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/SFTPOutputStream.java b/src/main/java/ch/ethz/ssh2/SFTPOutputStream.java
new file mode 100644
index 0000000..62139db
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SFTPOutputStream.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2011 David Kocher. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * @version $Id:$
+ */
+public class SFTPOutputStream extends OutputStream
+{
+
+    private SFTPv3FileHandle handle;
+
+    /**
+     * Offset (in bytes) in the file to write
+     */
+    private long writeOffset = 0;
+
+    public SFTPOutputStream(SFTPv3FileHandle handle) {
+        this.handle = handle;
+    }
+
+    /**
+     * Writes <code>len</code> bytes from the specified byte array
+     * starting at offset <code>off</code> to this output stream.
+     * The general contract for <code>write(b, off, len)</code> is that
+     * some of the bytes in the array <code>b</code> are written to the
+     * output stream in order; element <code>b[off]</code> is the first
+     * byte written and <code>b[off+len-1]</code> is the last byte written
+     * by this operation.
+     *
+     * @see SFTPv3Client#write(SFTPv3FileHandle,long,byte[],int,int)
+     */
+    @Override
+    public void write(byte[] buffer, int offset, int len) throws IOException
+	{
+        // We can just blindly write the whole buffer at once.
+        // if <code>len</code> &gt; 32768, then the write operation will
+        // be split into multiple writes in SFTPv3Client#write.
+        handle.getClient().write(handle, writeOffset, buffer, offset, len);
+
+        writeOffset += len;
+    }
+
+    @Override
+    public void write(int b) throws IOException {
+        byte[] buffer = new byte[1];
+        buffer[0] = (byte) b;
+        handle.getClient().write(handle, writeOffset, buffer, 0, 1);
+
+        writeOffset += 1;
+    }
+
+    public long skip(long n) {
+        writeOffset += n;
+        return n;
+    }
+
+    @Override
+    public void close() throws IOException {
+        handle.getClient().closeFile(handle);
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/SFTPv3Client.java b/src/main/java/ch/ethz/ssh2/SFTPv3Client.java
new file mode 100644
index 0000000..f3f1843
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SFTPv3Client.java
@@ -0,0 +1,1622 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.BufferedOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.charset.Charset;
+import java.nio.charset.UnsupportedCharsetException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import ch.ethz.ssh2.channel.Channel;
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.packets.TypesReader;
+import ch.ethz.ssh2.packets.TypesWriter;
+import ch.ethz.ssh2.sftp.AttribFlags;
+import ch.ethz.ssh2.sftp.ErrorCodes;
+import ch.ethz.ssh2.sftp.Packet;
+
+/**
+ * A <code>SFTPv3Client</code> represents a SFTP (protocol version 3)
+ * client connection tunnelled over a SSH-2 connection. This is a very simple
+ * (synchronous) implementation.
+ * <p/>
+ * Basically, most methods in this class map directly to one of
+ * the packet types described in draft-ietf-secsh-filexfer-02.txt.
+ * <p/>
+ * Note: this is experimental code.
+ * <p/>
+ * Error handling: the methods of this class throw IOExceptions. However, unless
+ * there is catastrophic failure, exceptions of the type {@link SFTPv3Client} will
+ * be thrown (a subclass of IOException). Therefore, you can implement more verbose
+ * behavior by checking if a thrown exception if of this type. If yes, then you
+ * can cast the exception and access detailed information about the failure.
+ * <p/>
+ * Notes about file names, directory names and paths, copy-pasted
+ * from the specs:
+ * <ul>
+ * <li>SFTP v3 represents file names as strings. File names are
+ * assumed to use the slash ('/') character as a directory separator.</li>
+ * <li>File names starting with a slash are "absolute", and are relative to
+ * the root of the file system.  Names starting with any other character
+ * are relative to the user's default directory (home directory).</li>
+ * <li>Servers SHOULD interpret a path name component ".." as referring to
+ * the parent directory, and "." as referring to the current directory.
+ * If the server implementation limits access to certain parts of the
+ * file system, it must be extra careful in parsing file names when
+ * enforcing such restrictions.  There have been numerous reported
+ * security bugs where a ".." in a path name has allowed access outside
+ * the intended area.</li>
+ * <li>An empty path name is valid, and it refers to the user's default
+ * directory (usually the user's home directory).</li>
+ * </ul>
+ * <p/>
+ * If you are still not tired then please go on and read the comment for
+ * {@link #setCharset(String)}.
+ *
+ * @author Christian Plattner, plattner@inf.ethz.ch
+ * @version $Id: SFTPv3Client.java 46 2011-07-06 08:40:29Z dkocher@sudo.ch $
+ */
+public class SFTPv3Client
+{
+	private static final Logger log = Logger.getLogger(SFTPv3Client.class);
+
+	private Session sess;
+
+	private InputStream is;
+	private OutputStream os;
+
+	private int protocol_version = 0;
+
+	private int next_request_id = 1000;
+
+	private String charsetName = null;
+
+	/**
+	 *
+	 */
+	private PacketListener listener;
+
+	/**
+	 * Create a SFTP v3 client.
+	 *
+	 * @param conn The underlying SSH-2 connection to be used.
+	 * @throws IOException
+	 */
+	public SFTPv3Client(Connection conn, PacketListener listener) throws IOException
+	{
+		if (conn == null)
+		{
+			throw new IllegalArgumentException("Cannot accept null argument!");
+		}
+
+		this.listener = listener;
+
+		log.debug("Opening session and starting SFTP subsystem.");
+		sess = conn.openSession();
+		sess.startSubSystem("sftp");
+
+		is = sess.getStdout();
+		os = new BufferedOutputStream(sess.getStdin(), 2048);
+
+		if (is == null)
+		{
+			throw new IOException("There is a problem with the streams of the underlying channel.");
+		}
+
+		init();
+	}
+
+	/**
+	 * Create a SFTP v3 client.
+	 *
+	 * @param conn The underlying SSH-2 connection to be used.
+	 * @throws IOException
+	 */
+	public SFTPv3Client(Connection conn) throws IOException
+	{
+		this(conn, new PacketListener()
+		{
+			public void read(String packet)
+			{
+				log.debug("Read packet " + packet);
+			}
+
+			public void write(String packet)
+			{
+				log.debug("Write packet " + packet);
+			}
+		});
+	}
+
+	/**
+	 * Set the charset used to convert between Java Unicode Strings and byte encodings
+	 * used by the server for paths and file names. Unfortunately, the SFTP v3 draft
+	 * says NOTHING about such conversions (well, with the exception of error messages
+	 * which have to be in UTF-8). Newer drafts specify to use UTF-8 for file names
+	 * (if I remember correctly). However, a quick test using OpenSSH serving a EXT-3
+	 * filesystem has shown that UTF-8 seems to be a bad choice for SFTP v3 (tested with
+	 * filenames containing german umlauts). "windows-1252" seems to work better for Europe.
+	 * Luckily, "windows-1252" is the platform default in my case =).
+	 * <p/>
+	 * If you don't set anything, then the platform default will be used (this is the default
+	 * behavior).
+	 *
+	 * @param charset the name of the charset to be used or <code>null</code> to use the platform's
+	 * default encoding.
+	 * @throws IOException
+	 * @see #getCharset()
+	 */
+	public void setCharset(String charset) throws IOException
+	{
+		if (charset == null)
+		{
+			charsetName = charset;
+			return;
+		}
+
+		try
+		{
+			Charset.forName(charset);
+		}
+		catch (UnsupportedCharsetException e)
+		{
+			throw (IOException) new IOException("This charset is not supported").initCause(e);
+		}
+		charsetName = charset;
+	}
+
+	/**
+	 * The currently used charset for filename encoding/decoding.
+	 *
+	 * @return The name of the charset (<code>null</code> if the platform's default charset is being used)
+	 * @see #setCharset(String)
+	 */
+	public String getCharset()
+	{
+		return charsetName;
+	}
+
+	private void checkHandleValidAndOpen(SFTPv3FileHandle handle) throws IOException
+	{
+		if (handle.client != this)
+		{
+			throw new IOException("The file handle was created with another SFTPv3FileHandle instance.");
+		}
+
+		if (handle.isClosed)
+		{
+			throw new IOException("The file handle is closed.");
+		}
+	}
+
+	private void sendMessage(int type, int requestId, byte[] msg, int off, int len) throws IOException
+	{
+		listener.write(Packet.forName(type));
+
+		int msglen = len + 1;
+
+		if (type != Packet.SSH_FXP_INIT)
+		{
+			msglen += 4;
+		}
+
+		os.write(msglen >> 24);
+		os.write(msglen >> 16);
+		os.write(msglen >> 8);
+		os.write(msglen);
+		os.write(type);
+
+		if (type != Packet.SSH_FXP_INIT)
+		{
+			os.write(requestId >> 24);
+			os.write(requestId >> 16);
+			os.write(requestId >> 8);
+			os.write(requestId);
+		}
+
+		os.write(msg, off, len);
+		os.flush();
+	}
+
+	private void sendMessage(int type, int requestId, byte[] msg) throws IOException
+	{
+		sendMessage(type, requestId, msg, 0, msg.length);
+	}
+
+	private void readBytes(byte[] buff, int pos, int len) throws IOException
+	{
+		while (len > 0)
+		{
+			int count = is.read(buff, pos, len);
+			if (count < 0)
+			{
+				throw new IOException("Unexpected end of sftp stream.");
+			}
+			if ((count == 0) || (count > len))
+			{
+				throw new IOException("Underlying stream implementation is bogus!");
+			}
+			len -= count;
+			pos += count;
+		}
+	}
+
+	/**
+	 * Read a message and guarantee that the <b>contents</b> is not larger than
+	 * <code>maxlen</code> bytes.
+	 * <p/>
+	 * Note: receiveMessage(34000) actually means that the message may be up to 34004
+	 * bytes (the length attribute preceeding the contents is 4 bytes).
+	 *
+	 * @param maxlen
+	 * @return the message contents
+	 * @throws IOException
+	 */
+	private byte[] receiveMessage(int maxlen) throws IOException
+	{
+		byte[] msglen = new byte[4];
+
+		readBytes(msglen, 0, 4);
+
+		int len = (((msglen[0] & 0xff) << 24) | ((msglen[1] & 0xff) << 16) | ((msglen[2] & 0xff) << 8) | (msglen[3] & 0xff));
+
+		if ((len > maxlen) || (len <= 0))
+		{
+			throw new IOException("Illegal sftp packet len: " + len);
+		}
+
+		byte[] msg = new byte[len];
+
+		readBytes(msg, 0, len);
+
+		return msg;
+	}
+
+	private int generateNextRequestID()
+	{
+		synchronized (this)
+		{
+			return next_request_id++;
+		}
+	}
+
+	private void closeHandle(byte[] handle) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(handle, 0, handle.length);
+
+		sendMessage(Packet.SSH_FXP_CLOSE, req_id, tw.getBytes());
+
+		expectStatusOKMessage(req_id);
+	}
+
+	private SFTPv3FileAttributes readAttrs(TypesReader tr) throws IOException
+	{
+		/*
+				   * uint32   flags
+				   * uint64   size           present only if flag SSH_FILEXFER_ATTR_SIZE
+				   * uint32   uid            present only if flag SSH_FILEXFER_ATTR_V3_UIDGID
+				   * uint32   gid            present only if flag SSH_FILEXFER_ATTR_V3_UIDGID
+				   * uint32   permissions    present only if flag SSH_FILEXFER_ATTR_PERMISSIONS
+				   * uint32   atime          present only if flag SSH_FILEXFER_ATTR_V3_ACMODTIME
+				   * uint32   mtime          present only if flag SSH_FILEXFER_ATTR_V3_ACMODTIME
+				   * uint32   extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED
+				   * string   extended_type
+				   * string   extended_data
+				   * ...      more extended data (extended_type - extended_data pairs),
+				   *          so that number of pairs equals extended_count
+				   */
+
+		SFTPv3FileAttributes fa = new SFTPv3FileAttributes();
+
+		int flags = tr.readUINT32();
+
+		if ((flags & AttribFlags.SSH_FILEXFER_ATTR_SIZE) != 0)
+		{
+			log.debug("SSH_FILEXFER_ATTR_SIZE");
+			fa.size = tr.readUINT64();
+		}
+
+		if ((flags & AttribFlags.SSH_FILEXFER_ATTR_V3_UIDGID) != 0)
+		{
+			log.debug("SSH_FILEXFER_ATTR_V3_UIDGID");
+			fa.uid = tr.readUINT32();
+			fa.gid = tr.readUINT32();
+		}
+
+		if ((flags & AttribFlags.SSH_FILEXFER_ATTR_PERMISSIONS) != 0)
+		{
+			log.debug("SSH_FILEXFER_ATTR_PERMISSIONS");
+			fa.permissions = tr.readUINT32();
+		}
+
+		if ((flags & AttribFlags.SSH_FILEXFER_ATTR_V3_ACMODTIME) != 0)
+		{
+			log.debug("SSH_FILEXFER_ATTR_V3_ACMODTIME");
+			fa.atime = tr.readUINT32();
+			fa.mtime = tr.readUINT32();
+
+		}
+
+		if ((flags & AttribFlags.SSH_FILEXFER_ATTR_EXTENDED) != 0)
+		{
+			int count = tr.readUINT32();
+
+			log.debug("SSH_FILEXFER_ATTR_EXTENDED (" + count + ")");
+			/* Read it anyway to detect corrupt packets */
+
+			while (count > 0)
+			{
+				tr.readByteString();
+				tr.readByteString();
+				count--;
+			}
+		}
+
+		return fa;
+	}
+
+	/**
+	 * Retrieve the file attributes of an open file.
+	 *
+	 * @param handle a SFTPv3FileHandle handle.
+	 * @return a SFTPv3FileAttributes object.
+	 * @throws IOException
+	 */
+	public SFTPv3FileAttributes fstat(SFTPv3FileHandle handle) throws IOException
+	{
+		checkHandleValidAndOpen(handle);
+
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(handle.fileHandle, 0, handle.fileHandle.length);
+
+		log.debug("Sending SSH_FXP_FSTAT...");
+		sendMessage(Packet.SSH_FXP_FSTAT, req_id, tw.getBytes());
+
+		byte[] resp = receiveMessage(34000);
+
+		TypesReader tr = new TypesReader(resp);
+
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		int rep_id = tr.readUINT32();
+		if (rep_id != req_id)
+		{
+			throw new IOException("The server sent an invalid id field.");
+		}
+
+		if (t == Packet.SSH_FXP_ATTRS)
+		{
+			return readAttrs(tr);
+		}
+
+		if (t != Packet.SSH_FXP_STATUS)
+		{
+			throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+		}
+
+		int errorCode = tr.readUINT32();
+		String errorMessage = tr.readString();
+		listener.read(errorMessage);
+		throw new SFTPException(errorMessage, errorCode);
+	}
+
+	private SFTPv3FileAttributes statBoth(String path, int statMethod) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(path, charsetName);
+
+		log.debug("Sending SSH_FXP_STAT/SSH_FXP_LSTAT...");
+		sendMessage(statMethod, req_id, tw.getBytes());
+
+		byte[] resp = receiveMessage(34000);
+
+		TypesReader tr = new TypesReader(resp);
+
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		int rep_id = tr.readUINT32();
+		if (rep_id != req_id)
+		{
+			throw new IOException("The server sent an invalid id field.");
+		}
+
+		if (t == Packet.SSH_FXP_ATTRS)
+		{
+			return readAttrs(tr);
+		}
+
+		if (t != Packet.SSH_FXP_STATUS)
+		{
+			throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+		}
+
+		int errorCode = tr.readUINT32();
+		String errorMessage = tr.readString();
+		listener.read(errorMessage);
+		throw new SFTPException(errorMessage, errorCode);
+	}
+
+	/**
+	 * Retrieve the file attributes of a file. This method
+	 * follows symbolic links on the server.
+	 *
+	 * @param path See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return a SFTPv3FileAttributes object.
+	 * @throws IOException
+	 * @see #lstat(String)
+	 */
+	public SFTPv3FileAttributes stat(String path) throws IOException
+	{
+		return statBoth(path, Packet.SSH_FXP_STAT);
+	}
+
+	/**
+	 * Retrieve the file attributes of a file. This method
+	 * does NOT follow symbolic links on the server.
+	 *
+	 * @param path See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return a SFTPv3FileAttributes object.
+	 * @throws IOException
+	 * @see #stat(String)
+	 */
+	public SFTPv3FileAttributes lstat(String path) throws IOException
+	{
+		return statBoth(path, Packet.SSH_FXP_LSTAT);
+	}
+
+	/**
+	 * Read the target of a symbolic link. Note: OpenSSH (as of version 4.4) gets very upset
+	 * (SSH_FX_BAD_MESSAGE error) if you want to read the target of a file that is not a
+	 * symbolic link. Better check first with {@link #lstat(String)}.
+	 *
+	 * @param path See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return The target of the link.
+	 * @throws IOException
+	 */
+	public String readLink(String path) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(path, charsetName);
+
+		log.debug("Sending SSH_FXP_READLINK...");
+		sendMessage(Packet.SSH_FXP_READLINK, req_id, tw.getBytes());
+
+		byte[] resp = receiveMessage(34000);
+
+		TypesReader tr = new TypesReader(resp);
+
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		int rep_id = tr.readUINT32();
+		if (rep_id != req_id)
+		{
+			throw new IOException("The server sent an invalid id field.");
+		}
+
+		if (t == Packet.SSH_FXP_NAME)
+		{
+			int count = tr.readUINT32();
+
+			if (count != 1)
+			{
+				throw new IOException("The server sent an invalid SSH_FXP_NAME packet.");
+			}
+
+			return tr.readString(charsetName);
+		}
+
+		if (t != Packet.SSH_FXP_STATUS)
+		{
+			throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+		}
+
+		int errorCode = tr.readUINT32();
+		String errorMessage = tr.readString();
+		listener.read(errorMessage);
+		throw new SFTPException(errorMessage, errorCode);
+	}
+
+	private void expectStatusOKMessage(int id) throws IOException
+	{
+		byte[] resp = receiveMessage(34000);
+
+		TypesReader tr = new TypesReader(resp);
+
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		int rep_id = tr.readUINT32();
+		if (rep_id != id)
+		{
+			throw new IOException("The server sent an invalid id field.");
+		}
+
+		if (t != Packet.SSH_FXP_STATUS)
+		{
+			throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+		}
+
+		int errorCode = tr.readUINT32();
+
+		if (errorCode == ErrorCodes.SSH_FX_OK)
+		{
+			return;
+		}
+		String errorMessage = tr.readString();
+		listener.read(errorMessage);
+		throw new SFTPException(errorMessage, errorCode);
+	}
+
+	/**
+	 * Modify the attributes of a file. Used for operations such as changing
+	 * the ownership, permissions or access times, as well as for truncating a file.
+	 *
+	 * @param path See the {@link SFTPv3Client comment} for the class for more details.
+	 * @param attr A SFTPv3FileAttributes object. Specifies the modifications to be
+	 * made to the attributes of the file. Empty fields will be ignored.
+	 * @throws IOException
+	 */
+	public void setstat(String path, SFTPv3FileAttributes attr) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(path, charsetName);
+		tw.writeBytes(createAttrs(attr));
+
+		log.debug("Sending SSH_FXP_SETSTAT...");
+		sendMessage(Packet.SSH_FXP_SETSTAT, req_id, tw.getBytes());
+
+		expectStatusOKMessage(req_id);
+	}
+
+	/**
+	 * Modify the attributes of a file. Used for operations such as changing
+	 * the ownership, permissions or access times, as well as for truncating a file.
+	 *
+	 * @param handle a SFTPv3FileHandle handle
+	 * @param attr A SFTPv3FileAttributes object. Specifies the modifications to be
+	 * made to the attributes of the file. Empty fields will be ignored.
+	 * @throws IOException
+	 */
+	public void fsetstat(SFTPv3FileHandle handle, SFTPv3FileAttributes attr) throws IOException
+	{
+		checkHandleValidAndOpen(handle);
+
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(handle.fileHandle, 0, handle.fileHandle.length);
+		tw.writeBytes(createAttrs(attr));
+
+		log.debug("Sending SSH_FXP_FSETSTAT...");
+		sendMessage(Packet.SSH_FXP_FSETSTAT, req_id, tw.getBytes());
+
+		expectStatusOKMessage(req_id);
+	}
+
+	/**
+	 * Create a symbolic link on the server. Creates a link "src" that points
+	 * to "target".
+	 *
+	 * @param src See the {@link SFTPv3Client comment} for the class for more details.
+	 * @param target See the {@link SFTPv3Client comment} for the class for more details.
+	 * @throws IOException
+	 */
+	public void createSymlink(String src, String target) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		/* Either I am too stupid to understand the SFTP draft
+				   * or the OpenSSH guys changed the semantics of src and target.
+				   */
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(target, charsetName);
+		tw.writeString(src, charsetName);
+
+		log.debug("Sending SSH_FXP_SYMLINK...");
+		sendMessage(Packet.SSH_FXP_SYMLINK, req_id, tw.getBytes());
+
+		expectStatusOKMessage(req_id);
+	}
+
+	/**
+	 * Have the server canonicalize any given path name to an absolute path.
+	 * This is useful for converting path names containing ".." components or
+	 * relative pathnames without a leading slash into absolute paths.
+	 *
+	 * @param path See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return An absolute path.
+	 * @throws IOException
+	 */
+	public String canonicalPath(String path) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(path, charsetName);
+
+		log.debug("Sending SSH_FXP_REALPATH...");
+		sendMessage(Packet.SSH_FXP_REALPATH, req_id, tw.getBytes());
+
+		byte[] resp = receiveMessage(34000);
+
+		TypesReader tr = new TypesReader(resp);
+
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		int rep_id = tr.readUINT32();
+		if (rep_id != req_id)
+		{
+			throw new IOException("The server sent an invalid id field.");
+		}
+
+		if (t == Packet.SSH_FXP_NAME)
+		{
+			int count = tr.readUINT32();
+
+			if (count != 1)
+			{
+				throw new IOException("The server sent an invalid SSH_FXP_NAME packet.");
+			}
+
+			final String name = tr.readString(charsetName);
+			listener.read(name);
+			return name;
+		}
+
+		if (t != Packet.SSH_FXP_STATUS)
+		{
+			throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+		}
+
+		int errorCode = tr.readUINT32();
+		String errorMessage = tr.readString();
+		listener.read(errorMessage);
+		throw new SFTPException(errorMessage, errorCode);
+	}
+
+	private List<SFTPv3DirectoryEntry> scanDirectory(byte[] handle) throws IOException
+	{
+		List<SFTPv3DirectoryEntry> files = new Vector<SFTPv3DirectoryEntry>();
+
+		while (true)
+		{
+			int req_id = generateNextRequestID();
+
+			TypesWriter tw = new TypesWriter();
+			tw.writeString(handle, 0, handle.length);
+
+			log.debug("Sending SSH_FXP_READDIR...");
+			sendMessage(Packet.SSH_FXP_READDIR, req_id, tw.getBytes());
+
+			byte[] resp = receiveMessage(34000);
+
+			TypesReader tr = new TypesReader(resp);
+
+			int t = tr.readByte();
+			listener.read(Packet.forName(t));
+
+			int rep_id = tr.readUINT32();
+			if (rep_id != req_id)
+			{
+				throw new IOException("The server sent an invalid id field.");
+			}
+
+			if (t == Packet.SSH_FXP_NAME)
+			{
+				int count = tr.readUINT32();
+
+				log.debug("Parsing " + count + " name entries...");
+				while (count > 0)
+				{
+					SFTPv3DirectoryEntry dirEnt = new SFTPv3DirectoryEntry();
+
+					dirEnt.filename = tr.readString(charsetName);
+					dirEnt.longEntry = tr.readString(charsetName);
+					listener.read(dirEnt.longEntry);
+
+					dirEnt.attributes = readAttrs(tr);
+					files.add(dirEnt);
+
+					log.debug("File: '" + dirEnt.filename + "'");
+					count--;
+				}
+				continue;
+			}
+
+			if (t != Packet.SSH_FXP_STATUS)
+			{
+				throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+			}
+
+			int errorCode = tr.readUINT32();
+
+			if (errorCode == ErrorCodes.SSH_FX_EOF)
+			{
+				return files;
+			}
+			String errorMessage = tr.readString();
+			listener.read(errorMessage);
+			throw new SFTPException(errorMessage, errorCode);
+		}
+	}
+
+	public final SFTPv3FileHandle openDirectory(String path) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(path, charsetName);
+
+		log.debug("Sending SSH_FXP_OPENDIR...");
+		sendMessage(Packet.SSH_FXP_OPENDIR, req_id, tw.getBytes());
+
+		byte[] resp = receiveMessage(34000);
+
+		TypesReader tr = new TypesReader(resp);
+
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		int rep_id = tr.readUINT32();
+		if (rep_id != req_id)
+		{
+			throw new IOException("The server sent an invalid id field.");
+		}
+
+		if (t == Packet.SSH_FXP_HANDLE)
+		{
+			log.debug("Got SSH_FXP_HANDLE.");
+			return new SFTPv3FileHandle(this, tr.readByteString());
+		}
+
+		if (t != Packet.SSH_FXP_STATUS)
+		{
+			throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+		}
+
+		int errorCode = tr.readUINT32();
+		String errorMessage = tr.readString();
+		listener.read(errorMessage);
+		throw new SFTPException(errorMessage, errorCode);
+	}
+
+	private String expandString(byte[] b, int off, int len)
+	{
+		StringBuilder sb = new StringBuilder();
+
+		for (int i = 0; i < len; i++)
+		{
+			int c = b[off + i] & 0xff;
+
+			if ((c >= 32) && (c <= 126))
+			{
+				sb.append((char) c);
+			}
+			else
+			{
+				sb.append("{0x" + Integer.toHexString(c) + "}");
+			}
+		}
+
+		return sb.toString();
+	}
+
+	private void init() throws IOException
+	{
+		/* Send SSH_FXP_INIT (version 3) */
+
+		final int client_version = 3;
+
+		log.debug("Sending SSH_FXP_INIT (" + client_version + ")...");
+		TypesWriter tw = new TypesWriter();
+		tw.writeUINT32(client_version);
+		sendMessage(Packet.SSH_FXP_INIT, 0, tw.getBytes());
+
+		/* Receive SSH_FXP_VERSION */
+
+		log.debug("Waiting for SSH_FXP_VERSION...");
+		TypesReader tr = new TypesReader(receiveMessage(34000)); /* Should be enough for any reasonable server */
+
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		if (t != Packet.SSH_FXP_VERSION)
+		{
+			throw new IOException("The server did not send a SSH_FXP_VERSION packet (got " + t + ")");
+		}
+
+		protocol_version = tr.readUINT32();
+
+		log.debug("SSH_FXP_VERSION: protocol_version = " + protocol_version);
+		if (protocol_version != 3)
+		{
+			throw new IOException("Server version " + protocol_version + " is currently not supported");
+		}
+
+		/* Read and save extensions (if any) for later use */
+
+		while (tr.remain() != 0)
+		{
+			String name = tr.readString();
+			listener.read(name);
+			byte[] value = tr.readByteString();
+			log.debug("SSH_FXP_VERSION: extension: " + name + " = '" + expandString(value, 0, value.length) + "'");
+		}
+	}
+
+	/**
+	 * Returns the negotiated SFTP protocol version between the client and the server.
+	 *
+	 * @return SFTP protocol version, i.e., "3".
+	 */
+	public int getProtocolVersion()
+	{
+		return protocol_version;
+	}
+
+	/**
+	 * Queries the channel state
+	 * @return True if the underlying session is in open state
+	 */
+	public boolean isConnected() {
+		return sess.getState() == Channel.STATE_OPEN;
+	}
+
+	/**
+	 * Close this SFTP session. NEVER forget to call this method to free up
+	 * resources - even if you got an exception from one of the other methods.
+	 * Sometimes these other methods may throw an exception, saying that the
+	 * underlying channel is closed (this can happen, e.g., if the other server
+	 * sent a close message.) However, as long as you have not called the
+	 * <code>close()</code> method, you are likely wasting resources.
+	 */
+	public void close()
+	{
+		sess.close();
+	}
+
+	/**
+	 * List the contents of a directory.
+	 *
+	 * @param dirName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return A Vector containing {@link SFTPv3DirectoryEntry} objects.
+	 * @throws IOException
+	 */
+	public List<SFTPv3DirectoryEntry> ls(String dirName) throws IOException
+	{
+        SFTPv3FileHandle handle = openDirectory(dirName);
+        List<SFTPv3DirectoryEntry> result = scanDirectory(handle.fileHandle);
+		closeFile(handle);
+		return result;
+	}
+
+	/**
+	 * Create a new directory.
+	 *
+	 * @param dirName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @param posixPermissions the permissions for this directory, e.g., "0700" (remember that
+	 * this is octal noation). The server will likely apply a umask.
+	 * @throws IOException
+	 */
+	public void mkdir(String dirName, int posixPermissions) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(dirName, charsetName);
+		tw.writeUINT32(AttribFlags.SSH_FILEXFER_ATTR_PERMISSIONS);
+		tw.writeUINT32(posixPermissions);
+
+		sendMessage(Packet.SSH_FXP_MKDIR, req_id, tw.getBytes());
+
+		expectStatusOKMessage(req_id);
+	}
+
+	/**
+	 * Remove a file.
+	 *
+	 * @param fileName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @throws IOException
+	 */
+	public void rm(String fileName) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(fileName, charsetName);
+
+		sendMessage(Packet.SSH_FXP_REMOVE, req_id, tw.getBytes());
+
+		expectStatusOKMessage(req_id);
+	}
+
+	/**
+	 * Remove an empty directory.
+	 *
+	 * @param dirName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @throws IOException
+	 */
+	public void rmdir(String dirName) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(dirName, charsetName);
+
+		sendMessage(Packet.SSH_FXP_RMDIR, req_id, tw.getBytes());
+
+		expectStatusOKMessage(req_id);
+	}
+
+	/**
+	 * Move a file or directory.
+	 *
+	 * @param oldPath See the {@link SFTPv3Client comment} for the class for more details.
+	 * @param newPath See the {@link SFTPv3Client comment} for the class for more details.
+	 * @throws IOException
+	 */
+	public void mv(String oldPath, String newPath) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(oldPath, charsetName);
+		tw.writeString(newPath, charsetName);
+
+		sendMessage(Packet.SSH_FXP_RENAME, req_id, tw.getBytes());
+
+		expectStatusOKMessage(req_id);
+	}
+
+	/**
+	 * Open the file for reading.
+	 */
+	public static final int SSH_FXF_READ = 0x00000001;
+	/**
+	 * Open the file for writing.  If both this and SSH_FXF_READ are
+	 * specified, the file is opened for both reading and writing.
+	 */
+	public static final int SSH_FXF_WRITE = 0x00000002;
+	/**
+	 * Force all writes to append data at the end of the file.
+	 */
+	public static final int SSH_FXF_APPEND = 0x00000004;
+	/**
+	 * If this flag is specified, then a new file will be created if one
+	 * does not alread exist (if O_TRUNC is specified, the new file will
+	 * be truncated to zero length if it previously exists).
+	 */
+	public static final int SSH_FXF_CREAT = 0x00000008;
+	/**
+	 * Forces an existing file with the same name to be truncated to zero
+	 * length when creating a file by specifying SSH_FXF_CREAT.
+	 * SSH_FXF_CREAT MUST also be specified if this flag is used.
+	 */
+	public static final int SSH_FXF_TRUNC = 0x00000010;
+	/**
+	 * Causes the request to fail if the named file already exists.
+	 */
+	public static final int SSH_FXF_EXCL = 0x00000020;
+
+	/**
+	 * Open a file for reading.
+	 *
+	 * @param fileName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return a SFTPv3FileHandle handle
+	 * @throws IOException
+	 */
+	public SFTPv3FileHandle openFileRO(String fileName) throws IOException
+	{
+		return openFile(fileName, SSH_FXF_READ, null);
+	}
+
+	/**
+	 * Open a file for reading and writing.
+	 *
+	 * @param fileName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return a SFTPv3FileHandle handle
+	 * @throws IOException
+	 */
+	public SFTPv3FileHandle openFileRW(String fileName) throws IOException
+	{
+		return openFile(fileName, SSH_FXF_READ | SSH_FXF_WRITE, null);
+	}
+
+	/**
+	 * Open a file in append mode. The SFTP v3 draft says nothing but assuming normal POSIX
+	 * behavior, all writes will be appendend to the end of the file, no matter which offset
+	 * one specifies.
+	 * <p/>
+	 * A side note for the curious: OpenSSH does an lseek() to the specified writing offset before each write(),
+	 * even for writes to files opened in O_APPEND mode. However, bear in mind that when working
+	 * in the O_APPEND mode, each write() includes an implicit lseek() to the end of the file
+	 * (well, this is what the newsgroups say).
+	 *
+	 * @param fileName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return a SFTPv3FileHandle handle
+	 * @throws IOException
+	 */
+	public SFTPv3FileHandle openFileRWAppend(String fileName) throws IOException
+	{
+		return openFile(fileName, SSH_FXF_READ | SSH_FXF_WRITE | SSH_FXF_APPEND, null);
+	}
+
+	/**
+	 * Open a file in append mode. The SFTP v3 draft says nothing but assuming normal POSIX
+	 * behavior, all writes will be appendend to the end of the file, no matter which offset
+	 * one specifies.
+	 * <p/>
+	 * A side note for the curious: OpenSSH does an lseek() to the specified writing offset before each write(),
+	 * even for writes to files opened in O_APPEND mode. However, bear in mind that when working
+	 * in the O_APPEND mode, each write() includes an implicit lseek() to the end of the file
+	 * (well, this is what the newsgroups say).
+	 *
+	 * @param fileName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return a SFTPv3FileHandle handle
+	 * @throws IOException
+	 */
+	public SFTPv3FileHandle openFileWAppend(String fileName) throws IOException
+	{
+		return openFile(fileName, SSH_FXF_WRITE | SSH_FXF_APPEND, null);
+	}
+
+	/**
+	 * Create a file and open it for reading and writing.
+	 * Same as {@link #createFile(String, SFTPv3FileAttributes) createFile(fileName, null)}.
+	 *
+	 * @param fileName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return a SFTPv3FileHandle handle
+	 * @throws IOException
+	 */
+	public SFTPv3FileHandle createFile(String fileName) throws IOException
+	{
+		return createFile(fileName, null);
+	}
+
+	/**
+	 * Create a file and open it for reading and writing.
+	 * You can specify the default attributes of the file (the server may or may
+	 * not respect your wishes).
+	 *
+	 * @param fileName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @param attr may be <code>null</code> to use server defaults. Probably only
+	 * the <code>uid</code>, <code>gid</code> and <code>permissions</code>
+	 * (remember the server may apply a umask) entries of the {@link SFTPv3FileHandle}
+	 * structure make sense. You need only to set those fields where you want
+	 * to override the server's defaults.
+	 * @return a SFTPv3FileHandle handle
+	 * @throws IOException
+	 */
+	public SFTPv3FileHandle createFile(String fileName, SFTPv3FileAttributes attr) throws IOException
+	{
+		return openFile(fileName, SSH_FXF_CREAT | SSH_FXF_READ | SSH_FXF_WRITE, attr);
+	}
+
+	/**
+	 * Create a file (truncate it if it already exists) and open it for writing.
+	 * Same as {@link #createFileTruncate(String, SFTPv3FileAttributes) createFileTruncate(fileName, null)}.
+	 *
+	 * @param fileName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @return a SFTPv3FileHandle handle
+	 * @throws IOException
+	 */
+	public SFTPv3FileHandle createFileTruncate(String fileName) throws IOException
+	{
+		return createFileTruncate(fileName, null);
+	}
+
+	/**
+	 * reate a file (truncate it if it already exists) and open it for writing.
+	 * You can specify the default attributes of the file (the server may or may
+	 * not respect your wishes).
+	 *
+	 * @param fileName See the {@link SFTPv3Client comment} for the class for more details.
+	 * @param attr may be <code>null</code> to use server defaults. Probably only
+	 * the <code>uid</code>, <code>gid</code> and <code>permissions</code>
+	 * (remember the server may apply a umask) entries of the {@link SFTPv3FileHandle}
+	 * structure make sense. You need only to set those fields where you want
+	 * to override the server's defaults.
+	 * @return a SFTPv3FileHandle handle
+	 * @throws IOException
+	 */
+	public SFTPv3FileHandle createFileTruncate(String fileName, SFTPv3FileAttributes attr) throws IOException
+	{
+		return openFile(fileName, SSH_FXF_CREAT | SSH_FXF_TRUNC | SSH_FXF_WRITE, attr);
+	}
+
+	private byte[] createAttrs(SFTPv3FileAttributes attr)
+	{
+		TypesWriter tw = new TypesWriter();
+
+		int attrFlags = 0;
+
+		if (attr == null)
+		{
+			tw.writeUINT32(0);
+		}
+		else
+		{
+			if (attr.size != null)
+			{
+				attrFlags = attrFlags | AttribFlags.SSH_FILEXFER_ATTR_SIZE;
+			}
+
+			if ((attr.uid != null) && (attr.gid != null))
+			{
+				attrFlags = attrFlags | AttribFlags.SSH_FILEXFER_ATTR_V3_UIDGID;
+			}
+
+			if (attr.permissions != null)
+			{
+				attrFlags = attrFlags | AttribFlags.SSH_FILEXFER_ATTR_PERMISSIONS;
+			}
+
+			if ((attr.atime != null) && (attr.mtime != null))
+			{
+				attrFlags = attrFlags | AttribFlags.SSH_FILEXFER_ATTR_V3_ACMODTIME;
+			}
+
+			tw.writeUINT32(attrFlags);
+
+			if (attr.size != null)
+			{
+				tw.writeUINT64(attr.size);
+			}
+
+			if ((attr.uid != null) && (attr.gid != null))
+			{
+				tw.writeUINT32(attr.uid);
+				tw.writeUINT32(attr.gid);
+			}
+
+			if (attr.permissions != null)
+			{
+				tw.writeUINT32(attr.permissions);
+			}
+
+			if ((attr.atime != null) && (attr.mtime != null))
+			{
+				tw.writeUINT32(attr.atime);
+				tw.writeUINT32(attr.mtime);
+			}
+		}
+
+		return tw.getBytes();
+	}
+
+	public SFTPv3FileHandle openFile(String fileName, int flags, SFTPv3FileAttributes attr) throws IOException
+	{
+		int req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(fileName, charsetName);
+		tw.writeUINT32(flags);
+		tw.writeBytes(createAttrs(attr));
+
+		log.debug("Sending SSH_FXP_OPEN...");
+		sendMessage(Packet.SSH_FXP_OPEN, req_id, tw.getBytes());
+
+		byte[] resp = receiveMessage(34000);
+
+		TypesReader tr = new TypesReader(resp);
+
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		int rep_id = tr.readUINT32();
+		if (rep_id != req_id)
+		{
+			throw new IOException("The server sent an invalid id field.");
+		}
+
+		if (t == Packet.SSH_FXP_HANDLE)
+		{
+			log.debug("Got SSH_FXP_HANDLE.");
+			return new SFTPv3FileHandle(this, tr.readByteString());
+		}
+
+		if (t != Packet.SSH_FXP_STATUS)
+		{
+			throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+		}
+
+		int errorCode = tr.readUINT32();
+		String errorMessage = tr.readString();
+		listener.read(errorMessage);
+		throw new SFTPException(errorMessage, errorCode);
+	}
+
+	/**
+	 * A read  is divided into multiple requests sent sequentially before
+	 * reading any status from the server
+	 */
+	private static class OutstandingReadRequest
+	{
+		int req_id;
+		/**
+		 * Read offset to request on server starting at the file offset for the first request.
+		 */
+		long serverOffset;
+		/**
+		 * Length of requested data
+		 */
+		int len;
+		/**
+		 * Offset in destination buffer
+		 */
+		int dstOffset;
+		/**
+		 * Temporary buffer
+		 */
+		byte[] buffer;
+	}
+
+	private void sendReadRequest(int id, SFTPv3FileHandle handle, long offset, int len) throws IOException
+	{
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(handle.fileHandle, 0, handle.fileHandle.length);
+		tw.writeUINT64(offset);
+		tw.writeUINT32(len);
+
+		log.debug("Sending SSH_FXP_READ (" + id + ") " + offset + "/" + len);
+		sendMessage(Packet.SSH_FXP_READ, id, tw.getBytes());
+	}
+
+	/**
+	 * Parallel read requests maximum size.
+	 */
+	private static final int DEFAULT_MAX_PARALLELISM = 64;
+
+	/**
+	 * Parallel read requests.
+	 */
+	private int parallelism = DEFAULT_MAX_PARALLELISM;
+
+	/**
+	 * @param parallelism
+	 */
+	public void setRequestParallelism(int parallelism)
+	{
+		this.parallelism = Math.min(parallelism, DEFAULT_MAX_PARALLELISM);
+	}
+
+	/**
+	 * Mapping request ID to request.
+	 */
+	Map<Integer, OutstandingReadRequest> pendingReadQueue
+			= new HashMap<Integer, OutstandingReadRequest>();
+
+	/**
+	 * Read bytes from a file in a parallel fashion. As many bytes as you want will be read.
+	 * <p/>
+	 * <ul>
+	 * <li>The server will read as many bytes as it can from the file (up to <code>len</code>),
+	 * and return them.</li>
+	 * <li>If EOF is encountered before reading any data, <code>-1</code> is returned.
+	 * <li>If an error occurs, an exception is thrown</li>.
+	 * <li>For normal disk files, it is guaranteed that the server will return the specified
+	 * number of bytes, or up to end of file. For, e.g., device files this may return
+	 * fewer bytes than requested.</li>
+	 * </ul>
+	 *
+	 * @param handle a SFTPv3FileHandle handle
+	 * @param fileOffset offset (in bytes) in the file
+	 * @param dst the destination byte array
+	 * @param dstoff offset in the destination byte array
+	 * @param len how many bytes to read, 0 &lt; len
+	 * @return the number of bytes that could be read, may be less than requested if
+	 *         the end of the file is reached, -1 is returned in case of <code>EOF</code>
+	 * @throws IOException
+	 */
+	public int read(SFTPv3FileHandle handle, long fileOffset, byte[] dst, int dstoff, int len) throws IOException
+	{
+		boolean errorOccured = false;
+
+		checkHandleValidAndOpen(handle);
+
+		int remaining = len * parallelism;
+		int clientOffset = dstoff;
+
+		long serverOffset = fileOffset;
+		for (OutstandingReadRequest r : pendingReadQueue.values())
+		{
+			// Server offset should take pending requests into account.
+			serverOffset += r.len;
+		}
+
+		while (true)
+		{
+			// Stop if there was an error and no outstanding request
+			if ((pendingReadQueue.size() == 0) && errorOccured)
+			{
+				break;
+			}
+
+			// Send as many requests as we are allowed to
+			while (pendingReadQueue.size() < parallelism)
+			{
+				if (errorOccured)
+				{
+					break;
+				}
+				// Send the next read request
+				OutstandingReadRequest req = new OutstandingReadRequest();
+				req.req_id = generateNextRequestID();
+				req.serverOffset = serverOffset;
+				req.len = (remaining > len) ? len : remaining;
+				req.buffer = dst;
+				req.dstOffset = dstoff;
+
+				serverOffset += req.len;
+				clientOffset += req.len;
+				remaining -= req.len;
+
+				sendReadRequest(req.req_id, handle, req.serverOffset, req.len);
+
+				pendingReadQueue.put(req.req_id, req);
+			}
+			if (pendingReadQueue.size() == 0)
+			{
+				break;
+			}
+
+			// Receive a single answer
+			byte[] resp = receiveMessage(34000);
+			TypesReader tr = new TypesReader(resp);
+
+			int t = tr.readByte();
+			listener.read(Packet.forName(t));
+
+			// Search the pending queue
+			OutstandingReadRequest req = pendingReadQueue.remove(tr.readUINT32());
+			if (null == req)
+			{
+				throw new IOException("The server sent an invalid id field.");
+			}
+			// Evaluate the answer
+			if (t == Packet.SSH_FXP_STATUS)
+			{
+				/* In any case, stop sending more packets */
+
+				int code = tr.readUINT32();
+				String msg = tr.readString();
+				listener.read(msg);
+
+				if (log.isDebugEnabled())
+				{
+					String[] desc = ErrorCodes.getDescription(code);
+					log.debug("Got SSH_FXP_STATUS (" + req.req_id + ") (" + ((desc != null) ? desc[0] : "UNKNOWN") + ")");
+				}
+				// Flag to read all pending requests but don't send any more.
+				errorOccured = true;
+				if (pendingReadQueue.isEmpty())
+				{
+					if (ErrorCodes.SSH_FX_EOF == code)
+					{
+						return -1;
+					}
+					throw new SFTPException(msg, code);
+				}
+			}
+			else if (t == Packet.SSH_FXP_DATA)
+			{
+				// OK, collect data
+				int readLen = tr.readUINT32();
+
+				if ((readLen < 0) || (readLen > req.len))
+				{
+					throw new IOException("The server sent an invalid length field in a SSH_FXP_DATA packet.");
+				}
+
+				if (log.isDebugEnabled())
+				{
+					log.debug("Got SSH_FXP_DATA (" + req.req_id + ") " + req.serverOffset + "/" + readLen
+							+ " (requested: " + req.len + ")");
+				}
+
+				// Read bytes into buffer
+				tr.readBytes(req.buffer, req.dstOffset, readLen);
+
+				if (readLen < req.len)
+				{
+					/* Send this request packet again to request the remaing data in this slot. */
+					req.req_id = generateNextRequestID();
+					req.serverOffset += readLen;
+					req.len -= readLen;
+
+					log.debug("Requesting again: " + req.serverOffset + "/" + req.len);
+					sendReadRequest(req.req_id, handle, req.serverOffset, req.len);
+
+					pendingReadQueue.put(req.req_id, req);
+				}
+				return readLen;
+			}
+			else
+			{
+				throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+			}
+		}
+		// Should never reach here.
+		throw new SFTPException("No EOF reached", -1);
+	}
+
+	/**
+	 * A read  is divided into multiple requests sent sequentially before
+	 * reading any status from the server
+	 */
+	private static class OutstandingStatusRequest
+	{
+		int req_id;
+	}
+
+	/**
+	 * Mapping request ID to request.
+	 */
+	Map<Integer, OutstandingStatusRequest> pendingStatusQueue
+			= new HashMap<Integer, OutstandingStatusRequest>();
+
+	/**
+	 * Write bytes to a file. If <code>len</code> &gt; 32768, then the write operation will
+	 * be split into multiple writes.
+	 *
+	 * @param handle a SFTPv3FileHandle handle.
+	 * @param fileOffset offset (in bytes) in the file.
+	 * @param src the source byte array.
+	 * @param srcoff offset in the source byte array.
+	 * @param len how many bytes to write.
+	 * @throws IOException
+	 */
+	public void write(SFTPv3FileHandle handle, long fileOffset, byte[] src, int srcoff, int len) throws IOException
+	{
+		checkHandleValidAndOpen(handle);
+
+		// Send the next write request
+		OutstandingStatusRequest req = new OutstandingStatusRequest();
+		req.req_id = generateNextRequestID();
+
+		TypesWriter tw = new TypesWriter();
+		tw.writeString(handle.fileHandle, 0, handle.fileHandle.length);
+		tw.writeUINT64(fileOffset);
+		tw.writeString(src, srcoff, len);
+
+		log.debug("Sending SSH_FXP_WRITE...");
+		sendMessage(Packet.SSH_FXP_WRITE, req.req_id, tw.getBytes());
+
+		pendingStatusQueue.put(req.req_id, req);
+
+		// Only read next status if parallelism reached
+		while (pendingStatusQueue.size() >= parallelism)
+		{
+			this.readStatus();
+		}
+	}
+
+	private void readStatus() throws IOException
+	{
+		byte[] resp = receiveMessage(34000);
+
+		TypesReader tr = new TypesReader(resp);
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		// Search the pending queue
+		OutstandingStatusRequest status = pendingStatusQueue.remove(tr.readUINT32());
+		if (null == status)
+		{
+			throw new IOException("The server sent an invalid id field.");
+		}
+
+		// Evaluate the answer
+		if (t == Packet.SSH_FXP_STATUS)
+		{
+			// In any case, stop sending more packets
+			int code = tr.readUINT32();
+			if (log.isDebugEnabled())
+			{
+				String[] desc = ErrorCodes.getDescription(code);
+				log.debug("Got SSH_FXP_STATUS (" + status.req_id + ") (" + ((desc != null) ? desc[0] : "UNKNOWN") + ")");
+			}
+			if (code == ErrorCodes.SSH_FX_OK)
+			{
+				return;
+			}
+			String msg = tr.readString();
+			listener.read(msg);
+			throw new SFTPException(msg, code);
+		}
+		throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+	}
+
+	private void readPendingReadStatus() throws IOException
+	{
+		byte[] resp = receiveMessage(34000);
+
+		TypesReader tr = new TypesReader(resp);
+		int t = tr.readByte();
+		listener.read(Packet.forName(t));
+
+		// Search the pending queue
+        OutstandingReadRequest status = pendingReadQueue.remove(tr.readUINT32());
+        if (null == status)
+		{
+			throw new IOException("The server sent an invalid id field.");
+		}
+
+		// Evaluate the answer
+		if (t == Packet.SSH_FXP_STATUS)
+		{
+			// In any case, stop sending more packets
+			int code = tr.readUINT32();
+			if (log.isDebugEnabled())
+			{
+				String[] desc = ErrorCodes.getDescription(code);
+				log.debug("Got SSH_FXP_STATUS (" + status.req_id + ") (" + ((desc != null) ? desc[0] : "UNKNOWN") + ")");
+			}
+			if (code == ErrorCodes.SSH_FX_OK)
+			{
+				return;
+			}
+            if (code == ErrorCodes.SSH_FX_EOF)
+            {
+                return;
+            }
+			String msg = tr.readString();
+			listener.read(msg);
+			throw new SFTPException(msg, code);
+		}
+		throw new IOException("The SFTP server sent an unexpected packet type (" + t + ")");
+	}
+
+	/**
+	 * Close a file.
+	 *
+	 * @param handle a SFTPv3FileHandle handle
+	 * @throws IOException
+	 */
+	public void closeFile(SFTPv3FileHandle handle) throws IOException
+	{
+		try
+		{
+			while (!pendingReadQueue.isEmpty())
+			{
+				this.readPendingReadStatus();
+			}
+			while (!pendingStatusQueue.isEmpty())
+			{
+				this.readStatus();
+			}
+			if (!handle.isClosed)
+			{
+				closeHandle(handle.fileHandle);
+			}
+		}
+		finally
+		{
+			handle.isClosed = true;
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/SFTPv3DirectoryEntry.java b/src/main/java/ch/ethz/ssh2/SFTPv3DirectoryEntry.java
new file mode 100644
index 0000000..22ec922
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SFTPv3DirectoryEntry.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A <code>SFTPv3DirectoryEntry</code> as returned by {@link SFTPv3Client#ls(String)}.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class SFTPv3DirectoryEntry
+{
+	/**
+	 *  A relative name within the directory, without any path components.
+	 */
+	public String filename;
+
+	/**
+	 * An expanded format for the file name, similar to what is returned by
+	 * "ls -l" on Un*x systems.
+	 * <p>
+	 * The format of this field is unspecified by the SFTP v3 protocol.
+	 * It MUST be suitable for use in the output of a directory listing
+	 * command (in fact, the recommended operation for a directory listing
+	 * command is to simply display this data).  However, clients SHOULD NOT
+	 * attempt to parse the longname field for file attributes; they SHOULD
+	 * use the attrs field instead.
+	 * <p>
+	 * The recommended format for the longname field is as follows:<br>
+	 * <code>-rwxr-xr-x   1 mjos     staff      348911 Mar 25 14:29 t-filexfer</code>
+	 */
+	public String longEntry;
+
+	/**
+	 * The attributes of this entry.
+	 */
+	public SFTPv3FileAttributes attributes;
+}
diff --git a/src/main/java/ch/ethz/ssh2/SFTPv3FileAttributes.java b/src/main/java/ch/ethz/ssh2/SFTPv3FileAttributes.java
new file mode 100644
index 0000000..cb455b9
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SFTPv3FileAttributes.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A <code>SFTPv3FileAttributes</code> object represents detail information
+ * about a file on the server. Not all fields may/must be present.
+ *
+ * @author Christian Plattner, plattner@inf.ethz.ch
+ * @version $Id: SFTPv3FileAttributes.java 42 2011-06-02 15:34:20Z dkocher@sudo.ch $
+ */
+
+public class SFTPv3FileAttributes
+{
+	/**
+	 * The SIZE attribute. <code>NULL</code> if not present.
+	 */
+	public Long size = null;
+
+	/**
+	 * The UID attribute. <code>NULL</code> if not present.
+	 */
+	public Integer uid = null;
+
+	/**
+	 * The GID attribute. <code>NULL</code> if not present.
+	 */
+	public Integer gid = null;
+
+	/**
+	 * The POSIX permissions. <code>NULL</code> if not present.
+	 * <p>
+	 * Here is a list:
+	 * <p>
+	 * <pre>Note: these numbers are all OCTAL.
+	 *
+	 *  S_IFMT     0170000   bitmask for the file type bitfields
+	 *  S_IFSOCK   0140000   socket
+	 *  S_IFLNK    0120000   symbolic link
+	 *  S_IFREG    0100000   regular file
+	 *  S_IFBLK    0060000   block device
+	 *  S_IFDIR    0040000   directory
+	 *  S_IFCHR    0020000   character device
+	 *  S_IFIFO    0010000   fifo
+	 *  S_ISUID    0004000   set UID bit
+	 *  S_ISGID    0002000   set GID bit
+	 *  S_ISVTX    0001000   sticky bit
+	 *
+	 *  S_IRWXU    00700     mask for file owner permissions
+	 *  S_IRUSR    00400     owner has read permission
+	 *  S_IWUSR    00200     owner has write permission
+	 *  S_IXUSR    00100     owner has execute permission
+	 *  S_IRWXG    00070     mask for group permissions
+	 *  S_IRGRP    00040     group has read permission
+	 *  S_IWGRP    00020     group has write permission
+	 *  S_IXGRP    00010     group has execute permission
+	 *  S_IRWXO    00007     mask for permissions for others (not in group)
+	 *  S_IROTH    00004     others have read permission
+	 *  S_IWOTH    00002     others have write permisson
+	 *  S_IXOTH    00001     others have execute permission
+	 * </pre>
+	 */
+	public Integer permissions = null;
+
+	/**
+	 * The ATIME attribute. Represented as seconds from Jan 1, 1970 in UTC.
+	 * <code>NULL</code> if not present.
+	 */
+	public Integer atime = null;
+
+	/**
+	 * The MTIME attribute. Represented as seconds from Jan 1, 1970 in UTC.
+	 * <code>NULL</code> if not present.
+	 */
+	public Integer mtime = null;
+
+	/**
+	 * Checks if this entry is a directory.
+	 *
+	 * @return Returns true if permissions are available and they indicate
+	 *         that this entry represents a directory.
+	 */
+	public boolean isDirectory()
+	{
+		if (permissions == null)
+			return false;
+
+		return ((permissions.intValue() & 0040000) == 0040000);
+	}
+
+	/**
+	 * Checks if this entry is a regular file.
+	 *
+	 * @return Returns true if permissions are available and they indicate
+	 *         that this entry represents a regular file.
+	 */
+	public boolean isRegularFile()
+	{
+		if (permissions == null)
+			return false;
+
+		return ((permissions.intValue() & 0100000) == 0100000);
+	}
+
+	/**
+	 * Checks if this entry is a a symlink.
+	 *
+	 * @return Returns true if permissions are available and they indicate
+	 *         that this entry represents a symlink.
+	 */
+	public boolean isSymlink()
+	{
+		if (permissions == null)
+			return false;
+
+		return ((permissions.intValue() & 0120000) == 0120000);
+	}
+
+	/**
+	 * Turn the POSIX permissions into a 7 digit octal representation.
+	 * Note: the returned value is first masked with <code>0177777</code>.
+	 * 
+	 * @return <code>NULL</code> if permissions are not available.
+	 */
+	public String getOctalPermissions()
+	{
+		if (permissions == null)
+			return null;
+
+		String res = Integer.toString(permissions.intValue() & 0177777, 8);
+
+		StringBuilder sb = new StringBuilder();
+
+		int leadingZeros = 7 - res.length();
+
+		while (leadingZeros > 0)
+		{
+			sb.append('0');
+			leadingZeros--;
+		}
+
+		sb.append(res);
+
+		return sb.toString();
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/SFTPv3FileHandle.java b/src/main/java/ch/ethz/ssh2/SFTPv3FileHandle.java
new file mode 100644
index 0000000..3db55ee
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/SFTPv3FileHandle.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A <code>SFTPv3FileHandle</code>.
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class SFTPv3FileHandle
+{
+	protected final SFTPv3Client client;
+	protected final byte[] fileHandle;
+	protected boolean isClosed;
+
+	protected SFTPv3FileHandle(SFTPv3Client client, byte[] h)
+	{
+		this.client = client;
+		this.fileHandle = h;
+	}
+
+	/**
+	 * Get the SFTPv3Client instance which created this handle.
+	 *
+	 * @return A SFTPv3Client instance.
+	 */
+	public SFTPv3Client getClient()
+	{
+		return client;
+	}
+
+	/**
+	 * Check if this handle was closed with the {@link SFTPv3Client#closeFile(SFTPv3FileHandle)} method
+	 * of the <code>SFTPv3Client</code> instance which created the handle.
+	 *
+	 * @return if the handle is closed.
+	 */
+	public boolean isClosed()
+	{
+		return isClosed;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/ServerHostKeyVerifier.java b/src/main/java/ch/ethz/ssh2/ServerHostKeyVerifier.java
new file mode 100644
index 0000000..0073fbc
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/ServerHostKeyVerifier.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+/**
+ * A callback interface used to implement a client specific method of checking
+ * server host keys.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public interface ServerHostKeyVerifier
+{
+	/**
+	 * The actual verifier method, it will be called by the key exchange code
+	 * on EVERY key exchange - this can happen several times during the lifetime
+	 * of a connection.
+	 * <p>
+	 * Note: SSH-2 servers are allowed to change their hostkey at ANY time.
+	 * 
+	 * @param hostname the hostname used to create the {@link Connection} object
+	 * @param port the remote TCP port
+	 * @param serverHostKeyAlgorithm the public key algorithm (<code>ssh-rsa</code> or <code>ssh-dss</code>)
+	 * @param serverHostKey the server's public key blob
+	 * @return if the client wants to accept the server's host key - if not, the
+	 *         connection will be closed.
+	 * @throws Exception Will be wrapped with an IOException, extended version of returning false =)
+	 */
+	public boolean verifyServerHostKey(String hostname, int port, String serverHostKeyAlgorithm, byte[] serverHostKey)
+			throws Exception;
+}
diff --git a/src/main/java/ch/ethz/ssh2/Session.java b/src/main/java/ch/ethz/ssh2/Session.java
new file mode 100644
index 0000000..a6e33aa
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/Session.java
@@ -0,0 +1,460 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.SecureRandom;
+
+import ch.ethz.ssh2.channel.Channel;
+import ch.ethz.ssh2.channel.ChannelManager;
+import ch.ethz.ssh2.channel.X11ServerData;
+
+/**
+ * A <code>Session</code> is a remote execution of a program. "Program" means
+ * in this context either a shell, an application or a system command. The
+ * program may or may not have a tty. Only one single program can be started on
+ * a session. However, multiple sessions can be active simultaneously.
+ *
+ * @author Christian Plattner
+ * @version $Id: Session.java 32 2011-05-28 21:56:21Z dkocher@sudo.ch $
+ */
+public class Session
+{
+	private ChannelManager cm;
+	private Channel cn;
+
+	private boolean flag_pty_requested = false;
+	private boolean flag_x11_requested = false;
+	private boolean flag_execution_started = false;
+	private boolean flag_closed = false;
+
+	private String x11FakeCookie = null;
+
+	private final SecureRandom rnd;
+
+	protected Session(ChannelManager cm, SecureRandom rnd) throws IOException
+	{
+		this.cm = cm;
+		this.cn = cm.openSessionChannel();
+		this.rnd = rnd;
+	}
+
+	/**
+	 * Basically just a wrapper for lazy people - identical to calling
+	 * <code>requestPTY("dumb", 0, 0, 0, 0, null)</code>.
+	 *
+	 * @throws IOException
+	 */
+	public void requestDumbPTY() throws IOException
+	{
+		requestPTY("dumb", 0, 0, 0, 0, null);
+	}
+
+	/**
+	 * Basically just another wrapper for lazy people - identical to calling
+	 * <code>requestPTY(term, 0, 0, 0, 0, null)</code>.
+	 *
+	 * @throws IOException
+	 */
+	public void requestPTY(String term) throws IOException
+	{
+		requestPTY(term, 0, 0, 0, 0, null);
+	}
+
+	/**
+	 * Allocate a pseudo-terminal for this session.
+	 * <p/>
+	 * This method may only be called before a program or shell is started in
+	 * this session.
+	 * <p/>
+	 * Different aspects can be specified:
+	 * <p/>
+	 * <ul>
+	 * <li>The TERM environment variable value (e.g., vt100)</li>
+	 * <li>The terminal's dimensions.</li>
+	 * <li>The encoded terminal modes.</li>
+	 * </ul>
+	 * Zero dimension parameters are ignored. The character/row dimensions
+	 * override the pixel dimensions (when nonzero). Pixel dimensions refer to
+	 * the drawable area of the window. The dimension parameters are only
+	 * informational. The encoding of terminal modes (parameter
+	 * <code>terminal_modes</code>) is described in RFC4254.
+	 *
+	 * @param term The TERM environment variable value (e.g., vt100)
+	 * @param term_width_characters terminal width, characters (e.g., 80)
+	 * @param term_height_characters terminal height, rows (e.g., 24)
+	 * @param term_width_pixels terminal width, pixels (e.g., 640)
+	 * @param term_height_pixels terminal height, pixels (e.g., 480)
+	 * @param terminal_modes encoded terminal modes (may be <code>null</code>)
+	 * @throws IOException
+	 */
+	public void requestPTY(String term, int term_width_characters, int term_height_characters, int term_width_pixels,
+						   int term_height_pixels, byte[] terminal_modes) throws IOException
+	{
+		if (term == null)
+			throw new IllegalArgumentException("TERM cannot be null.");
+
+		if ((terminal_modes != null) && (terminal_modes.length > 0))
+		{
+			if (terminal_modes[terminal_modes.length - 1] != 0)
+				throw new IOException("Illegal terminal modes description, does not end in zero byte");
+		}
+		else
+			terminal_modes = new byte[]{0};
+
+		synchronized (this)
+		{
+			/* The following is just a nicer error, we would catch it anyway later in the channel code */
+			if (flag_closed)
+				throw new IOException("This session is closed.");
+
+			if (flag_pty_requested)
+				throw new IOException("A PTY was already requested.");
+
+			if (flag_execution_started)
+				throw new IOException(
+						"Cannot request PTY at this stage anymore, a remote execution has already started.");
+
+			flag_pty_requested = true;
+		}
+
+		cm.requestPTY(cn, term, term_width_characters, term_height_characters, term_width_pixels, term_height_pixels,
+				terminal_modes);
+	}
+
+	/**
+	 * Request X11 forwarding for the current session.
+	 * <p/>
+	 * You have to supply the name and port of your X-server.
+	 * <p/>
+	 * This method may only be called before a program or shell is started in
+	 * this session.
+	 *
+	 * @param hostname the hostname of the real (target) X11 server (e.g., 127.0.0.1)
+	 * @param port the port of the real (target) X11 server (e.g., 6010)
+	 * @param cookie if non-null, then present this cookie to the real X11 server
+	 * @param singleConnection if true, then the server is instructed to only forward one single
+	 * connection, no more connections shall be forwarded after first, or after the session
+	 * channel has been closed
+	 * @throws IOException
+	 */
+	public void requestX11Forwarding(String hostname, int port, byte[] cookie, boolean singleConnection)
+			throws IOException
+	{
+		if (hostname == null)
+			throw new IllegalArgumentException("hostname argument may not be null");
+
+		synchronized (this)
+		{
+			/* The following is just a nicer error, we would catch it anyway later in the channel code */
+			if (flag_closed)
+				throw new IOException("This session is closed.");
+
+			if (flag_x11_requested)
+				throw new IOException("X11 forwarding was already requested.");
+
+			if (flag_execution_started)
+				throw new IOException(
+						"Cannot request X11 forwarding at this stage anymore, a remote execution has already started.");
+
+			flag_x11_requested = true;
+		}
+
+		/* X11ServerData - used to store data about the target X11 server */
+
+		X11ServerData x11data = new X11ServerData();
+
+		x11data.hostname = hostname;
+		x11data.port = port;
+		x11data.x11_magic_cookie = cookie; /* if non-null, then present this cookie to the real X11 server */
+
+		/* Generate fake cookie - this one is used between remote clients and the ganymed proxy */
+
+		byte[] fakeCookie = new byte[16];
+		String hexEncodedFakeCookie;
+
+		/* Make sure that this fake cookie is unique for this connection */
+
+		while (true)
+		{
+			rnd.nextBytes(fakeCookie);
+
+			/* Generate also hex representation of fake cookie */
+
+			StringBuilder tmp = new StringBuilder(32);
+			for (int i = 0; i < fakeCookie.length; i++)
+			{
+				String digit2 = Integer.toHexString(fakeCookie[i] & 0xff);
+				tmp.append((digit2.length() == 2) ? digit2 : "0" + digit2);
+			}
+			hexEncodedFakeCookie = tmp.toString();
+
+			/* Well, yes, chances are low, but we want to be on the safe side */
+
+			if (cm.checkX11Cookie(hexEncodedFakeCookie) == null)
+				break;
+		}
+
+		/* Ask for X11 forwarding */
+
+		cm.requestX11(cn, singleConnection, "MIT-MAGIC-COOKIE-1", hexEncodedFakeCookie, 0);
+
+		/* OK, that went fine, get ready to accept X11 connections... */
+		/* ... but only if the user has not called close() in the meantime =) */
+
+		synchronized (this)
+		{
+			if (flag_closed == false)
+			{
+				this.x11FakeCookie = hexEncodedFakeCookie;
+				cm.registerX11Cookie(hexEncodedFakeCookie, x11data);
+			}
+		}
+
+		/* Now it is safe to start remote X11 programs */
+	}
+
+	/**
+	 * Execute a command on the remote machine.
+	 *
+	 * @param cmd The command to execute on the remote host.
+	 * @throws IOException
+	 */
+	public void execCommand(String cmd) throws IOException
+	{
+		this.execCommand(cmd, null);
+	}
+
+	/**
+	 * Execute a command on the remote machine.
+	 *
+	 * @param cmd The command to execute on the remote host.
+	 * @param charsetName The charset used to convert between Java Unicode Strings and byte encodings
+	 * @throws IOException
+	 */
+	public void execCommand(String cmd, String charsetName) throws IOException
+	{
+		if (cmd == null)
+			throw new IllegalArgumentException("cmd argument may not be null");
+
+		synchronized (this)
+		{
+			/* The following is just a nicer error, we would catch it anyway later in the channel code */
+			if (flag_closed)
+				throw new IOException("This session is closed.");
+
+			if (flag_execution_started)
+				throw new IOException("A remote execution has already started.");
+
+			flag_execution_started = true;
+		}
+
+		cm.requestExecCommand(cn, cmd, charsetName);
+	}
+
+	/**
+	 * Start a shell on the remote machine.
+	 *
+	 * @throws IOException
+	 */
+	public void startShell() throws IOException
+	{
+		synchronized (this)
+		{
+			/* The following is just a nicer error, we would catch it anyway later in the channel code */
+			if (flag_closed)
+				throw new IOException("This session is closed.");
+
+			if (flag_execution_started)
+				throw new IOException("A remote execution has already started.");
+
+			flag_execution_started = true;
+		}
+
+		cm.requestShell(cn);
+	}
+
+	/**
+	 * Start a subsystem on the remote machine.
+	 * Unless you know what you are doing, you will never need this.
+	 *
+	 * @param name the name of the subsystem.
+	 * @throws IOException
+	 */
+	public void startSubSystem(String name) throws IOException
+	{
+		if (name == null)
+			throw new IllegalArgumentException("name argument may not be null");
+
+		synchronized (this)
+		{
+			/* The following is just a nicer error, we would catch it anyway later in the channel code */
+			if (flag_closed)
+				throw new IOException("This session is closed.");
+
+			if (flag_execution_started)
+				throw new IOException("A remote execution has already started.");
+
+			flag_execution_started = true;
+		}
+
+		cm.requestSubSystem(cn, name);
+	}
+
+	public int getState()
+	{
+		return cn.getState();
+	}
+
+	public InputStream getStdout()
+	{
+		return cn.getStdoutStream();
+	}
+
+	public InputStream getStderr()
+	{
+		return cn.getStderrStream();
+	}
+
+	public OutputStream getStdin()
+	{
+		return cn.getStdinStream();
+	}
+
+	/**
+	 * This method blocks until there is more data available on either the
+	 * stdout or stderr InputStream of this <code>Session</code>. Very useful
+	 * if you do not want to use two parallel threads for reading from the two
+	 * InputStreams. One can also specify a timeout. NOTE: do NOT call this
+	 * method if you use concurrent threads that operate on either of the two
+	 * InputStreams of this <code>Session</code> (otherwise this method may
+	 * block, even though more data is available).
+	 *
+	 * @param timeout The (non-negative) timeout in <code>ms</code>. <code>0</code> means no
+	 * timeout, the call may block forever.
+	 * @return <ul>
+	 *         <li><code>0</code> if no more data will arrive.</li>
+	 *         <li><code>1</code> if more data is available.</li>
+	 *         <li><code>-1</code> if a timeout occurred.</li>
+	 *         </ul>
+	 * @throws IOException
+	 * @deprecated This method has been replaced with a much more powerful wait-for-condition
+	 *             interface and therefore acts only as a wrapper.
+	 */
+	public int waitUntilDataAvailable(long timeout) throws IOException
+	{
+		if (timeout < 0)
+			throw new IllegalArgumentException("timeout must not be negative!");
+
+		int conditions = cm.waitForCondition(cn, timeout, ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA
+				| ChannelCondition.EOF);
+
+		if ((conditions & ChannelCondition.TIMEOUT) != 0)
+			return -1;
+
+		if ((conditions & (ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA)) != 0)
+			return 1;
+
+		/* Here we do not need to check separately for CLOSED, since CLOSED implies EOF */
+
+		if ((conditions & ChannelCondition.EOF) != 0)
+			return 0;
+
+		throw new IllegalStateException("Unexpected condition result (" + conditions + ")");
+	}
+
+	/**
+	 * This method blocks until certain conditions hold true on the underlying SSH-2 channel.
+	 * <p/>
+	 * This method returns as soon as one of the following happens:
+	 * <ul>
+	 * <li>at least of the specified conditions (see {@link ChannelCondition}) holds true</li>
+	 * <li>timeout > 0 and a timeout occured (TIMEOUT will be set in result conditions)</a>
+	 * <li>the underlying channel was closed (CLOSED will be set in result conditions)</a>
+	 * </ul>
+	 * <p/>
+	 * In any case, the result value contains ALL current conditions, which may be more
+	 * than the specified condition set (i.e., never use the "==" operator to test for conditions
+	 * in the bitmask, see also comments in {@link ChannelCondition}).
+	 * <p/>
+	 * Note: do NOT call this method if you want to wait for STDOUT_DATA or STDERR_DATA and
+	 * there are concurrent threads (e.g., StreamGobblers) that operate on either of the two
+	 * InputStreams of this <code>Session</code> (otherwise this method may
+	 * block, even though more data is available in the StreamGobblers).
+	 *
+	 * @param condition_set a bitmask based on {@link ChannelCondition} values
+	 * @param timeout non-negative timeout in ms, <code>0</code> means no timeout
+	 * @return all bitmask specifying all current conditions that are true
+	 */
+
+	public int waitForCondition(int condition_set, long timeout)
+	{
+		if (timeout < 0)
+			throw new IllegalArgumentException("timeout must be non-negative!");
+
+		return cm.waitForCondition(cn, timeout, condition_set);
+	}
+
+	/**
+	 * Get the exit code/status from the remote command - if available. Be
+	 * careful - not all server implementations return this value. It is
+	 * generally a good idea to call this method only when all data from the
+	 * remote side has been consumed (see also the <code<WaitForCondition</code> method).
+	 *
+	 * @return An <code>Integer</code> holding the exit code, or
+	 *         <code>null</code> if no exit code is (yet) available.
+	 */
+	public Integer getExitStatus()
+	{
+		return cn.getExitStatus();
+	}
+
+	/**
+	 * Get the name of the signal by which the process on the remote side was
+	 * stopped - if available and applicable. Be careful - not all server
+	 * implementations return this value.
+	 *
+	 * @return An <code>String</code> holding the name of the signal, or
+	 *         <code>null</code> if the process exited normally or is still
+	 *         running (or if the server forgot to send this information).
+	 */
+	public String getExitSignal()
+	{
+		return cn.getExitSignal();
+	}
+
+	/**
+	 * Close this session. NEVER forget to call this method to free up resources -
+	 * even if you got an exception from one of the other methods (or when
+	 * getting an Exception on the Input- or OutputStreams). Sometimes these other
+	 * methods may throw an exception, saying that the underlying channel is
+	 * closed (this can happen, e.g., if the other server sent a close message.)
+	 * However, as long as you have not called the <code>close()</code>
+	 * method, you may be wasting (local) resources.
+	 */
+	public void close()
+	{
+		synchronized (this)
+		{
+			if (flag_closed)
+				return;
+
+			flag_closed = true;
+
+			if (x11FakeCookie != null)
+				cm.unRegisterX11Cookie(x11FakeCookie, true);
+
+			try
+			{
+				cm.closeChannel(cn, "Closed due to user request", true);
+			}
+			catch (IOException ignored)
+			{
+			}
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/StreamGobbler.java b/src/main/java/ch/ethz/ssh2/StreamGobbler.java
new file mode 100644
index 0000000..7339bc8
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/StreamGobbler.java
@@ -0,0 +1,256 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * A <code>StreamGobbler</code> is an InputStream that uses an internal worker
+ * thread to constantly consume input from another InputStream. It uses a buffer
+ * to store the consumed data. The buffer size is automatically adjusted, if needed.
+ * <p/>
+ * This class is sometimes very convenient - if you wrap a session's STDOUT and STDERR
+ * InputStreams with instances of this class, then you don't have to bother about
+ * the shared window of STDOUT and STDERR in the low level SSH-2 protocol,
+ * since all arriving data will be immediatelly consumed by the worker threads.
+ * Also, as a side effect, the streams will be buffered (e.g., single byte
+ * read() operations are faster).
+ * <p/>
+ * Other SSH for Java libraries include this functionality by default in
+ * their STDOUT and STDERR InputStream implementations, however, please be aware
+ * that this approach has also a downside:
+ * <p/>
+ * If you do not call the StreamGobbler's <code>read()</code> method often enough
+ * and the peer is constantly sending huge amounts of data, then you will sooner or later
+ * encounter a low memory situation due to the aggregated data (well, it also depends on the Java heap size).
+ * Joe Average will like this class anyway - a paranoid programmer would never use such an approach.
+ * <p/>
+ * The term "StreamGobbler" was taken from an article called "When Runtime.exec() won't",
+ * see http://www.javaworld.com/javaworld/jw-12-2000/jw-1229-traps.html.
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class StreamGobbler extends InputStream
+{
+	class GobblerThread extends Thread
+	{
+		@Override
+		public void run()
+		{
+			byte[] buff = new byte[8192];
+
+			while (true)
+			{
+				try
+				{
+					int avail = is.read(buff);
+
+					synchronized (synchronizer)
+					{
+						if (avail <= 0)
+						{
+							isEOF = true;
+							synchronizer.notifyAll();
+							break;
+						}
+
+						int space_available = buffer.length - write_pos;
+
+						if (space_available < avail)
+						{
+							/* compact/resize buffer */
+
+							int unread_size = write_pos - read_pos;
+							int need_space = unread_size + avail;
+
+							byte[] new_buffer = buffer;
+
+							if (need_space > buffer.length)
+							{
+								int inc = need_space / 3;
+								inc = (inc < 256) ? 256 : inc;
+								inc = (inc > 8192) ? 8192 : inc;
+								new_buffer = new byte[need_space + inc];
+							}
+
+							if (unread_size > 0)
+								System.arraycopy(buffer, read_pos, new_buffer, 0, unread_size);
+
+							buffer = new_buffer;
+
+							read_pos = 0;
+							write_pos = unread_size;
+						}
+
+						System.arraycopy(buff, 0, buffer, write_pos, avail);
+						write_pos += avail;
+
+						synchronizer.notifyAll();
+					}
+				}
+				catch (IOException e)
+				{
+					synchronized (synchronizer)
+					{
+						exception = e;
+						synchronizer.notifyAll();
+						break;
+					}
+				}
+			}
+		}
+	}
+
+	private InputStream is;
+
+	private final Object synchronizer = new Object();
+
+	private boolean isEOF = false;
+	private boolean isClosed = false;
+	private IOException exception = null;
+
+	private byte[] buffer = new byte[2048];
+	private int read_pos = 0;
+	private int write_pos = 0;
+
+	public StreamGobbler(InputStream is)
+	{
+		this.is = is;
+		GobblerThread t = new GobblerThread();
+		t.setDaemon(true);
+		t.start();
+	}
+
+	@Override
+	public int read() throws IOException
+	{
+		boolean wasInterrupted = false;
+
+		try
+		{
+			synchronized (synchronizer)
+			{
+				if (isClosed)
+					throw new IOException("This StreamGobbler is closed.");
+
+				while (read_pos == write_pos)
+				{
+					if (exception != null)
+						throw exception;
+
+					if (isEOF)
+						return -1;
+
+					try
+					{
+						synchronizer.wait();
+					}
+					catch (InterruptedException e)
+					{
+						wasInterrupted = true;
+					}
+				}
+				return buffer[read_pos++] & 0xff;
+			}
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+	}
+
+	@Override
+	public int available() throws IOException
+	{
+		synchronized (synchronizer)
+		{
+			if (isClosed)
+				throw new IOException("This StreamGobbler is closed.");
+
+			return write_pos - read_pos;
+		}
+	}
+
+	@Override
+	public int read(byte[] b) throws IOException
+	{
+		return read(b, 0, b.length);
+	}
+
+	@Override
+	public void close() throws IOException
+	{
+		synchronized (synchronizer)
+		{
+			if (isClosed)
+				return;
+			isClosed = true;
+			isEOF = true;
+			synchronizer.notifyAll();
+			is.close();
+		}
+	}
+
+	@Override
+	public int read(byte[] b, int off, int len) throws IOException
+	{
+		if (b == null)
+			throw new NullPointerException();
+
+		if ((off < 0) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0) || (off > b.length))
+			throw new IndexOutOfBoundsException();
+
+		if (len == 0)
+			return 0;
+
+		boolean wasInterrupted = false;
+
+		try
+		{
+			synchronized (synchronizer)
+			{
+				if (isClosed)
+					throw new IOException("This StreamGobbler is closed.");
+
+				while (read_pos == write_pos)
+				{
+					if (exception != null)
+						throw exception;
+
+					if (isEOF)
+						return -1;
+
+					try
+					{
+						synchronizer.wait();
+					}
+					catch (InterruptedException e)
+					{
+						wasInterrupted = true;
+					}
+				}
+
+				int avail = write_pos - read_pos;
+
+				avail = (avail > len) ? len : avail;
+
+				System.arraycopy(buffer, read_pos, b, off, avail);
+
+				read_pos += avail;
+
+				return avail;
+			}
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/Version.java b/src/main/java/ch/ethz/ssh2/Version.java
new file mode 100644
index 0000000..fe68376
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/Version.java
@@ -0,0 +1,30 @@
+package ch.ethz.ssh2;
+
+/**
+ * Provides version information from the manifest.
+ *
+ * @version $Id: Version.java 20 2011-05-28 12:32:00Z dkocher@sudo.ch $
+ */
+public class Version
+{
+	public static String getSpecification()
+	{
+		Package pkg = Version.class.getPackage();
+		return (pkg == null) ? null : pkg.getSpecificationVersion();
+	}
+
+	public static String getImplementation()
+	{
+		Package pkg = Version.class.getPackage();
+		return (pkg == null) ? null : pkg.getImplementationVersion();
+	}
+
+	/**
+	 * A simple main method that prints the version and exits
+	 */
+	public static void main(String[] args)
+	{
+		System.out.println("Version: " + getSpecification());
+		System.out.println("Implementation: " + getImplementation());
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/auth/AuthenticationManager.java b/src/main/java/ch/ethz/ssh2/auth/AuthenticationManager.java
new file mode 100644
index 0000000..d559aaa
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/auth/AuthenticationManager.java
@@ -0,0 +1,438 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.auth;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.List;
+import java.util.Vector;
+
+import ch.ethz.ssh2.InteractiveCallback;
+import ch.ethz.ssh2.crypto.PEMDecoder;
+import ch.ethz.ssh2.packets.PacketServiceAccept;
+import ch.ethz.ssh2.packets.PacketServiceRequest;
+import ch.ethz.ssh2.packets.PacketUserauthBanner;
+import ch.ethz.ssh2.packets.PacketUserauthFailure;
+import ch.ethz.ssh2.packets.PacketUserauthInfoRequest;
+import ch.ethz.ssh2.packets.PacketUserauthInfoResponse;
+import ch.ethz.ssh2.packets.PacketUserauthRequestInteractive;
+import ch.ethz.ssh2.packets.PacketUserauthRequestNone;
+import ch.ethz.ssh2.packets.PacketUserauthRequestPassword;
+import ch.ethz.ssh2.packets.PacketUserauthRequestPublicKey;
+import ch.ethz.ssh2.packets.Packets;
+import ch.ethz.ssh2.packets.TypesWriter;
+import ch.ethz.ssh2.signature.DSAPrivateKey;
+import ch.ethz.ssh2.signature.DSASHA1Verify;
+import ch.ethz.ssh2.signature.DSASignature;
+import ch.ethz.ssh2.signature.RSAPrivateKey;
+import ch.ethz.ssh2.signature.RSASHA1Verify;
+import ch.ethz.ssh2.signature.RSASignature;
+import ch.ethz.ssh2.transport.MessageHandler;
+import ch.ethz.ssh2.transport.TransportManager;
+
+/**
+ * AuthenticationManager.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class AuthenticationManager implements MessageHandler
+{
+	private TransportManager tm;
+
+	private final List<byte[]> packets = new Vector<byte[]>();
+	private boolean connectionClosed = false;
+
+	private String banner;
+
+	private String[] remainingMethods = new String[0];
+	private boolean isPartialSuccess = false;
+
+	private boolean authenticated = false;
+	private boolean initDone = false;
+
+	public AuthenticationManager(TransportManager tm)
+	{
+		this.tm = tm;
+	}
+
+	boolean methodPossible(String methName)
+	{
+		if (remainingMethods == null)
+			return false;
+
+		for (int i = 0; i < remainingMethods.length; i++)
+		{
+			if (remainingMethods[i].compareTo(methName) == 0)
+				return true;
+		}
+		return false;
+	}
+
+	byte[] deQueue() throws IOException
+	{
+		boolean wasInterrupted = false;
+
+		try
+		{
+			synchronized (packets)
+			{
+				while (packets.size() == 0)
+				{
+					if (connectionClosed)
+						throw (IOException) new IOException("The connection is closed.").initCause(tm
+								.getReasonClosedCause());
+
+					try
+					{
+						packets.wait();
+					}
+					catch (InterruptedException ign)
+					{
+						wasInterrupted = true;
+					}
+				}
+				byte[] res = packets.get(0);
+				packets.remove(0);
+				return res;
+			}
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+	}
+
+	byte[] getNextMessage() throws IOException
+	{
+		while (true)
+		{
+			byte[] msg = deQueue();
+
+			if (msg[0] != Packets.SSH_MSG_USERAUTH_BANNER)
+				return msg;
+
+			PacketUserauthBanner sb = new PacketUserauthBanner(msg, 0, msg.length);
+
+			banner = sb.getBanner();
+		}
+	}
+
+	public String[] getRemainingMethods(String user) throws IOException
+	{
+		initialize(user);
+		return remainingMethods;
+	}
+
+	public String getBanner()
+	{
+		return banner;
+		
+	}
+	public boolean getPartialSuccess()
+	{
+		return isPartialSuccess;
+	}
+
+	private boolean initialize(String user) throws IOException
+	{
+		if (initDone == false)
+		{
+			tm.registerMessageHandler(this, 0, 255);
+
+			PacketServiceRequest sr = new PacketServiceRequest("ssh-userauth");
+			tm.sendMessage(sr.getPayload());
+
+			byte[] msg = getNextMessage();
+			new PacketServiceAccept(msg, 0, msg.length);
+
+			PacketUserauthRequestNone urn = new PacketUserauthRequestNone("ssh-connection", user);
+			tm.sendMessage(urn.getPayload());
+
+			msg = getNextMessage();
+
+			initDone = true;
+
+			if (msg[0] == Packets.SSH_MSG_USERAUTH_SUCCESS)
+			{
+				authenticated = true;
+				tm.removeMessageHandler(this, 0, 255);
+				return true;
+			}
+
+			if (msg[0] == Packets.SSH_MSG_USERAUTH_FAILURE)
+			{
+				PacketUserauthFailure puf = new PacketUserauthFailure(msg, 0, msg.length);
+
+				remainingMethods = puf.getAuthThatCanContinue();
+				isPartialSuccess = puf.isPartialSuccess();
+				return false;
+			}
+
+			throw new IOException("Unexpected SSH message (type " + msg[0] + ")");
+		}
+		return authenticated;
+	}
+
+	public boolean authenticatePublicKey(String user, char[] PEMPrivateKey, String password, SecureRandom rnd)
+			throws IOException
+	{
+		try
+		{
+			initialize(user);
+
+			if (methodPossible("publickey") == false)
+				throw new IOException("Authentication method publickey not supported by the server at this stage.");
+
+			Object key = PEMDecoder.decode(PEMPrivateKey, password);
+
+			if (key instanceof DSAPrivateKey)
+			{
+				DSAPrivateKey pk = (DSAPrivateKey) key;
+
+				byte[] pk_enc = DSASHA1Verify.encodeSSHDSAPublicKey(pk.getPublicKey());
+
+				TypesWriter tw = new TypesWriter();
+
+				byte[] H = tm.getSessionIdentifier();
+
+				tw.writeString(H, 0, H.length);
+				tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST);
+				tw.writeString(user);
+				tw.writeString("ssh-connection");
+				tw.writeString("publickey");
+				tw.writeBoolean(true);
+				tw.writeString("ssh-dss");
+				tw.writeString(pk_enc, 0, pk_enc.length);
+
+				byte[] msg = tw.getBytes();
+
+				DSASignature ds = DSASHA1Verify.generateSignature(msg, pk, rnd);
+
+				byte[] ds_enc = DSASHA1Verify.encodeSSHDSASignature(ds);
+
+				PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user,
+						"ssh-dss", pk_enc, ds_enc);
+				tm.sendMessage(ua.getPayload());
+			}
+			else if (key instanceof RSAPrivateKey)
+			{
+				RSAPrivateKey pk = (RSAPrivateKey) key;
+
+				byte[] pk_enc = RSASHA1Verify.encodeSSHRSAPublicKey(pk.getPublicKey());
+
+				TypesWriter tw = new TypesWriter();
+				{
+					byte[] H = tm.getSessionIdentifier();
+
+					tw.writeString(H, 0, H.length);
+					tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST);
+					tw.writeString(user);
+					tw.writeString("ssh-connection");
+					tw.writeString("publickey");
+					tw.writeBoolean(true);
+					tw.writeString("ssh-rsa");
+					tw.writeString(pk_enc, 0, pk_enc.length);
+				}
+
+				byte[] msg = tw.getBytes();
+
+				RSASignature ds = RSASHA1Verify.generateSignature(msg, pk);
+
+				byte[] rsa_sig_enc = RSASHA1Verify.encodeSSHRSASignature(ds);
+
+				PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user,
+						"ssh-rsa", pk_enc, rsa_sig_enc);
+				tm.sendMessage(ua.getPayload());
+			}
+			else
+			{
+				throw new IOException("Unknown private key type returned by the PEM decoder.");
+			}
+
+			byte[] ar = getNextMessage();
+
+			if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS)
+			{
+				authenticated = true;
+				tm.removeMessageHandler(this, 0, 255);
+				return true;
+			}
+
+			if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE)
+			{
+				PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length);
+
+				remainingMethods = puf.getAuthThatCanContinue();
+				isPartialSuccess = puf.isPartialSuccess();
+
+				return false;
+			}
+
+			throw new IOException("Unexpected SSH message (type " + ar[0] + ")");
+
+		}
+		catch (IOException e)
+		{
+			tm.close(e, false);
+			throw (IOException) new IOException("Publickey authentication failed.").initCause(e);
+		}
+	}
+
+	public boolean authenticateNone(String user) throws IOException
+	{
+		try
+		{
+			initialize(user);
+			return authenticated;
+		}
+		catch (IOException e)
+		{
+			tm.close(e, false);
+			throw (IOException) new IOException("None authentication failed.").initCause(e);
+		}
+	}
+
+	public boolean authenticatePassword(String user, String pass) throws IOException
+	{
+		try
+		{
+			initialize(user);
+
+			if (methodPossible("password") == false)
+				throw new IOException("Authentication method password not supported by the server at this stage.");
+
+			PacketUserauthRequestPassword ua = new PacketUserauthRequestPassword("ssh-connection", user, pass);
+			tm.sendMessage(ua.getPayload());
+
+			byte[] ar = getNextMessage();
+
+			if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS)
+			{
+				authenticated = true;
+				tm.removeMessageHandler(this, 0, 255);
+				return true;
+			}
+
+			if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE)
+			{
+				PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length);
+
+				remainingMethods = puf.getAuthThatCanContinue();
+				isPartialSuccess = puf.isPartialSuccess();
+
+				return false;
+			}
+
+			throw new IOException("Unexpected SSH message (type " + ar[0] + ")");
+
+		}
+		catch (IOException e)
+		{
+			tm.close(e, false);
+			throw (IOException) new IOException("Password authentication failed.").initCause(e);
+		}
+	}
+
+	public boolean authenticateInteractive(String user, String[] submethods, InteractiveCallback cb) throws IOException
+	{
+		try
+		{
+			initialize(user);
+
+			if (methodPossible("keyboard-interactive") == false)
+				throw new IOException(
+						"Authentication method keyboard-interactive not supported by the server at this stage.");
+
+			if (submethods == null)
+				submethods = new String[0];
+
+			PacketUserauthRequestInteractive ua = new PacketUserauthRequestInteractive("ssh-connection", user,
+					submethods);
+
+			tm.sendMessage(ua.getPayload());
+
+			while (true)
+			{
+				byte[] ar = getNextMessage();
+
+				if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS)
+				{
+					authenticated = true;
+					tm.removeMessageHandler(this, 0, 255);
+					return true;
+				}
+
+				if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE)
+				{
+					PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length);
+
+					remainingMethods = puf.getAuthThatCanContinue();
+					isPartialSuccess = puf.isPartialSuccess();
+
+					return false;
+				}
+
+				if (ar[0] == Packets.SSH_MSG_USERAUTH_INFO_REQUEST)
+				{
+					PacketUserauthInfoRequest pui = new PacketUserauthInfoRequest(ar, 0, ar.length);
+
+					String[] responses;
+
+					try
+					{
+						responses = cb.replyToChallenge(pui.getName(), pui.getInstruction(), pui.getNumPrompts(), pui
+								.getPrompt(), pui.getEcho());
+					}
+					catch (Exception e)
+					{
+						throw (IOException) new IOException("Exception in callback.").initCause(e);
+					}
+
+					if (responses == null)
+						throw new IOException("Your callback may not return NULL!");
+
+					PacketUserauthInfoResponse puir = new PacketUserauthInfoResponse(responses);
+					tm.sendMessage(puir.getPayload());
+
+					continue;
+				}
+
+				throw new IOException("Unexpected SSH message (type " + ar[0] + ")");
+			}
+		}
+		catch (IOException e)
+		{
+			tm.close(e, false);
+			throw (IOException) new IOException("Keyboard-interactive authentication failed.").initCause(e);
+		}
+	}
+
+	public void handleMessage(byte[] msg, int msglen) throws IOException
+	{
+		synchronized (packets)
+		{
+			if (msg == null)
+			{
+				connectionClosed = true;
+			}
+			else
+			{
+				byte[] tmp = new byte[msglen];
+				System.arraycopy(msg, 0, tmp, 0, msglen);
+				packets.add(tmp);
+			}
+
+			packets.notifyAll();
+
+			if (packets.size() > 5)
+			{
+				connectionClosed = true;
+				throw new IOException("Error, peer is flooding us with authentication packets.");
+			}
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/Channel.java b/src/main/java/ch/ethz/ssh2/channel/Channel.java
new file mode 100644
index 0000000..502e757
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/Channel.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+/**
+ * Channel.
+ *
+ * @author Christian Plattner
+ * @version $Id: Channel.java 14 2011-05-27 14:28:21Z dkocher@sudo.ch $
+ */
+public class Channel
+{
+	/*
+		  * OK. Here is an important part of the JVM Specification:
+		  * (http://java.sun.com/docs/books/vmspec/2nd-edition/html/Threads.doc.html#22214)
+		  *
+		  * Any association between locks and variables is purely conventional.
+		  * Locking any lock conceptually flushes all variables from a thread's
+		  * working memory, and unlocking any lock forces the writing out to main
+		  * memory of all variables that the thread has assigned. That a lock may be
+		  * associated with a particular object or a class is purely a convention.
+		  * (...)
+		  *
+		  * If a thread uses a particular shared variable only after locking a
+		  * particular lock and before the corresponding unlocking of that same lock,
+		  * then the thread will read the shared value of that variable from main
+		  * memory after the lock operation, if necessary, and will copy back to main
+		  * memory the value most recently assigned to that variable before the
+		  * unlock operation.
+		  *
+		  * This, in conjunction with the mutual exclusion rules for locks, suffices
+		  * to guarantee that values are correctly transmitted from one thread to
+		  * another through shared variables.
+		  *
+		  * ====> Always keep that in mind when modifying the Channel/ChannelManger
+		  * code.
+		  *
+		  */
+
+	public static final int STATE_OPENING = 1;
+	public static final int STATE_OPEN = 2;
+	public static final int STATE_CLOSED = 4;
+
+	static final int CHANNEL_BUFFER_SIZE = 32 * 1024 * 3 * 2;
+
+	/*
+		  * To achieve correctness, the following rules have to be respected when
+		  * accessing this object:
+		  */
+
+	// These fields can always be read
+	final ChannelManager cm;
+	final ChannelOutputStream stdinStream;
+	final ChannelInputStream stdoutStream;
+	final ChannelInputStream stderrStream;
+
+	// These two fields will only be written while the Channel is in state
+	// STATE_OPENING.
+	// The code makes sure that the two fields are written out when the state is
+	// changing to STATE_OPEN.
+	// Therefore, if you know that the Channel is in state STATE_OPEN, then you
+	// can read these two fields without synchronizing on the Channel. However, make
+	// sure that you get the latest values (e.g., flush caches by synchronizing on any
+	// object). However, to be on the safe side, you can lock the channel.
+
+	int localID = -1;
+	int remoteID = -1;
+
+	/*
+		  * Make sure that we never send a data/EOF/WindowChange msg after a CLOSE
+		  * msg.
+		  *
+		  * This is a little bit complicated, but we have to do it in that way, since
+		  * we cannot keep a lock on the Channel during the send operation (this
+		  * would block sometimes the receiver thread, and, in extreme cases, can
+		  * lead to a deadlock on both sides of the connection (senders are blocked
+		  * since the receive buffers on the other side are full, and receiver
+		  * threads wait for the senders to finish). It all depends on the
+		  * implementation on the other side. But we cannot make any assumptions, we
+		  * have to assume the worst case. Confused? Just believe me.
+		  */
+
+	/*
+		  * If you send a message on a channel, then you have to aquire the
+		  * "channelSendLock" and check the "closeMessageSent" flag (this variable
+		  * may only be accessed while holding the "channelSendLock" !!!
+		  *
+		  * BTW: NEVER EVER SEND MESSAGES FROM THE RECEIVE THREAD - see explanation
+		  * above.
+		  */
+
+	final Object channelSendLock = new Object();
+	boolean closeMessageSent = false;
+
+	/*
+		  * Stop memory fragmentation by allocating this often used buffer.
+		  * May only be used while holding the channelSendLock
+		  */
+
+	final byte[] msgWindowAdjust = new byte[9];
+
+	// If you access (read or write) any of the following fields, then you have
+	// to synchronize on the channel.
+
+	int state = STATE_OPENING;
+
+	boolean closeMessageRecv = false;
+
+	/* This is a stupid implementation. At the moment we can only wait
+		  * for one pending request per channel.
+		  */
+	int successCounter = 0;
+	int failedCounter = 0;
+
+	int localWindow = 0; /* locally, we use a small window, < 2^31 */
+	long remoteWindow = 0; /* long for readable  2^32 - 1 window support */
+
+	int localMaxPacketSize = -1;
+	int remoteMaxPacketSize = -1;
+
+	final byte[] stdoutBuffer = new byte[CHANNEL_BUFFER_SIZE];
+	final byte[] stderrBuffer = new byte[CHANNEL_BUFFER_SIZE];
+
+	int stdoutReadpos = 0;
+	int stdoutWritepos = 0;
+	int stderrReadpos = 0;
+	int stderrWritepos = 0;
+
+	boolean EOF = false;
+
+	Integer exit_status;
+
+	String exit_signal;
+
+	// we keep the x11 cookie so that this channel can be closed when this
+	// specific x11 forwarding gets stopped
+
+	String hexX11FakeCookie;
+
+	// reasonClosed is special, since we sometimes need to access it
+	// while holding the channelSendLock.
+	// We protect it with a private short term lock.
+
+	private final Object reasonClosedLock = new Object();
+	private String reasonClosed = null;
+
+	public Channel(ChannelManager cm)
+	{
+		this.cm = cm;
+
+		this.localWindow = CHANNEL_BUFFER_SIZE;
+		this.localMaxPacketSize = 32 * 1024;
+
+		this.stdinStream = new ChannelOutputStream(this);
+		this.stdoutStream = new ChannelInputStream(this, false);
+		this.stderrStream = new ChannelInputStream(this, true);
+	}
+
+	/* Methods to allow access from classes outside of this package */
+
+	public ChannelInputStream getStderrStream()
+	{
+		return stderrStream;
+	}
+
+	public ChannelOutputStream getStdinStream()
+	{
+		return stdinStream;
+	}
+
+	public ChannelInputStream getStdoutStream()
+	{
+		return stdoutStream;
+	}
+
+	public String getExitSignal()
+	{
+		synchronized (this)
+		{
+			return exit_signal;
+		}
+	}
+
+	public Integer getExitStatus()
+	{
+		synchronized (this)
+		{
+			return exit_status;
+		}
+	}
+
+	public String getReasonClosed()
+	{
+		synchronized (reasonClosedLock)
+		{
+			return reasonClosed;
+		}
+	}
+
+	public void setReasonClosed(String reasonClosed)
+	{
+		synchronized (reasonClosedLock)
+		{
+			if (this.reasonClosed == null)
+			{
+				this.reasonClosed = reasonClosed;
+			}
+		}
+	}
+
+	public int getState()
+	{
+		return this.state;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/ChannelClosedException.java b/src/main/java/ch/ethz/ssh2/channel/ChannelClosedException.java
new file mode 100644
index 0000000..390a57f
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/ChannelClosedException.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2011 David Kocher. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+
+package ch.ethz.ssh2.channel;
+
+import java.io.IOException;
+
+/**
+ * @version $Id: ChannelClosedException.java 3183 2007-07-30 19:22:34Z dkocher $
+ */
+public class ChannelClosedException extends IOException
+{
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	public ChannelClosedException(String s)
+	{
+		super(s);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/ChannelInputStream.java b/src/main/java/ch/ethz/ssh2/channel/ChannelInputStream.java
new file mode 100644
index 0000000..7d0ecd9
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/ChannelInputStream.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * ChannelInputStream.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public final class ChannelInputStream extends InputStream
+{
+	Channel c;
+
+	boolean isClosed = false;
+	boolean isEOF = false;
+	boolean extendedFlag = false;
+
+	ChannelInputStream(Channel c, boolean isExtended)
+	{
+		this.c = c;
+		this.extendedFlag = isExtended;
+	}
+
+	@Override
+	public int available() throws IOException
+	{
+		if (isEOF)
+			return 0;
+
+		int avail = c.cm.getAvailable(c, extendedFlag);
+
+		/* We must not return -1 on EOF */
+
+		return (avail > 0) ? avail : 0;
+	}
+
+	@Override
+	public void close() throws IOException
+	{
+		isClosed = true;
+	}
+
+	@Override
+	public int read(byte[] b, int off, int len) throws IOException
+	{
+		if (b == null)
+			throw new NullPointerException();
+
+		if ((off < 0) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0) || (off > b.length))
+			throw new IndexOutOfBoundsException();
+
+		if (len == 0)
+			return 0;
+
+		if (isEOF)
+			return -1;
+
+		int ret = c.cm.getChannelData(c, extendedFlag, b, off, len);
+
+		if (ret == -1)
+		{
+			isEOF = true;
+		}
+
+		return ret;
+	}
+
+	@Override
+	public int read(byte[] b) throws IOException
+	{
+		return read(b, 0, b.length);
+	}
+
+	@Override
+	public int read() throws IOException
+	{
+		/* Yes, this stream is pure and unbuffered, a single byte read() is slow */
+
+		final byte b[] = new byte[1];
+
+		int ret = read(b, 0, 1);
+
+		if (ret != 1)
+			return -1;
+
+		return b[0] & 0xff;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/ChannelManager.java b/src/main/java/ch/ethz/ssh2/channel/ChannelManager.java
new file mode 100644
index 0000000..9fc4738
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/ChannelManager.java
@@ -0,0 +1,1660 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+
+package ch.ethz.ssh2.channel;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Vector;
+
+import ch.ethz.ssh2.ChannelCondition;
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.packets.PacketChannelOpenConfirmation;
+import ch.ethz.ssh2.packets.PacketChannelOpenFailure;
+import ch.ethz.ssh2.packets.PacketGlobalCancelForwardRequest;
+import ch.ethz.ssh2.packets.PacketGlobalForwardRequest;
+import ch.ethz.ssh2.packets.PacketOpenDirectTCPIPChannel;
+import ch.ethz.ssh2.packets.PacketOpenSessionChannel;
+import ch.ethz.ssh2.packets.PacketSessionExecCommand;
+import ch.ethz.ssh2.packets.PacketSessionPtyRequest;
+import ch.ethz.ssh2.packets.PacketSessionStartShell;
+import ch.ethz.ssh2.packets.PacketSessionSubsystemRequest;
+import ch.ethz.ssh2.packets.PacketSessionX11Request;
+import ch.ethz.ssh2.packets.Packets;
+import ch.ethz.ssh2.packets.TypesReader;
+import ch.ethz.ssh2.transport.MessageHandler;
+import ch.ethz.ssh2.transport.TransportManager;
+
+/**
+ * ChannelManager. Please read the comments in Channel.java.
+ * <p/>
+ * Besides the crypto part, this is the core of the library.
+ *
+ * @author Christian Plattner
+ * @version $Id: ChannelManager.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class ChannelManager implements MessageHandler
+{
+	private static final Logger log = Logger.getLogger(ChannelManager.class);
+
+	private final HashMap<String, X11ServerData> x11_magic_cookies = new HashMap<String, X11ServerData>();
+
+	private TransportManager tm;
+
+	private final List<Channel> channels = new Vector<Channel>();
+	private int nextLocalChannel = 100;
+	private boolean shutdown = false;
+	private int globalSuccessCounter = 0;
+	private int globalFailedCounter = 0;
+
+	private final HashMap<Integer, RemoteForwardingData> remoteForwardings = new HashMap<Integer, RemoteForwardingData>();
+
+	private final List<IChannelWorkerThread> listenerThreads = new Vector<IChannelWorkerThread>();
+
+	private boolean listenerThreadsAllowed = true;
+
+	public ChannelManager(TransportManager tm)
+	{
+		this.tm = tm;
+		tm.registerMessageHandler(this, 80, 100);
+	}
+
+	private Channel getChannel(int id)
+	{
+		synchronized (channels)
+		{
+			for (Channel c : channels)
+			{
+				if (c.localID == id)
+					return c;
+			}
+		}
+		return null;
+	}
+
+	private void removeChannel(int id)
+	{
+		synchronized (channels)
+		{
+			for (Channel c : channels)
+			{
+				if (c.localID == id)
+				{
+					channels.remove(c);
+					break;
+				}
+			}
+		}
+	}
+
+	private int addChannel(Channel c)
+	{
+		synchronized (channels)
+		{
+			channels.add(c);
+			return nextLocalChannel++;
+		}
+	}
+
+	private void waitUntilChannelOpen(Channel c) throws IOException
+	{
+		boolean wasInterrupted = false;
+
+		synchronized (c)
+		{
+			while (c.state == Channel.STATE_OPENING)
+			{
+				try
+				{
+					c.wait();
+				}
+				catch (InterruptedException ignore)
+				{
+					wasInterrupted = true;
+				}
+			}
+
+			if (c.state != Channel.STATE_OPEN)
+			{
+				removeChannel(c.localID);
+
+				String detail = c.getReasonClosed();
+
+				if (detail == null)
+					detail = "state: " + c.state;
+
+				throw new IOException("Could not open channel (" + detail + ")");
+			}
+		}
+
+		if (wasInterrupted)
+			Thread.currentThread().interrupt();
+	}
+
+	private void waitForGlobalSuccessOrFailure() throws IOException
+	{
+		boolean wasInterrupted = false;
+
+		try
+		{
+			synchronized (channels)
+			{
+				while ((globalSuccessCounter == 0) && (globalFailedCounter == 0))
+				{
+					if (shutdown)
+					{
+						throw new IOException("The connection is being shutdown");
+					}
+
+					try
+					{
+						channels.wait();
+					}
+					catch (InterruptedException ignore)
+					{
+						wasInterrupted = true;
+					}
+				}
+
+				if (globalFailedCounter != 0)
+				{
+					throw new IOException("The server denied the request (did you enable port forwarding?)");
+				}
+
+				if (globalSuccessCounter == 0)
+				{
+					throw new IOException("Illegal state.");
+				}
+			}
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+	}
+
+	private void waitForChannelSuccessOrFailure(Channel c) throws IOException
+	{
+		boolean wasInterrupted = false;
+
+		try
+		{
+			synchronized (c)
+			{
+				while ((c.successCounter == 0) && (c.failedCounter == 0))
+				{
+					if (c.state != Channel.STATE_OPEN)
+					{
+						String detail = c.getReasonClosed();
+
+						if (detail == null)
+							detail = "state: " + c.state;
+
+						throw new IOException("This SSH2 channel is not open (" + detail + ")");
+					}
+
+					try
+					{
+						c.wait();
+					}
+					catch (InterruptedException ignore)
+					{
+						wasInterrupted = true;
+					}
+				}
+
+				if (c.failedCounter != 0)
+				{
+					throw new IOException("The server denied the request.");
+				}
+			}
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+	}
+
+	public void registerX11Cookie(String hexFakeCookie, X11ServerData data)
+	{
+		synchronized (x11_magic_cookies)
+		{
+			x11_magic_cookies.put(hexFakeCookie, data);
+		}
+	}
+
+	public void unRegisterX11Cookie(String hexFakeCookie, boolean killChannels)
+	{
+		if (hexFakeCookie == null)
+			throw new IllegalStateException("hexFakeCookie may not be null");
+
+		synchronized (x11_magic_cookies)
+		{
+			x11_magic_cookies.remove(hexFakeCookie);
+		}
+
+		if (killChannels == false)
+			return;
+
+		log.debug("Closing all X11 channels for the given fake cookie");
+
+		List<Channel> channel_copy = new Vector<Channel>();
+
+		synchronized (channels)
+		{
+			channel_copy.addAll(channels);
+		}
+
+		for (Channel c : channel_copy)
+		{
+			synchronized (c)
+			{
+				if (hexFakeCookie.equals(c.hexX11FakeCookie) == false)
+					continue;
+			}
+
+			try
+			{
+				closeChannel(c, "Closing X11 channel since the corresponding session is closing", true);
+			}
+			catch (IOException ignored)
+			{
+			}
+		}
+	}
+
+	public X11ServerData checkX11Cookie(String hexFakeCookie)
+	{
+		synchronized (x11_magic_cookies)
+		{
+			if (hexFakeCookie != null)
+				return x11_magic_cookies.get(hexFakeCookie);
+		}
+		return null;
+	}
+
+	public void closeAllChannels()
+	{
+
+		log.debug("Closing all channels");
+
+		List<Channel> channel_copy = new Vector<Channel>();
+
+		synchronized (channels)
+		{
+			channel_copy.addAll(channels);
+		}
+
+		for (Channel c : channel_copy)
+		{
+			try
+			{
+				closeChannel(c, "Closing all channels", true);
+			}
+			catch (IOException ignored)
+			{
+			}
+		}
+	}
+
+	public void closeChannel(Channel c, String reason, boolean force) throws IOException
+	{
+		byte msg[] = new byte[5];
+
+		synchronized (c)
+		{
+			if (force)
+			{
+				c.state = Channel.STATE_CLOSED;
+				c.EOF = true;
+			}
+
+			c.setReasonClosed(reason);
+
+			msg[0] = Packets.SSH_MSG_CHANNEL_CLOSE;
+			msg[1] = (byte) (c.remoteID >> 24);
+			msg[2] = (byte) (c.remoteID >> 16);
+			msg[3] = (byte) (c.remoteID >> 8);
+			msg[4] = (byte) (c.remoteID);
+
+			c.notifyAll();
+		}
+
+		synchronized (c.channelSendLock)
+		{
+			if (c.closeMessageSent == true)
+				return;
+			tm.sendMessage(msg);
+			c.closeMessageSent = true;
+		}
+
+
+		log.debug("Sent SSH_MSG_CHANNEL_CLOSE (channel " + c.localID + ")");
+	}
+
+	public void sendEOF(Channel c) throws IOException
+	{
+		byte[] msg = new byte[5];
+
+		synchronized (c)
+		{
+			if (c.state != Channel.STATE_OPEN)
+				return;
+
+			msg[0] = Packets.SSH_MSG_CHANNEL_EOF;
+			msg[1] = (byte) (c.remoteID >> 24);
+			msg[2] = (byte) (c.remoteID >> 16);
+			msg[3] = (byte) (c.remoteID >> 8);
+			msg[4] = (byte) (c.remoteID);
+		}
+
+		synchronized (c.channelSendLock)
+		{
+			if (c.closeMessageSent == true)
+				return;
+			tm.sendMessage(msg);
+		}
+
+
+		log.debug("Sent EOF (Channel " + c.localID + "/" + c.remoteID + ")");
+	}
+
+	public void sendOpenConfirmation(Channel c) throws IOException
+	{
+		PacketChannelOpenConfirmation pcoc = null;
+
+		synchronized (c)
+		{
+			if (c.state != Channel.STATE_OPENING)
+				return;
+
+			c.state = Channel.STATE_OPEN;
+
+			pcoc = new PacketChannelOpenConfirmation(c.remoteID, c.localID, c.localWindow, c.localMaxPacketSize);
+		}
+
+		synchronized (c.channelSendLock)
+		{
+			if (c.closeMessageSent == true)
+				return;
+			tm.sendMessage(pcoc.getPayload());
+		}
+	}
+
+	public void sendData(Channel c, byte[] buffer, int pos, int len) throws IOException
+	{
+		boolean wasInterrupted = false;
+
+		try
+		{
+			while (len > 0)
+			{
+				int thislen = 0;
+				byte[] msg;
+
+				synchronized (c)
+				{
+					while (true)
+					{
+						if (c.state == Channel.STATE_CLOSED)
+							throw new ChannelClosedException("SSH channel is closed. (" + c.getReasonClosed() + ")");
+
+						if (c.state != Channel.STATE_OPEN)
+							throw new ChannelClosedException("SSH channel in strange state. (" + c.state + ")");
+
+						if (c.remoteWindow != 0)
+							break;
+
+						try
+						{
+							c.wait();
+						}
+						catch (InterruptedException ignore)
+						{
+							wasInterrupted = true;
+						}
+					}
+
+					/* len > 0, no sign extension can happen when comparing */
+
+					thislen = (c.remoteWindow >= len) ? len : (int) c.remoteWindow;
+
+					int estimatedMaxDataLen = c.remoteMaxPacketSize - (tm.getPacketOverheadEstimate() + 9);
+
+					/* The worst case scenario =) a true bottleneck */
+
+					if (estimatedMaxDataLen <= 0)
+					{
+						estimatedMaxDataLen = 1;
+					}
+
+					if (thislen > estimatedMaxDataLen)
+						thislen = estimatedMaxDataLen;
+
+					c.remoteWindow -= thislen;
+
+					msg = new byte[1 + 8 + thislen];
+
+					msg[0] = Packets.SSH_MSG_CHANNEL_DATA;
+					msg[1] = (byte) (c.remoteID >> 24);
+					msg[2] = (byte) (c.remoteID >> 16);
+					msg[3] = (byte) (c.remoteID >> 8);
+					msg[4] = (byte) (c.remoteID);
+					msg[5] = (byte) (thislen >> 24);
+					msg[6] = (byte) (thislen >> 16);
+					msg[7] = (byte) (thislen >> 8);
+					msg[8] = (byte) (thislen);
+
+					System.arraycopy(buffer, pos, msg, 9, thislen);
+				}
+
+				synchronized (c.channelSendLock)
+				{
+					if (c.closeMessageSent == true)
+						throw new ChannelClosedException("SSH channel is closed. (" + c.getReasonClosed() + ")");
+
+					tm.sendMessage(msg);
+				}
+
+				pos += thislen;
+				len -= thislen;
+			}
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+	}
+
+	public int requestGlobalForward(String bindAddress, int bindPort, String targetAddress, int targetPort)
+			throws IOException
+	{
+		RemoteForwardingData rfd = new RemoteForwardingData();
+
+		rfd.bindAddress = bindAddress;
+		rfd.bindPort = bindPort;
+		rfd.targetAddress = targetAddress;
+		rfd.targetPort = targetPort;
+
+		synchronized (remoteForwardings)
+		{
+			Integer key = new Integer(bindPort);
+
+			if (remoteForwardings.get(key) != null)
+			{
+				throw new IOException("There is already a forwarding for remote port " + bindPort);
+			}
+
+			remoteForwardings.put(key, rfd);
+		}
+
+		synchronized (channels)
+		{
+			globalSuccessCounter = globalFailedCounter = 0;
+		}
+
+		PacketGlobalForwardRequest pgf = new PacketGlobalForwardRequest(true, bindAddress, bindPort);
+		tm.sendMessage(pgf.getPayload());
+
+
+		log.debug("Requesting a remote forwarding ('" + bindAddress + "', " + bindPort + ")");
+
+		try
+		{
+			waitForGlobalSuccessOrFailure();
+		}
+		catch (IOException e)
+		{
+			synchronized (remoteForwardings)
+			{
+				remoteForwardings.remove(rfd);
+			}
+			throw e;
+		}
+
+		return bindPort;
+	}
+
+	public void requestCancelGlobalForward(int bindPort) throws IOException
+	{
+		RemoteForwardingData rfd = null;
+
+		synchronized (remoteForwardings)
+		{
+			rfd = remoteForwardings.get(new Integer(bindPort));
+
+			if (rfd == null)
+				throw new IOException("Sorry, there is no known remote forwarding for remote port " + bindPort);
+		}
+
+		synchronized (channels)
+		{
+			globalSuccessCounter = globalFailedCounter = 0;
+		}
+
+		PacketGlobalCancelForwardRequest pgcf = new PacketGlobalCancelForwardRequest(true, rfd.bindAddress,
+				rfd.bindPort);
+		tm.sendMessage(pgcf.getPayload());
+
+
+		log.debug("Requesting cancelation of remote forward ('" + rfd.bindAddress + "', " + rfd.bindPort + ")");
+
+		waitForGlobalSuccessOrFailure();
+
+		/* Only now we are sure that no more forwarded connections will arrive */
+
+		synchronized (remoteForwardings)
+		{
+			remoteForwardings.remove(rfd);
+		}
+	}
+
+	public void registerThread(IChannelWorkerThread thr) throws IOException
+	{
+		synchronized (listenerThreads)
+		{
+			if (listenerThreadsAllowed == false)
+				throw new IOException("Too late, this connection is closed.");
+			listenerThreads.add(thr);
+		}
+	}
+
+	public Channel openDirectTCPIPChannel(String host_to_connect, int port_to_connect, String originator_IP_address,
+										  int originator_port) throws IOException
+	{
+		Channel c = new Channel(this);
+
+		synchronized (c)
+		{
+			c.localID = addChannel(c);
+			// end of synchronized block forces writing out to main memory
+		}
+
+		PacketOpenDirectTCPIPChannel dtc = new PacketOpenDirectTCPIPChannel(c.localID, c.localWindow,
+				c.localMaxPacketSize, host_to_connect, port_to_connect, originator_IP_address, originator_port);
+
+		tm.sendMessage(dtc.getPayload());
+
+		waitUntilChannelOpen(c);
+
+		return c;
+	}
+
+	public Channel openSessionChannel() throws IOException
+	{
+		Channel c = new Channel(this);
+
+		synchronized (c)
+		{
+			c.localID = addChannel(c);
+			// end of synchronized block forces the writing out to main memory
+		}
+
+
+		log.debug("Sending SSH_MSG_CHANNEL_OPEN (Channel " + c.localID + ")");
+
+		PacketOpenSessionChannel smo = new PacketOpenSessionChannel(c.localID, c.localWindow, c.localMaxPacketSize);
+		tm.sendMessage(smo.getPayload());
+
+		waitUntilChannelOpen(c);
+
+		return c;
+	}
+
+	public void requestPTY(Channel c, String term, int term_width_characters, int term_height_characters,
+						   int term_width_pixels, int term_height_pixels, byte[] terminal_modes) throws IOException
+	{
+		PacketSessionPtyRequest spr;
+
+		synchronized (c)
+		{
+			if (c.state != Channel.STATE_OPEN)
+				throw new IOException("Cannot request PTY on this channel (" + c.getReasonClosed() + ")");
+
+			spr = new PacketSessionPtyRequest(c.remoteID, true, term, term_width_characters, term_height_characters,
+					term_width_pixels, term_height_pixels, terminal_modes);
+
+			c.successCounter = c.failedCounter = 0;
+		}
+
+		synchronized (c.channelSendLock)
+		{
+			if (c.closeMessageSent)
+				throw new IOException("Cannot request PTY on this channel (" + c.getReasonClosed() + ")");
+			tm.sendMessage(spr.getPayload());
+		}
+
+		try
+		{
+			waitForChannelSuccessOrFailure(c);
+		}
+		catch (IOException e)
+		{
+			throw (IOException) new IOException("PTY request failed").initCause(e);
+		}
+	}
+
+	public void requestX11(Channel c, boolean singleConnection, String x11AuthenticationProtocol,
+						   String x11AuthenticationCookie, int x11ScreenNumber) throws IOException
+	{
+		PacketSessionX11Request psr;
+
+		synchronized (c)
+		{
+			if (c.state != Channel.STATE_OPEN)
+				throw new IOException("Cannot request X11 on this channel (" + c.getReasonClosed() + ")");
+
+			psr = new PacketSessionX11Request(c.remoteID, true, singleConnection, x11AuthenticationProtocol,
+					x11AuthenticationCookie, x11ScreenNumber);
+
+			c.successCounter = c.failedCounter = 0;
+		}
+
+		synchronized (c.channelSendLock)
+		{
+			if (c.closeMessageSent)
+				throw new IOException("Cannot request X11 on this channel (" + c.getReasonClosed() + ")");
+			tm.sendMessage(psr.getPayload());
+		}
+
+
+		log.debug("Requesting X11 forwarding (Channel " + c.localID + "/" + c.remoteID + ")");
+
+		try
+		{
+			waitForChannelSuccessOrFailure(c);
+		}
+		catch (IOException e)
+		{
+			throw (IOException) new IOException("The X11 request failed.").initCause(e);
+		}
+	}
+
+	public void requestSubSystem(Channel c, String subSystemName) throws IOException
+	{
+		PacketSessionSubsystemRequest ssr;
+
+		synchronized (c)
+		{
+			if (c.state != Channel.STATE_OPEN)
+				throw new IOException("Cannot request subsystem on this channel (" + c.getReasonClosed() + ")");
+
+			ssr = new PacketSessionSubsystemRequest(c.remoteID, true, subSystemName);
+
+			c.successCounter = c.failedCounter = 0;
+		}
+
+		synchronized (c.channelSendLock)
+		{
+			if (c.closeMessageSent)
+				throw new IOException("Cannot request subsystem on this channel (" + c.getReasonClosed() + ")");
+			tm.sendMessage(ssr.getPayload());
+		}
+
+		try
+		{
+			waitForChannelSuccessOrFailure(c);
+		}
+		catch (IOException e)
+		{
+			throw (IOException) new IOException("The subsystem request failed.").initCause(e);
+		}
+	}
+
+	public void requestExecCommand(Channel c, String cmd) throws IOException
+	{
+		this.requestExecCommand(c, cmd, null);
+	}
+
+	/**
+	 * @param charsetName The charset used to convert between Java Unicode Strings and byte encodings
+	 */
+	public void requestExecCommand(Channel c, String cmd, String charsetName) throws IOException
+	{
+		PacketSessionExecCommand sm;
+
+		synchronized (c)
+		{
+			if (c.state != Channel.STATE_OPEN)
+				throw new IOException("Cannot execute command on this channel (" + c.getReasonClosed() + ")");
+
+			sm = new PacketSessionExecCommand(c.remoteID, true, cmd);
+
+			c.successCounter = c.failedCounter = 0;
+		}
+
+		synchronized (c.channelSendLock)
+		{
+			if (c.closeMessageSent)
+				throw new IOException("Cannot execute command on this channel (" + c.getReasonClosed() + ")");
+			tm.sendMessage(sm.getPayload(charsetName));
+		}
+
+
+		log.debug("Executing command (channel " + c.localID + ", '" + cmd + "')");
+
+		try
+		{
+			waitForChannelSuccessOrFailure(c);
+		}
+		catch (IOException e)
+		{
+			throw (IOException) new IOException("The execute request failed.").initCause(e);
+		}
+	}
+
+	public void requestShell(Channel c) throws IOException
+	{
+		PacketSessionStartShell sm;
+
+		synchronized (c)
+		{
+			if (c.state != Channel.STATE_OPEN)
+				throw new IOException("Cannot start shell on this channel (" + c.getReasonClosed() + ")");
+
+			sm = new PacketSessionStartShell(c.remoteID, true);
+
+			c.successCounter = c.failedCounter = 0;
+		}
+
+		synchronized (c.channelSendLock)
+		{
+			if (c.closeMessageSent)
+				throw new IOException("Cannot start shell on this channel (" + c.getReasonClosed() + ")");
+			tm.sendMessage(sm.getPayload());
+		}
+
+		try
+		{
+			waitForChannelSuccessOrFailure(c);
+		}
+		catch (IOException e)
+		{
+			throw (IOException) new IOException("The shell request failed.").initCause(e);
+		}
+	}
+
+	public void msgChannelExtendedData(byte[] msg, int msglen) throws IOException
+	{
+		if (msglen <= 13)
+			throw new IOException("SSH_MSG_CHANNEL_EXTENDED_DATA message has wrong size (" + msglen + ")");
+
+		int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff);
+		int dataType = ((msg[5] & 0xff) << 24) | ((msg[6] & 0xff) << 16) | ((msg[7] & 0xff) << 8) | (msg[8] & 0xff);
+		int len = ((msg[9] & 0xff) << 24) | ((msg[10] & 0xff) << 16) | ((msg[11] & 0xff) << 8) | (msg[12] & 0xff);
+
+		Channel c = getChannel(id);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_EXTENDED_DATA message for non-existent channel " + id);
+
+		if (dataType != Packets.SSH_EXTENDED_DATA_STDERR)
+			throw new IOException("SSH_MSG_CHANNEL_EXTENDED_DATA message has unknown type (" + dataType + ")");
+
+		if (len != (msglen - 13))
+			throw new IOException("SSH_MSG_CHANNEL_EXTENDED_DATA message has wrong len (calculated " + (msglen - 13)
+					+ ", got " + len + ")");
+
+
+		log.debug("Got SSH_MSG_CHANNEL_EXTENDED_DATA (channel " + id + ", " + len + ")");
+
+		synchronized (c)
+		{
+			if (c.state == Channel.STATE_CLOSED)
+				return; // ignore
+
+			if (c.state != Channel.STATE_OPEN)
+				throw new IOException("Got SSH_MSG_CHANNEL_EXTENDED_DATA, but channel is not in correct state ("
+						+ c.state + ")");
+
+			if (c.localWindow < len)
+				throw new IOException("Remote sent too much data, does not fit into window.");
+
+			c.localWindow -= len;
+
+			System.arraycopy(msg, 13, c.stderrBuffer, c.stderrWritepos, len);
+			c.stderrWritepos += len;
+
+			c.notifyAll();
+		}
+	}
+
+	/**
+	 * Wait until for a condition.
+	 *
+	 * @param c Channel
+	 * @param timeout in ms, 0 means no timeout.
+	 * @param condition_mask minimum event mask (at least one of the conditions must be fulfilled)
+	 * @return all current events
+	 */
+	public int waitForCondition(Channel c, long timeout, int condition_mask)
+	{
+		boolean wasInterrupted = false;
+
+		try
+		{
+			long end_time = 0;
+			boolean end_time_set = false;
+
+			synchronized (c)
+			{
+				while (true)
+				{
+					int current_cond = 0;
+
+					int stdoutAvail = c.stdoutWritepos - c.stdoutReadpos;
+					int stderrAvail = c.stderrWritepos - c.stderrReadpos;
+
+					if (stdoutAvail > 0)
+						current_cond = current_cond | ChannelCondition.STDOUT_DATA;
+
+					if (stderrAvail > 0)
+						current_cond = current_cond | ChannelCondition.STDERR_DATA;
+
+					if (c.EOF)
+						current_cond = current_cond | ChannelCondition.EOF;
+
+					if (c.getExitStatus() != null)
+						current_cond = current_cond | ChannelCondition.EXIT_STATUS;
+
+					if (c.getExitSignal() != null)
+						current_cond = current_cond | ChannelCondition.EXIT_SIGNAL;
+
+					if (c.state == Channel.STATE_CLOSED)
+						return current_cond | ChannelCondition.CLOSED | ChannelCondition.EOF;
+
+					if ((current_cond & condition_mask) != 0)
+						return current_cond;
+
+					if (timeout > 0)
+					{
+						if (!end_time_set)
+						{
+							end_time = System.currentTimeMillis() + timeout;
+							end_time_set = true;
+						}
+						else
+						{
+							timeout = end_time - System.currentTimeMillis();
+
+							if (timeout <= 0)
+								return current_cond | ChannelCondition.TIMEOUT;
+						}
+					}
+
+					try
+					{
+						if (timeout > 0)
+							c.wait(timeout);
+						else
+							c.wait();
+					}
+					catch (InterruptedException e)
+					{
+						wasInterrupted = true;
+					}
+				}
+			}
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+	}
+
+	public int getAvailable(Channel c, boolean extended) throws IOException
+	{
+		synchronized (c)
+		{
+			int avail;
+
+			if (extended)
+				avail = c.stderrWritepos - c.stderrReadpos;
+			else
+				avail = c.stdoutWritepos - c.stdoutReadpos;
+
+			return ((avail > 0) ? avail : (c.EOF ? -1 : 0));
+		}
+	}
+
+	public int getChannelData(Channel c, boolean extended, byte[] target, int off, int len) throws IOException
+	{
+		boolean wasInterrupted = false;
+
+		try
+		{
+			int copylen = 0;
+			int increment = 0;
+			int remoteID = 0;
+			int localID = 0;
+
+			synchronized (c)
+			{
+				int stdoutAvail = 0;
+				int stderrAvail = 0;
+
+				while (true)
+				{
+					/*
+					 * Data available? We have to return remaining data even if the
+					 * channel is already closed.
+					 */
+
+					stdoutAvail = c.stdoutWritepos - c.stdoutReadpos;
+					stderrAvail = c.stderrWritepos - c.stderrReadpos;
+
+					if ((!extended) && (stdoutAvail != 0))
+						break;
+
+					if ((extended) && (stderrAvail != 0))
+						break;
+
+					/* Do not wait if more data will never arrive (EOF or CLOSED) */
+
+					if ((c.EOF) || (c.state != Channel.STATE_OPEN))
+						return -1;
+
+					try
+					{
+						c.wait();
+					}
+					catch (InterruptedException ignore)
+					{
+						wasInterrupted = true;
+					}
+				}
+
+				/* OK, there is some data. Return it. */
+
+				if (!extended)
+				{
+					copylen = (stdoutAvail > len) ? len : stdoutAvail;
+					System.arraycopy(c.stdoutBuffer, c.stdoutReadpos, target, off, copylen);
+					c.stdoutReadpos += copylen;
+
+					if (c.stdoutReadpos != c.stdoutWritepos)
+
+						System.arraycopy(c.stdoutBuffer, c.stdoutReadpos, c.stdoutBuffer, 0, c.stdoutWritepos
+								- c.stdoutReadpos);
+
+					c.stdoutWritepos -= c.stdoutReadpos;
+					c.stdoutReadpos = 0;
+				}
+				else
+				{
+					copylen = (stderrAvail > len) ? len : stderrAvail;
+					System.arraycopy(c.stderrBuffer, c.stderrReadpos, target, off, copylen);
+					c.stderrReadpos += copylen;
+
+					if (c.stderrReadpos != c.stderrWritepos)
+
+						System.arraycopy(c.stderrBuffer, c.stderrReadpos, c.stderrBuffer, 0, c.stderrWritepos
+								- c.stderrReadpos);
+
+					c.stderrWritepos -= c.stderrReadpos;
+					c.stderrReadpos = 0;
+				}
+
+				if (c.state != Channel.STATE_OPEN)
+					return copylen;
+
+				if (c.localWindow < ((Channel.CHANNEL_BUFFER_SIZE + 1) / 2))
+				{
+					int minFreeSpace = Math.min(Channel.CHANNEL_BUFFER_SIZE - c.stdoutWritepos,
+							Channel.CHANNEL_BUFFER_SIZE - c.stderrWritepos);
+
+					increment = minFreeSpace - c.localWindow;
+					c.localWindow = minFreeSpace;
+				}
+
+				remoteID = c.remoteID; /* read while holding the lock */
+				localID = c.localID; /* read while holding the lock */
+			}
+
+			/*
+			 * If a consumer reads stdout and stdin in parallel, we may end up with
+			 * sending two msgWindowAdjust messages. Luckily, it
+			 * does not matter in which order they arrive at the server.
+			 */
+
+			if (increment > 0)
+			{
+
+				log.debug("Sending SSH_MSG_CHANNEL_WINDOW_ADJUST (channel " + localID + ", " + increment + ")");
+
+				synchronized (c.channelSendLock)
+				{
+					byte[] msg = c.msgWindowAdjust;
+
+					msg[0] = Packets.SSH_MSG_CHANNEL_WINDOW_ADJUST;
+					msg[1] = (byte) (remoteID >> 24);
+					msg[2] = (byte) (remoteID >> 16);
+					msg[3] = (byte) (remoteID >> 8);
+					msg[4] = (byte) (remoteID);
+					msg[5] = (byte) (increment >> 24);
+					msg[6] = (byte) (increment >> 16);
+					msg[7] = (byte) (increment >> 8);
+					msg[8] = (byte) (increment);
+
+					if (c.closeMessageSent == false)
+						tm.sendMessage(msg);
+				}
+			}
+
+			return copylen;
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+
+	}
+
+	public void msgChannelData(byte[] msg, int msglen) throws IOException
+	{
+		if (msglen <= 9)
+			throw new IOException("SSH_MSG_CHANNEL_DATA message has wrong size (" + msglen + ")");
+
+		int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff);
+		int len = ((msg[5] & 0xff) << 24) | ((msg[6] & 0xff) << 16) | ((msg[7] & 0xff) << 8) | (msg[8] & 0xff);
+
+		Channel c = getChannel(id);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_DATA message for non-existent channel " + id);
+
+		if (len != (msglen - 9))
+			throw new IOException("SSH_MSG_CHANNEL_DATA message has wrong len (calculated " + (msglen - 9) + ", got "
+					+ len + ")");
+
+
+		log.debug("Got SSH_MSG_CHANNEL_DATA (channel " + id + ", " + len + ")");
+
+		synchronized (c)
+		{
+			if (c.state == Channel.STATE_CLOSED)
+				return; // ignore
+
+			if (c.state != Channel.STATE_OPEN)
+				throw new IOException("Got SSH_MSG_CHANNEL_DATA, but channel is not in correct state (" + c.state + ")");
+
+			if (c.localWindow < len)
+				throw new IOException("Remote sent too much data, does not fit into window.");
+
+			c.localWindow -= len;
+
+			System.arraycopy(msg, 9, c.stdoutBuffer, c.stdoutWritepos, len);
+			c.stdoutWritepos += len;
+
+			c.notifyAll();
+		}
+	}
+
+	public void msgChannelWindowAdjust(byte[] msg, int msglen) throws IOException
+	{
+		if (msglen != 9)
+			throw new IOException("SSH_MSG_CHANNEL_WINDOW_ADJUST message has wrong size (" + msglen + ")");
+
+		int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff);
+		int windowChange = ((msg[5] & 0xff) << 24) | ((msg[6] & 0xff) << 16) | ((msg[7] & 0xff) << 8) | (msg[8] & 0xff);
+
+		Channel c = getChannel(id);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_WINDOW_ADJUST message for non-existent channel " + id);
+
+		synchronized (c)
+		{
+			final long huge = 0xFFFFffffL; /* 2^32 - 1 */
+
+			c.remoteWindow += (windowChange & huge); /* avoid sign extension */
+
+			/* TODO - is this a good heuristic? */
+
+			if ((c.remoteWindow > huge))
+				c.remoteWindow = huge;
+
+			c.notifyAll();
+		}
+
+
+		log.debug("Got SSH_MSG_CHANNEL_WINDOW_ADJUST (channel " + id + ", " + windowChange + ")");
+	}
+
+	public void msgChannelOpen(byte[] msg, int msglen) throws IOException
+	{
+		TypesReader tr = new TypesReader(msg, 0, msglen);
+
+		tr.readByte(); // skip packet type
+		String channelType = tr.readString();
+		int remoteID = tr.readUINT32(); /* sender channel */
+		int remoteWindow = tr.readUINT32(); /* initial window size */
+		int remoteMaxPacketSize = tr.readUINT32(); /* maximum packet size */
+
+		if ("x11".equals(channelType))
+		{
+			synchronized (x11_magic_cookies)
+			{
+				/* If we did not request X11 forwarding, then simply ignore this bogus request. */
+
+				if (x11_magic_cookies.size() == 0)
+				{
+					PacketChannelOpenFailure pcof = new PacketChannelOpenFailure(remoteID,
+							Packets.SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, "X11 forwarding not activated", "");
+
+					tm.sendAsynchronousMessage(pcof.getPayload());
+
+
+					log.warning("Unexpected X11 request, denying it!");
+
+					return;
+				}
+			}
+
+			String remoteOriginatorAddress = tr.readString();
+			int remoteOriginatorPort = tr.readUINT32();
+
+			Channel c = new Channel(this);
+
+			synchronized (c)
+			{
+				c.remoteID = remoteID;
+				c.remoteWindow = remoteWindow & 0xFFFFffffL; /* properly convert UINT32 to long */
+				c.remoteMaxPacketSize = remoteMaxPacketSize;
+				c.localID = addChannel(c);
+			}
+
+			/*
+			 * The open confirmation message will be sent from another thread
+			 */
+
+			RemoteX11AcceptThread rxat = new RemoteX11AcceptThread(c, remoteOriginatorAddress, remoteOriginatorPort);
+			rxat.setDaemon(true);
+			rxat.start();
+
+			return;
+		}
+
+		if ("forwarded-tcpip".equals(channelType))
+		{
+			String remoteConnectedAddress = tr.readString(); /* address that was connected */
+			int remoteConnectedPort = tr.readUINT32(); /* port that was connected */
+			String remoteOriginatorAddress = tr.readString(); /* originator IP address */
+			int remoteOriginatorPort = tr.readUINT32(); /* originator port */
+
+			RemoteForwardingData rfd = null;
+
+			synchronized (remoteForwardings)
+			{
+				rfd = remoteForwardings.get(new Integer(remoteConnectedPort));
+			}
+
+			if (rfd == null)
+			{
+				PacketChannelOpenFailure pcof = new PacketChannelOpenFailure(remoteID,
+						Packets.SSH_OPEN_ADMINISTRATIVELY_PROHIBITED,
+						"No thanks, unknown port in forwarded-tcpip request", "");
+
+				/* Always try to be polite. */
+
+				tm.sendAsynchronousMessage(pcof.getPayload());
+
+
+				log.debug("Unexpected forwarded-tcpip request, denying it!");
+
+				return;
+			}
+
+			Channel c = new Channel(this);
+
+			synchronized (c)
+			{
+				c.remoteID = remoteID;
+				c.remoteWindow = remoteWindow & 0xFFFFffffL; /* convert UINT32 to long */
+				c.remoteMaxPacketSize = remoteMaxPacketSize;
+				c.localID = addChannel(c);
+			}
+
+			/*
+			 * The open confirmation message will be sent from another thread.
+			 */
+
+			RemoteAcceptThread rat = new RemoteAcceptThread(c, remoteConnectedAddress, remoteConnectedPort,
+					remoteOriginatorAddress, remoteOriginatorPort, rfd.targetAddress, rfd.targetPort);
+
+			rat.setDaemon(true);
+			rat.start();
+
+			return;
+		}
+
+		/* Tell the server that we have no idea what it is talking about */
+
+		PacketChannelOpenFailure pcof = new PacketChannelOpenFailure(remoteID, Packets.SSH_OPEN_UNKNOWN_CHANNEL_TYPE,
+				"Unknown channel type", "");
+
+		tm.sendAsynchronousMessage(pcof.getPayload());
+
+
+		log.warning("The peer tried to open an unsupported channel type (" + channelType + ")");
+	}
+
+	public void msgChannelRequest(byte[] msg, int msglen) throws IOException
+	{
+		TypesReader tr = new TypesReader(msg, 0, msglen);
+
+		tr.readByte(); // skip packet type
+		int id = tr.readUINT32();
+
+		Channel c = getChannel(id);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_REQUEST message for non-existent channel " + id);
+
+		String type = tr.readString("US-ASCII");
+		boolean wantReply = tr.readBoolean();
+
+
+		log.debug("Got SSH_MSG_CHANNEL_REQUEST (channel " + id + ", '" + type + "')");
+
+		if (type.equals("exit-status"))
+		{
+			if (wantReply != false)
+				throw new IOException("Badly formatted SSH_MSG_CHANNEL_REQUEST message, 'want reply' is true");
+
+			int exit_status = tr.readUINT32();
+
+			if (tr.remain() != 0)
+				throw new IOException("Badly formatted SSH_MSG_CHANNEL_REQUEST message");
+
+			synchronized (c)
+			{
+				c.exit_status = new Integer(exit_status);
+				c.notifyAll();
+			}
+
+
+			log.debug("Got EXIT STATUS (channel " + id + ", status " + exit_status + ")");
+
+			return;
+		}
+
+		if (type.equals("exit-signal"))
+		{
+			if (wantReply != false)
+				throw new IOException("Badly formatted SSH_MSG_CHANNEL_REQUEST message, 'want reply' is true");
+
+			String signame = tr.readString("US-ASCII");
+			tr.readBoolean();
+			tr.readString();
+			tr.readString();
+
+			if (tr.remain() != 0)
+				throw new IOException("Badly formatted SSH_MSG_CHANNEL_REQUEST message");
+
+			synchronized (c)
+			{
+				c.exit_signal = signame;
+				c.notifyAll();
+			}
+
+
+			log.debug("Got EXIT SIGNAL (channel " + id + ", signal " + signame + ")");
+
+			return;
+		}
+
+		/* We simply ignore unknown channel requests, however, if the server wants a reply,
+		 * then we signal that we have no idea what it is about.
+		 */
+
+		if (wantReply)
+		{
+			byte[] reply = new byte[5];
+
+			reply[0] = Packets.SSH_MSG_CHANNEL_FAILURE;
+			reply[1] = (byte) (c.remoteID >> 24);
+			reply[2] = (byte) (c.remoteID >> 16);
+			reply[3] = (byte) (c.remoteID >> 8);
+			reply[4] = (byte) (c.remoteID);
+
+			tm.sendAsynchronousMessage(reply);
+		}
+
+
+		log.debug("Channel request '" + type + "' is not known, ignoring it");
+	}
+
+	public void msgChannelEOF(byte[] msg, int msglen) throws IOException
+	{
+		if (msglen != 5)
+			throw new IOException("SSH_MSG_CHANNEL_EOF message has wrong size (" + msglen + ")");
+
+		int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff);
+
+		Channel c = getChannel(id);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_EOF message for non-existent channel " + id);
+
+		synchronized (c)
+		{
+			c.EOF = true;
+			c.notifyAll();
+		}
+
+
+		log.debug("Got SSH_MSG_CHANNEL_EOF (channel " + id + ")");
+	}
+
+	public void msgChannelClose(byte[] msg, int msglen) throws IOException
+	{
+		if (msglen != 5)
+			throw new IOException("SSH_MSG_CHANNEL_CLOSE message has wrong size (" + msglen + ")");
+
+		int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff);
+
+		Channel c = getChannel(id);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_CLOSE message for non-existent channel " + id);
+
+		synchronized (c)
+		{
+			c.EOF = true;
+			c.state = Channel.STATE_CLOSED;
+			c.setReasonClosed("Close requested by remote");
+			c.closeMessageRecv = true;
+
+			removeChannel(c.localID);
+
+			c.notifyAll();
+		}
+
+
+		log.debug("Got SSH_MSG_CHANNEL_CLOSE (channel " + id + ")");
+	}
+
+	public void msgChannelSuccess(byte[] msg, int msglen) throws IOException
+	{
+		if (msglen != 5)
+			throw new IOException("SSH_MSG_CHANNEL_SUCCESS message has wrong size (" + msglen + ")");
+
+		int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff);
+
+		Channel c = getChannel(id);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_SUCCESS message for non-existent channel " + id);
+
+		synchronized (c)
+		{
+			c.successCounter++;
+			c.notifyAll();
+		}
+
+
+		log.debug("Got SSH_MSG_CHANNEL_SUCCESS (channel " + id + ")");
+	}
+
+	public void msgChannelFailure(byte[] msg, int msglen) throws IOException
+	{
+		if (msglen != 5)
+			throw new IOException("SSH_MSG_CHANNEL_FAILURE message has wrong size (" + msglen + ")");
+
+		int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff);
+
+		Channel c = getChannel(id);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_FAILURE message for non-existent channel " + id);
+
+		synchronized (c)
+		{
+			c.failedCounter++;
+			c.notifyAll();
+		}
+
+
+		log.debug("Got SSH_MSG_CHANNEL_FAILURE (channel " + id + ")");
+	}
+
+	public void msgChannelOpenConfirmation(byte[] msg, int msglen) throws IOException
+	{
+		PacketChannelOpenConfirmation sm = new PacketChannelOpenConfirmation(msg, 0, msglen);
+
+		Channel c = getChannel(sm.recipientChannelID);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_OPEN_CONFIRMATION message for non-existent channel "
+					+ sm.recipientChannelID);
+
+		synchronized (c)
+		{
+			if (c.state != Channel.STATE_OPENING)
+				throw new IOException("Unexpected SSH_MSG_CHANNEL_OPEN_CONFIRMATION message for channel "
+						+ sm.recipientChannelID);
+
+			c.remoteID = sm.senderChannelID;
+			c.remoteWindow = sm.initialWindowSize & 0xFFFFffffL; /* convert UINT32 to long */
+			c.remoteMaxPacketSize = sm.maxPacketSize;
+			c.state = Channel.STATE_OPEN;
+			c.notifyAll();
+		}
+
+
+		log.debug("Got SSH_MSG_CHANNEL_OPEN_CONFIRMATION (channel " + sm.recipientChannelID + " / remote: "
+				+ sm.senderChannelID + ")");
+	}
+
+	public void msgChannelOpenFailure(byte[] msg, int msglen) throws IOException
+	{
+		if (msglen < 5)
+			throw new IOException("SSH_MSG_CHANNEL_OPEN_FAILURE message has wrong size (" + msglen + ")");
+
+		TypesReader tr = new TypesReader(msg, 0, msglen);
+
+		tr.readByte(); // skip packet type
+		int id = tr.readUINT32(); /* sender channel */
+
+		Channel c = getChannel(id);
+
+		if (c == null)
+			throw new IOException("Unexpected SSH_MSG_CHANNEL_OPEN_FAILURE message for non-existent channel " + id);
+
+		int reasonCode = tr.readUINT32();
+		String description = tr.readString("UTF-8");
+
+		String reasonCodeSymbolicName = null;
+
+		switch (reasonCode)
+		{
+			case 1:
+				reasonCodeSymbolicName = "SSH_OPEN_ADMINISTRATIVELY_PROHIBITED";
+				break;
+			case 2:
+				reasonCodeSymbolicName = "SSH_OPEN_CONNECT_FAILED";
+				break;
+			case 3:
+				reasonCodeSymbolicName = "SSH_OPEN_UNKNOWN_CHANNEL_TYPE";
+				break;
+			case 4:
+				reasonCodeSymbolicName = "SSH_OPEN_RESOURCE_SHORTAGE";
+				break;
+			default:
+				reasonCodeSymbolicName = "UNKNOWN REASON CODE (" + reasonCode + ")";
+		}
+
+		StringBuilder descriptionBuffer = new StringBuilder();
+		descriptionBuffer.append(description);
+
+		for (int i = 0; i < descriptionBuffer.length(); i++)
+		{
+			char cc = descriptionBuffer.charAt(i);
+
+			if ((cc >= 32) && (cc <= 126))
+				continue;
+			descriptionBuffer.setCharAt(i, '\uFFFD');
+		}
+
+		synchronized (c)
+		{
+			c.EOF = true;
+			c.state = Channel.STATE_CLOSED;
+			c.setReasonClosed("The server refused to open the channel (" + reasonCodeSymbolicName + ", '"
+					+ descriptionBuffer.toString() + "')");
+			c.notifyAll();
+		}
+
+
+		log.debug("Got SSH_MSG_CHANNEL_OPEN_FAILURE (channel " + id + ")");
+	}
+
+	public void msgGlobalRequest(byte[] msg, int msglen) throws IOException
+	{
+		/* Currently we do not support any kind of global request */
+
+		TypesReader tr = new TypesReader(msg, 0, msglen);
+
+		tr.readByte(); // skip packet type
+		String requestName = tr.readString();
+		boolean wantReply = tr.readBoolean();
+
+		if (wantReply)
+		{
+			byte[] reply_failure = new byte[1];
+			reply_failure[0] = Packets.SSH_MSG_REQUEST_FAILURE;
+
+			tm.sendAsynchronousMessage(reply_failure);
+		}
+
+		/* We do not clean up the requestName String - that is OK for debug */
+
+
+		log.debug("Got SSH_MSG_GLOBAL_REQUEST (" + requestName + ")");
+	}
+
+	public void msgGlobalSuccess() throws IOException
+	{
+		synchronized (channels)
+		{
+			globalSuccessCounter++;
+			channels.notifyAll();
+		}
+
+
+		log.debug("Got SSH_MSG_REQUEST_SUCCESS");
+	}
+
+	public void msgGlobalFailure() throws IOException
+	{
+		synchronized (channels)
+		{
+			globalFailedCounter++;
+			channels.notifyAll();
+		}
+
+
+		log.debug("Got SSH_MSG_REQUEST_FAILURE");
+	}
+
+	public void handleMessage(byte[] msg, int msglen) throws IOException
+	{
+		if (msg == null)
+		{
+
+			log.debug("HandleMessage: got shutdown");
+
+			synchronized (listenerThreads)
+			{
+				for (IChannelWorkerThread lat : listenerThreads)
+				{
+					lat.stopWorking();
+				}
+				listenerThreadsAllowed = false;
+			}
+
+			synchronized (channels)
+			{
+				shutdown = true;
+
+				for (Channel c : channels)
+				{
+					synchronized (c)
+					{
+						c.EOF = true;
+						c.state = Channel.STATE_CLOSED;
+						c.setReasonClosed("The connection is being shutdown");
+						c.closeMessageRecv = true; /*
+													* You never know, perhaps
+													* we are waiting for a
+													* pending close message
+													* from the server...
+													*/
+						c.notifyAll();
+					}
+				}
+
+				channels.clear();
+				channels.notifyAll(); /* Notify global response waiters */
+				return;
+			}
+		}
+
+		switch (msg[0])
+		{
+			case Packets.SSH_MSG_CHANNEL_OPEN_CONFIRMATION:
+				msgChannelOpenConfirmation(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_WINDOW_ADJUST:
+				msgChannelWindowAdjust(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_DATA:
+				msgChannelData(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_EXTENDED_DATA:
+				msgChannelExtendedData(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_REQUEST:
+				msgChannelRequest(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_EOF:
+				msgChannelEOF(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_OPEN:
+				msgChannelOpen(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_CLOSE:
+				msgChannelClose(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_SUCCESS:
+				msgChannelSuccess(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_FAILURE:
+				msgChannelFailure(msg, msglen);
+				break;
+			case Packets.SSH_MSG_CHANNEL_OPEN_FAILURE:
+				msgChannelOpenFailure(msg, msglen);
+				break;
+			case Packets.SSH_MSG_GLOBAL_REQUEST:
+				msgGlobalRequest(msg, msglen);
+				break;
+			case Packets.SSH_MSG_REQUEST_SUCCESS:
+				msgGlobalSuccess();
+				break;
+			case Packets.SSH_MSG_REQUEST_FAILURE:
+				msgGlobalFailure();
+				break;
+			default:
+				throw new IOException("Cannot handle unknown channel message " + (msg[0] & 0xff));
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/ChannelOutputStream.java b/src/main/java/ch/ethz/ssh2/channel/ChannelOutputStream.java
new file mode 100644
index 0000000..356ed24
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/ChannelOutputStream.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * ChannelOutputStream.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public final class ChannelOutputStream extends OutputStream
+{
+	Channel c;
+
+	boolean isClosed = false;
+	
+	ChannelOutputStream(Channel c)
+	{
+		this.c = c;
+	}
+
+	@Override
+	public void write(int b) throws IOException
+	{	
+		byte[] buff = new byte[1];
+		
+		buff[0] = (byte) b;
+		
+		write(buff, 0, 1);
+	}
+
+	@Override
+	public void close() throws IOException
+	{
+		if (isClosed == false)
+		{
+			isClosed = true;
+			c.cm.sendEOF(c);
+		}
+	}
+
+	@Override
+	public void flush() throws IOException
+	{
+		if (isClosed)
+			throw new IOException("This OutputStream is closed.");
+
+		/* This is a no-op, since this stream is unbuffered */
+	}
+
+	@Override
+	public void write(byte[] b, int off, int len) throws IOException
+	{
+		if (isClosed)
+			throw new IOException("This OutputStream is closed.");
+		
+		if (b == null)
+			throw new NullPointerException();
+
+		if ((off < 0) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0) || (off > b.length))
+			throw new IndexOutOfBoundsException();
+
+		if (len == 0)
+			return;
+		
+		c.cm.sendData(c, b, off, len);
+	}
+
+	@Override
+	public void write(byte[] b) throws IOException
+	{
+		write(b, 0, b.length);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/IChannelWorkerThread.java b/src/main/java/ch/ethz/ssh2/channel/IChannelWorkerThread.java
new file mode 100644
index 0000000..524cbcf
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/IChannelWorkerThread.java
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+/**
+ * IChannelWorkerThread.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+interface IChannelWorkerThread
+{
+	public void stopWorking();
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/LocalAcceptThread.java b/src/main/java/ch/ethz/ssh2/channel/LocalAcceptThread.java
new file mode 100644
index 0000000..e5e7128
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/LocalAcceptThread.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+
+/**
+ * LocalAcceptThread.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class LocalAcceptThread extends Thread implements IChannelWorkerThread
+{
+	ChannelManager cm;
+	String host_to_connect;
+	int port_to_connect;
+
+	final ServerSocket ss;
+
+	public LocalAcceptThread(ChannelManager cm, int local_port, String host_to_connect, int port_to_connect)
+			throws IOException
+	{
+		this.cm = cm;
+		this.host_to_connect = host_to_connect;
+		this.port_to_connect = port_to_connect;
+
+		ss = new ServerSocket(local_port);
+	}
+
+	public LocalAcceptThread(ChannelManager cm, InetSocketAddress localAddress, String host_to_connect,
+			int port_to_connect) throws IOException
+	{
+		this.cm = cm;
+		this.host_to_connect = host_to_connect;
+		this.port_to_connect = port_to_connect;
+
+		ss = new ServerSocket();
+		ss.bind(localAddress);
+	}
+
+	@Override
+	public void run()
+	{
+		try
+		{
+			cm.registerThread(this);
+		}
+		catch (IOException e)
+		{
+			stopWorking();
+			return;
+		}
+
+		while (true)
+		{
+			Socket s = null;
+
+			try
+			{
+				s = ss.accept();
+			}
+			catch (IOException e)
+			{
+				stopWorking();
+				return;
+			}
+
+			Channel cn = null;
+			StreamForwarder r2l = null;
+			StreamForwarder l2r = null;
+
+			try
+			{
+				/* This may fail, e.g., if the remote port is closed (in optimistic terms: not open yet) */
+
+				cn = cm.openDirectTCPIPChannel(host_to_connect, port_to_connect, s.getInetAddress().getHostAddress(), s
+						.getPort());
+
+			}
+			catch (IOException e)
+			{
+				/* Simply close the local socket and wait for the next incoming connection */
+
+				try
+				{
+					s.close();
+				}
+				catch (IOException ignore)
+				{
+				}
+
+				continue;
+			}
+
+			try
+			{
+				r2l = new StreamForwarder(cn, null, null, cn.stdoutStream, s.getOutputStream(), "RemoteToLocal");
+				l2r = new StreamForwarder(cn, r2l, s, s.getInputStream(), cn.stdinStream, "LocalToRemote");
+			}
+			catch (IOException e)
+			{
+				try
+				{
+					/* This message is only visible during debugging, since we discard the channel immediatelly */
+					cn.cm.closeChannel(cn, "Weird error during creation of StreamForwarder (" + e.getMessage() + ")",
+							true);
+				}
+				catch (IOException ignore)
+				{
+				}
+
+				continue;
+			}
+
+			r2l.setDaemon(true);
+			l2r.setDaemon(true);
+			r2l.start();
+			l2r.start();
+		}
+	}
+
+	public void stopWorking()
+	{
+		try
+		{
+			/* This will lead to an IOException in the ss.accept() call */
+			ss.close();
+		}
+		catch (IOException ignored)
+		{
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/RemoteAcceptThread.java b/src/main/java/ch/ethz/ssh2/channel/RemoteAcceptThread.java
new file mode 100644
index 0000000..57a7f88
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/RemoteAcceptThread.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+import java.io.IOException;
+import java.net.Socket;
+
+import ch.ethz.ssh2.log.Logger;
+
+/**
+ * RemoteAcceptThread.
+ *
+ * @author Christian Plattner
+ * @version $Id: RemoteAcceptThread.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class RemoteAcceptThread extends Thread
+{
+	private static final Logger log = Logger.getLogger(RemoteAcceptThread.class);
+
+	Channel c;
+
+	String remoteConnectedAddress;
+	int remoteConnectedPort;
+	String remoteOriginatorAddress;
+	int remoteOriginatorPort;
+	String targetAddress;
+	int targetPort;
+
+	Socket s;
+
+	public RemoteAcceptThread(Channel c, String remoteConnectedAddress, int remoteConnectedPort,
+							  String remoteOriginatorAddress, int remoteOriginatorPort, String targetAddress, int targetPort)
+	{
+		this.c = c;
+		this.remoteConnectedAddress = remoteConnectedAddress;
+		this.remoteConnectedPort = remoteConnectedPort;
+		this.remoteOriginatorAddress = remoteOriginatorAddress;
+		this.remoteOriginatorPort = remoteOriginatorPort;
+		this.targetAddress = targetAddress;
+		this.targetPort = targetPort;
+
+		log.debug("RemoteAcceptThread: " + remoteConnectedAddress + "/" + remoteConnectedPort + ", R: "
+				+ remoteOriginatorAddress + "/" + remoteOriginatorPort);
+	}
+
+	@Override
+	public void run()
+	{
+		try
+		{
+			c.cm.sendOpenConfirmation(c);
+
+			s = new Socket(targetAddress, targetPort);
+
+			StreamForwarder r2l = new StreamForwarder(c, null, null, c.getStdoutStream(), s.getOutputStream(),
+					"RemoteToLocal");
+			StreamForwarder l2r = new StreamForwarder(c, null, null, s.getInputStream(), c.getStdinStream(),
+					"LocalToRemote");
+
+			/* No need to start two threads, one can be executed in the current thread */
+
+			r2l.setDaemon(true);
+			r2l.start();
+			l2r.run();
+
+			while (r2l.isAlive())
+			{
+				try
+				{
+					r2l.join();
+				}
+				catch (InterruptedException ignored)
+				{
+				}
+			}
+
+			/* If the channel is already closed, then this is a no-op */
+
+			c.cm.closeChannel(c, "EOF on both streams reached.", true);
+			s.close();
+		}
+		catch (IOException e)
+		{
+			log.warning("IOException in proxy code: " + e.getMessage());
+
+			try
+			{
+				c.cm.closeChannel(c, "IOException in proxy code (" + e.getMessage() + ")", true);
+			}
+			catch (IOException ignored)
+			{
+			}
+			try
+			{
+				if (s != null)
+					s.close();
+			}
+			catch (IOException ignored)
+			{
+			}
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/RemoteForwardingData.java b/src/main/java/ch/ethz/ssh2/channel/RemoteForwardingData.java
new file mode 100644
index 0000000..b9b324b
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/RemoteForwardingData.java
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+/**
+ * RemoteForwardingData. Data about a requested remote forwarding.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class RemoteForwardingData
+{
+	public String bindAddress;
+	public int bindPort;
+
+	String targetAddress;
+	int targetPort;
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/RemoteX11AcceptThread.java b/src/main/java/ch/ethz/ssh2/channel/RemoteX11AcceptThread.java
new file mode 100644
index 0000000..3dc2345
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/RemoteX11AcceptThread.java
@@ -0,0 +1,246 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.Socket;
+
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.util.StringEncoder;
+
+/**
+ * RemoteX11AcceptThread.
+ *
+ * @author Christian Plattner
+ * @version $Id: RemoteX11AcceptThread.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class RemoteX11AcceptThread extends Thread
+{
+	private static final Logger log = Logger.getLogger(RemoteX11AcceptThread.class);
+
+	Channel c;
+
+	String remoteOriginatorAddress;
+	int remoteOriginatorPort;
+
+	Socket s;
+
+	public RemoteX11AcceptThread(Channel c, String remoteOriginatorAddress, int remoteOriginatorPort)
+	{
+		this.c = c;
+		this.remoteOriginatorAddress = remoteOriginatorAddress;
+		this.remoteOriginatorPort = remoteOriginatorPort;
+	}
+
+	@Override
+	public void run()
+	{
+		try
+		{
+			/* Send Open Confirmation */
+
+			c.cm.sendOpenConfirmation(c);
+
+			/* Read startup packet from client */
+
+			OutputStream remote_os = c.getStdinStream();
+			InputStream remote_is = c.getStdoutStream();
+
+			/* The following code is based on the protocol description given in:
+			 * Scheifler/Gettys,
+			 * X Windows System: Core and Extension Protocols:
+			 * X Version 11, Releases 6 and 6.1 ISBN 1-55558-148-X
+			 * (from the ETH library - after being here for almost ten
+			 * years one of the few books I borrowed... sad but true =)
+			 */
+
+			/*
+			 * Client startup:
+			 * 
+			 * 1 0X42 MSB first/0x6c lSB first - byteorder
+			 * 1 - unused
+			 * 2 card16 - protocol-major-version
+			 * 2 card16 - protocol-minor-version
+			 * 2 n - lenght of authorization-protocol-name
+			 * 2 d - lenght of authorization-protocol-data
+			 * 2 - unused
+			 * string8 - authorization-protocol-name
+			 * p - unused, p=pad(n)
+			 * string8 - authorization-protocol-data
+			 * q - unused, q=pad(d)
+			 * 
+			 * pad(X) = (4 - (X mod 4)) mod 4
+			 * 
+			 * Server response:
+			 * 
+			 * 1 (0 failed, 2 authenticate, 1 success)
+			 * ...
+			 * 
+			 */
+
+			/* Later on we will simply forward the first 6 header bytes to the "real" X11 server */
+
+			byte[] header = new byte[6];
+
+			if (remote_is.read(header) != 6)
+				throw new IOException("Unexpected EOF on X11 startup!");
+
+			if ((header[0] != 0x42) && (header[0] != 0x6c)) // 0x42 MSB first, 0x6C LSB first
+				throw new IOException("Unknown endian format in X11 message!");
+
+			/* Yes, I came up with this myself - shall I file an application for a patent? =) */
+
+			int idxMSB = (header[0] == 0x42) ? 0 : 1;
+
+			/* Read authorization data header */
+
+			byte[] auth_buff = new byte[6];
+
+			if (remote_is.read(auth_buff) != 6)
+				throw new IOException("Unexpected EOF on X11 startup!");
+
+			int authProtocolNameLength = ((auth_buff[idxMSB] & 0xff) << 8) | (auth_buff[1 - idxMSB] & 0xff);
+			int authProtocolDataLength = ((auth_buff[2 + idxMSB] & 0xff) << 8) | (auth_buff[3 - idxMSB] & 0xff);
+
+			if ((authProtocolNameLength > 256) || (authProtocolDataLength > 256))
+				throw new IOException("Buggy X11 authorization data");
+
+			int authProtocolNamePadding = ((4 - (authProtocolNameLength % 4)) % 4);
+			int authProtocolDataPadding = ((4 - (authProtocolDataLength % 4)) % 4);
+
+			byte[] authProtocolName = new byte[authProtocolNameLength];
+			byte[] authProtocolData = new byte[authProtocolDataLength];
+
+			byte[] paddingBuffer = new byte[4];
+
+			if (remote_is.read(authProtocolName) != authProtocolNameLength)
+				throw new IOException("Unexpected EOF on X11 startup! (authProtocolName)");
+
+			if (remote_is.read(paddingBuffer, 0, authProtocolNamePadding) != authProtocolNamePadding)
+				throw new IOException("Unexpected EOF on X11 startup! (authProtocolNamePadding)");
+
+			if (remote_is.read(authProtocolData) != authProtocolDataLength)
+				throw new IOException("Unexpected EOF on X11 startup! (authProtocolData)");
+
+			if (remote_is.read(paddingBuffer, 0, authProtocolDataPadding) != authProtocolDataPadding)
+				throw new IOException("Unexpected EOF on X11 startup! (authProtocolDataPadding)");
+
+			if ("MIT-MAGIC-COOKIE-1".equals(StringEncoder.GetString(authProtocolName)) == false)
+				throw new IOException("Unknown X11 authorization protocol!");
+
+			if (authProtocolDataLength != 16)
+				throw new IOException("Wrong data length for X11 authorization data!");
+
+			StringBuilder tmp = new StringBuilder(32);
+			for (int i = 0; i < authProtocolData.length; i++)
+			{
+				String digit2 = Integer.toHexString(authProtocolData[i] & 0xff);
+				tmp.append((digit2.length() == 2) ? digit2 : "0" + digit2);
+			}
+			String hexEncodedFakeCookie = tmp.toString();
+
+			/* Order is very important here - it may be that a certain x11 forwarding
+			 * gets disabled right in the moment when we check and register our connection
+			 * */
+
+			synchronized (c)
+			{
+				/* Please read the comment in Channel.java */
+				c.hexX11FakeCookie = hexEncodedFakeCookie;
+			}
+
+			/* Now check our fake cookie directory to see if we produced this cookie */
+
+			X11ServerData sd = c.cm.checkX11Cookie(hexEncodedFakeCookie);
+
+			if (sd == null)
+				throw new IOException("Invalid X11 cookie received.");
+
+			/* If the session which corresponds to this cookie is closed then we will
+			 * detect this: the session's close code will close all channels
+			 * with the session's assigned x11 fake cookie.
+			 */
+
+			s = new Socket(sd.hostname, sd.port);
+
+			OutputStream x11_os = s.getOutputStream();
+			InputStream x11_is = s.getInputStream();
+
+			/* Now we are sending the startup packet to the real X11 server */
+
+			x11_os.write(header);
+
+			if (sd.x11_magic_cookie == null)
+			{
+				byte[] emptyAuthData = new byte[6];
+				/* empty auth data, hopefully you are connecting to localhost =) */
+				x11_os.write(emptyAuthData);
+			}
+			else
+			{
+				if (sd.x11_magic_cookie.length != 16)
+					throw new IOException("The real X11 cookie has an invalid length!");
+
+				/* send X11 cookie specified by client */
+				x11_os.write(auth_buff);
+				x11_os.write(authProtocolName); /* re-use */
+				x11_os.write(paddingBuffer, 0, authProtocolNamePadding);
+				x11_os.write(sd.x11_magic_cookie);
+				x11_os.write(paddingBuffer, 0, authProtocolDataPadding);
+			}
+
+			x11_os.flush();
+
+			/* Start forwarding traffic */
+
+			StreamForwarder r2l = new StreamForwarder(c, null, null, remote_is, x11_os, "RemoteToX11");
+			StreamForwarder l2r = new StreamForwarder(c, null, null, x11_is, remote_os, "X11ToRemote");
+
+			/* No need to start two threads, one can be executed in the current thread */
+
+			r2l.setDaemon(true);
+			r2l.start();
+			l2r.run();
+
+			while (r2l.isAlive())
+			{
+				try
+				{
+					r2l.join();
+				}
+				catch (InterruptedException ignored)
+				{
+				}
+			}
+
+			/* If the channel is already closed, then this is a no-op */
+
+			c.cm.closeChannel(c, "EOF on both X11 streams reached.", true);
+			s.close();
+		}
+		catch (IOException e)
+		{
+			log.warning("IOException in X11 proxy code: " + e.getMessage());
+
+			try
+			{
+				c.cm.closeChannel(c, "IOException in X11 proxy code (" + e.getMessage() + ")", true);
+			}
+			catch (IOException ignored)
+			{
+			}
+			try
+			{
+				if (s != null)
+					s.close();
+			}
+			catch (IOException ignored)
+			{
+			}
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/channel/StreamForwarder.java b/src/main/java/ch/ethz/ssh2/channel/StreamForwarder.java
new file mode 100644
index 0000000..b32b6f9
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/StreamForwarder.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.Socket;
+
+/**
+ * A StreamForwarder forwards data between two given streams. 
+ * If two StreamForwarder threads are used (one for each direction)
+ * then one can be configured to shutdown the underlying channel/socket
+ * if both threads have finished forwarding (EOF).
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class StreamForwarder extends Thread
+{
+	OutputStream os;
+	InputStream is;
+	byte[] buffer = new byte[Channel.CHANNEL_BUFFER_SIZE];
+	Channel c;
+	StreamForwarder sibling;
+	Socket s;
+	String mode;
+
+	StreamForwarder(Channel c, StreamForwarder sibling, Socket s, InputStream is, OutputStream os, String mode)
+			throws IOException
+	{
+		this.is = is;
+		this.os = os;
+		this.mode = mode;
+		this.c = c;
+		this.sibling = sibling;
+		this.s = s;
+	}
+
+	@Override
+	public void run()
+	{
+		try
+		{
+			while (true)
+			{
+				int len = is.read(buffer);
+				if (len <= 0)
+					break;
+				os.write(buffer, 0, len);
+				os.flush();
+			}
+		}
+		catch (IOException ignore)
+		{
+			try
+			{
+				c.cm.closeChannel(c, "Closed due to exception in StreamForwarder (" + mode + "): "
+						+ ignore.getMessage(), true);
+			}
+			catch (IOException ignored)
+			{
+			}
+		}
+		finally
+		{
+			try
+			{
+				os.close();
+			}
+			catch (IOException ignored)
+			{
+			}
+			try
+			{
+				is.close();
+			}
+			catch (IOException ignored)
+			{
+			}
+
+			if (sibling != null)
+			{
+				while (sibling.isAlive())
+				{
+					try
+					{
+						sibling.join();
+					}
+					catch (InterruptedException ignored)
+					{
+					}
+				}
+
+				try
+				{
+					c.cm.closeChannel(c, "StreamForwarder (" + mode + ") is cleaning up the connection", true);
+				}
+				catch (IOException ignored)
+				{
+				}
+
+				try
+				{
+					if (s != null)
+						s.close();
+				}
+				catch (IOException ignored)
+				{
+				}
+			}
+		}
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/channel/X11ServerData.java b/src/main/java/ch/ethz/ssh2/channel/X11ServerData.java
new file mode 100644
index 0000000..e0a2963
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/channel/X11ServerData.java
@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.channel;
+
+/**
+ * X11ServerData. Data regarding an x11 forwarding target.
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ * 
+ */
+public class X11ServerData
+{
+	public String hostname;
+	public int port;
+	public byte[] x11_magic_cookie; /* not the remote (fake) one, the local (real) one */
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/Base64.java b/src/main/java/ch/ethz/ssh2/crypto/Base64.java
new file mode 100644
index 0000000..7dcaef5
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/Base64.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto;
+
+import java.io.CharArrayWriter;
+import java.io.IOException;
+
+/**
+ * Basic Base64 Support.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class Base64
+{
+	static final char[] alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".toCharArray();
+	
+	public static char[] encode(byte[] content)
+	{
+		CharArrayWriter cw = new CharArrayWriter((4 * content.length) / 3);
+
+		int idx = 0;
+					
+		int x = 0;
+
+		for (int i = 0; i < content.length; i++)
+		{
+			if (idx == 0)
+				x = (content[i] & 0xff) << 16;
+			else if (idx == 1)
+				x = x | ((content[i] & 0xff) << 8);
+			else
+				x = x | (content[i] & 0xff);
+
+			idx++;
+
+			if (idx == 3)
+			{
+				cw.write(alphabet[x >> 18]);
+				cw.write(alphabet[(x >> 12) & 0x3f]);
+				cw.write(alphabet[(x >> 6) & 0x3f]);
+				cw.write(alphabet[x & 0x3f]);
+
+				idx = 0;
+			}
+		}
+
+		if (idx == 1)
+		{
+			cw.write(alphabet[x >> 18]);
+			cw.write(alphabet[(x >> 12) & 0x3f]);
+			cw.write('=');
+			cw.write('=');
+		}
+
+		if (idx == 2)
+		{
+			cw.write(alphabet[x >> 18]);
+			cw.write(alphabet[(x >> 12) & 0x3f]);
+			cw.write(alphabet[(x >> 6) & 0x3f]);
+			cw.write('=');
+		}
+
+		return cw.toCharArray();
+	}
+
+	public static byte[] decode(char[] message) throws IOException
+	{
+		byte buff[] = new byte[4];
+		byte dest[] = new byte[message.length];
+
+		int bpos = 0;
+		int destpos = 0;
+
+		for (int i = 0; i < message.length; i++)
+		{
+			int c = message[i];
+
+			if ((c == '\n') || (c == '\r') || (c == ' ') || (c == '\t'))
+				continue;
+
+			if ((c >= 'A') && (c <= 'Z'))
+			{
+				buff[bpos++] = (byte) (c - 'A');
+			}
+			else if ((c >= 'a') && (c <= 'z'))
+			{
+				buff[bpos++] = (byte) ((c - 'a') + 26);
+			}
+			else if ((c >= '0') && (c <= '9'))
+			{
+				buff[bpos++] = (byte) ((c - '0') + 52);
+			}
+			else if (c == '+')
+			{
+				buff[bpos++] = 62;
+			}
+			else if (c == '/')
+			{
+				buff[bpos++] = 63;
+			}
+			else if (c == '=')
+			{
+				buff[bpos++] = 64;
+			}
+			else
+			{
+				throw new IOException("Illegal char in base64 code.");
+			}
+
+			if (bpos == 4)
+			{
+				bpos = 0;
+
+				if (buff[0] == 64)
+					break;
+
+				if (buff[1] == 64)
+					throw new IOException("Unexpected '=' in base64 code.");
+
+				if (buff[2] == 64)
+				{
+					int v = (((buff[0] & 0x3f) << 6) | ((buff[1] & 0x3f)));
+					dest[destpos++] = (byte) (v >> 4);
+					break;
+				}
+				else if (buff[3] == 64)
+				{
+					int v = (((buff[0] & 0x3f) << 12) | ((buff[1] & 0x3f) << 6) | ((buff[2] & 0x3f)));
+					dest[destpos++] = (byte) (v >> 10);
+					dest[destpos++] = (byte) (v >> 2);
+					break;
+				}
+				else
+				{
+					int v = (((buff[0] & 0x3f) << 18) | ((buff[1] & 0x3f) << 12) | ((buff[2] & 0x3f) << 6) | ((buff[3] & 0x3f)));
+					dest[destpos++] = (byte) (v >> 16);
+					dest[destpos++] = (byte) (v >> 8);
+					dest[destpos++] = (byte) (v);
+				}
+			}
+		}
+
+		byte[] res = new byte[destpos];
+		System.arraycopy(dest, 0, res, 0, destpos);
+
+		return res;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/CryptoWishList.java b/src/main/java/ch/ethz/ssh2/crypto/CryptoWishList.java
new file mode 100644
index 0000000..fa76f90
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/CryptoWishList.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto;
+
+import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
+import ch.ethz.ssh2.crypto.digest.MAC;
+import ch.ethz.ssh2.transport.KexManager;
+
+/**
+ * CryptoWishList.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class CryptoWishList
+{
+	public String[] kexAlgorithms = KexManager.getDefaultKexAlgorithmList();
+	public String[] serverHostKeyAlgorithms = KexManager.getDefaultServerHostkeyAlgorithmList();
+	public String[] c2s_enc_algos = BlockCipherFactory.getDefaultCipherList();
+	public String[] s2c_enc_algos = BlockCipherFactory.getDefaultCipherList();
+	public String[] c2s_mac_algos = MAC.getMacList();
+	public String[] s2c_mac_algos = MAC.getMacList();
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/KeyMaterial.java b/src/main/java/ch/ethz/ssh2/crypto/KeyMaterial.java
new file mode 100644
index 0000000..766728d
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/KeyMaterial.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto;
+
+import ch.ethz.ssh2.crypto.digest.HashForSSH2Types;
+import java.math.BigInteger;
+
+/**
+ * Establishes key material for iv/key/mac (both directions).
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class KeyMaterial
+{
+	public byte[] initial_iv_client_to_server;
+	public byte[] initial_iv_server_to_client;
+	public byte[] enc_key_client_to_server;
+	public byte[] enc_key_server_to_client;
+	public byte[] integrity_key_client_to_server;
+	public byte[] integrity_key_server_to_client;
+
+	private static byte[] calculateKey(HashForSSH2Types sh, BigInteger K, byte[] H, byte type, byte[] SessionID,
+			int keyLength)
+	{
+		byte[] res = new byte[keyLength];
+
+		int dglen = sh.getDigestLength();
+		int numRounds = (keyLength + dglen - 1) / dglen;
+
+		byte[][] tmp = new byte[numRounds][];
+
+		sh.reset();
+		sh.updateBigInt(K);
+		sh.updateBytes(H);
+		sh.updateByte(type);
+		sh.updateBytes(SessionID);
+
+		tmp[0] = sh.getDigest();
+
+		int off = 0;
+		int produced = Math.min(dglen, keyLength);
+
+		System.arraycopy(tmp[0], 0, res, off, produced);
+
+		keyLength -= produced;
+		off += produced;
+
+		for (int i = 1; i < numRounds; i++)
+		{
+			sh.updateBigInt(K);
+			sh.updateBytes(H);
+
+			for (int j = 0; j < i; j++)
+				sh.updateBytes(tmp[j]);
+
+			tmp[i] = sh.getDigest();
+
+			produced = Math.min(dglen, keyLength);
+			System.arraycopy(tmp[i], 0, res, off, produced);
+			keyLength -= produced;
+			off += produced;
+		}
+
+		return res;
+	}
+
+	public static KeyMaterial create(String hashType, byte[] H, BigInteger K, byte[] SessionID, int keyLengthCS,
+			int blockSizeCS, int macLengthCS, int keyLengthSC, int blockSizeSC, int macLengthSC)
+			throws IllegalArgumentException
+	{
+		KeyMaterial km = new KeyMaterial();
+
+		HashForSSH2Types sh = new HashForSSH2Types(hashType);
+
+		km.initial_iv_client_to_server = calculateKey(sh, K, H, (byte) 'A', SessionID, blockSizeCS);
+
+		km.initial_iv_server_to_client = calculateKey(sh, K, H, (byte) 'B', SessionID, blockSizeSC);
+
+		km.enc_key_client_to_server = calculateKey(sh, K, H, (byte) 'C', SessionID, keyLengthCS);
+
+		km.enc_key_server_to_client = calculateKey(sh, K, H, (byte) 'D', SessionID, keyLengthSC);
+
+		km.integrity_key_client_to_server = calculateKey(sh, K, H, (byte) 'E', SessionID, macLengthCS);
+
+		km.integrity_key_server_to_client = calculateKey(sh, K, H, (byte) 'F', SessionID, macLengthSC);
+
+		return km;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/PEMDecoder.java b/src/main/java/ch/ethz/ssh2/crypto/PEMDecoder.java
new file mode 100644
index 0000000..98fddca
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/PEMDecoder.java
@@ -0,0 +1,385 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto;
+
+import java.io.BufferedReader;
+import java.io.CharArrayReader;
+import java.io.IOException;
+import java.math.BigInteger;
+
+import ch.ethz.ssh2.crypto.cipher.AES;
+import ch.ethz.ssh2.crypto.cipher.BlockCipher;
+import ch.ethz.ssh2.crypto.cipher.CBCMode;
+import ch.ethz.ssh2.crypto.cipher.DES;
+import ch.ethz.ssh2.crypto.cipher.DESede;
+import ch.ethz.ssh2.crypto.digest.MD5;
+import ch.ethz.ssh2.signature.DSAPrivateKey;
+import ch.ethz.ssh2.signature.RSAPrivateKey;
+import ch.ethz.ssh2.util.StringEncoder;
+
+/**
+ * PEM Support.
+ *
+ * @author Christian Plattner
+ * @version $Id: PEMDecoder.java 37 2011-05-28 22:31:46Z dkocher@sudo.ch $
+ */
+public class PEMDecoder
+{
+	private static final int PEM_RSA_PRIVATE_KEY = 1;
+	private static final int PEM_DSA_PRIVATE_KEY = 2;
+
+	private static int hexToInt(char c)
+	{
+		if ((c >= 'a') && (c <= 'f'))
+		{
+			return (c - 'a') + 10;
+		}
+
+		if ((c >= 'A') && (c <= 'F'))
+		{
+			return (c - 'A') + 10;
+		}
+
+		if ((c >= '0') && (c <= '9'))
+		{
+			return (c - '0');
+		}
+
+		throw new IllegalArgumentException("Need hex char");
+	}
+
+	private static byte[] hexToByteArray(String hex)
+	{
+		if (hex == null)
+			throw new IllegalArgumentException("null argument");
+
+		if ((hex.length() % 2) != 0)
+			throw new IllegalArgumentException("Uneven string length in hex encoding.");
+
+		byte decoded[] = new byte[hex.length() / 2];
+
+		for (int i = 0; i < decoded.length; i++)
+		{
+			int hi = hexToInt(hex.charAt(i * 2));
+			int lo = hexToInt(hex.charAt((i * 2) + 1));
+
+			decoded[i] = (byte) (hi * 16 + lo);
+		}
+
+		return decoded;
+	}
+
+	private static byte[] generateKeyFromPasswordSaltWithMD5(byte[] password, byte[] salt, int keyLen)
+			throws IOException
+	{
+		if (salt.length < 8)
+			throw new IllegalArgumentException("Salt needs to be at least 8 bytes for key generation.");
+
+		MD5 md5 = new MD5();
+
+		byte[] key = new byte[keyLen];
+		byte[] tmp = new byte[md5.getDigestLength()];
+
+		while (true)
+		{
+			md5.update(password, 0, password.length);
+			md5.update(salt, 0, 8); // ARGH we only use the first 8 bytes of the salt in this step.
+			// This took me two hours until I got AES-xxx running.
+
+			int copy = (keyLen < tmp.length) ? keyLen : tmp.length;
+
+			md5.digest(tmp, 0);
+
+			System.arraycopy(tmp, 0, key, key.length - keyLen, copy);
+
+			keyLen -= copy;
+
+			if (keyLen == 0)
+				return key;
+
+			md5.update(tmp, 0, tmp.length);
+		}
+	}
+
+	private static byte[] removePadding(byte[] buff, int blockSize) throws IOException
+	{
+		/* Removes RFC 1423/PKCS #7 padding */
+
+		int rfc_1423_padding = buff[buff.length - 1] & 0xff;
+
+		if ((rfc_1423_padding < 1) || (rfc_1423_padding > blockSize))
+			throw new PEMDecryptException("Decrypted PEM has wrong padding, did you specify the correct password?");
+
+		for (int i = 2; i <= rfc_1423_padding; i++)
+		{
+			if (buff[buff.length - i] != rfc_1423_padding)
+				throw new PEMDecryptException("Decrypted PEM has wrong padding, did you specify the correct password?");
+		}
+
+		byte[] tmp = new byte[buff.length - rfc_1423_padding];
+		System.arraycopy(buff, 0, tmp, 0, buff.length - rfc_1423_padding);
+		return tmp;
+	}
+
+	private static PEMStructure parsePEM(char[] pem) throws IOException
+	{
+		PEMStructure ps = new PEMStructure();
+
+		String line = null;
+
+		BufferedReader br = new BufferedReader(new CharArrayReader(pem));
+
+		String endLine = null;
+
+		while (true)
+		{
+			line = br.readLine();
+
+			if (line == null)
+				throw new IOException("Invalid PEM structure, '-----BEGIN...' missing");
+
+			line = line.trim();
+
+			if (line.startsWith("-----BEGIN DSA PRIVATE KEY-----"))
+			{
+				endLine = "-----END DSA PRIVATE KEY-----";
+				ps.pemType = PEM_DSA_PRIVATE_KEY;
+				break;
+			}
+
+			if (line.startsWith("-----BEGIN RSA PRIVATE KEY-----"))
+			{
+				endLine = "-----END RSA PRIVATE KEY-----";
+				ps.pemType = PEM_RSA_PRIVATE_KEY;
+				break;
+			}
+		}
+
+		while (true)
+		{
+			line = br.readLine();
+
+			if (line == null)
+				throw new IOException("Invalid PEM structure, " + endLine + " missing");
+
+			line = line.trim();
+
+			int sem_idx = line.indexOf(':');
+
+			if (sem_idx == -1)
+				break;
+
+			String name = line.substring(0, sem_idx + 1);
+			String value = line.substring(sem_idx + 1);
+
+			String values[] = value.split(",");
+
+			for (int i = 0; i < values.length; i++)
+				values[i] = values[i].trim();
+
+			// Proc-Type: 4,ENCRYPTED
+			// DEK-Info: DES-EDE3-CBC,579B6BE3E5C60483
+
+			if ("Proc-Type:".equals(name))
+			{
+				ps.procType = values;
+				continue;
+			}
+
+			if ("DEK-Info:".equals(name))
+			{
+				ps.dekInfo = values;
+				continue;
+			}
+			/* Ignore line */
+		}
+
+		StringBuilder keyData = new StringBuilder();
+
+		while (true)
+		{
+			if (line == null)
+				throw new IOException("Invalid PEM structure, " + endLine + " missing");
+
+			line = line.trim();
+
+			if (line.startsWith(endLine))
+				break;
+
+			keyData.append(line);
+
+			line = br.readLine();
+		}
+
+		char[] pem_chars = new char[keyData.length()];
+		keyData.getChars(0, pem_chars.length, pem_chars, 0);
+
+		ps.data = Base64.decode(pem_chars);
+
+		if (ps.data.length == 0)
+			throw new IOException("Invalid PEM structure, no data available");
+
+		return ps;
+	}
+
+	private static void decryptPEM(PEMStructure ps, byte[] pw) throws IOException
+	{
+		if (ps.dekInfo == null)
+			throw new IOException("Broken PEM, no mode and salt given, but encryption enabled");
+
+		if (ps.dekInfo.length != 2)
+			throw new IOException("Broken PEM, DEK-Info is incomplete!");
+
+		String algo = ps.dekInfo[0];
+		byte[] salt = hexToByteArray(ps.dekInfo[1]);
+
+		BlockCipher bc = null;
+
+		if (algo.equals("DES-EDE3-CBC"))
+		{
+			DESede des3 = new DESede();
+			des3.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 24));
+			bc = new CBCMode(des3, salt, false);
+		}
+		else if (algo.equals("DES-CBC"))
+		{
+			DES des = new DES();
+			des.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 8));
+			bc = new CBCMode(des, salt, false);
+		}
+		else if (algo.equals("AES-128-CBC"))
+		{
+			AES aes = new AES();
+			aes.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 16));
+			bc = new CBCMode(aes, salt, false);
+		}
+		else if (algo.equals("AES-192-CBC"))
+		{
+			AES aes = new AES();
+			aes.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 24));
+			bc = new CBCMode(aes, salt, false);
+		}
+		else if (algo.equals("AES-256-CBC"))
+		{
+			AES aes = new AES();
+			aes.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 32));
+			bc = new CBCMode(aes, salt, false);
+		}
+		else
+		{
+			throw new IOException("Cannot decrypt PEM structure, unknown cipher " + algo);
+		}
+
+		if ((ps.data.length % bc.getBlockSize()) != 0)
+			throw new IOException("Invalid PEM structure, size of encrypted block is not a multiple of "
+					+ bc.getBlockSize());
+
+		/* Now decrypt the content */
+
+		byte[] dz = new byte[ps.data.length];
+
+		for (int i = 0; i < ps.data.length / bc.getBlockSize(); i++)
+		{
+			bc.transformBlock(ps.data, i * bc.getBlockSize(), dz, i * bc.getBlockSize());
+		}
+
+		/* Now check and remove RFC 1423/PKCS #7 padding */
+
+		dz = removePadding(dz, bc.getBlockSize());
+
+		ps.data = dz;
+		ps.dekInfo = null;
+		ps.procType = null;
+	}
+
+	public static final boolean isPEMEncrypted(PEMStructure ps) throws IOException
+	{
+		if (ps.procType == null)
+			return false;
+
+		if (ps.procType.length != 2)
+			throw new IOException("Unknown Proc-Type field.");
+
+		if ("4".equals(ps.procType[0]) == false)
+			throw new IOException("Unknown Proc-Type field (" + ps.procType[0] + ")");
+
+		if ("ENCRYPTED".equals(ps.procType[1]))
+			return true;
+
+		return false;
+	}
+
+	public static final boolean isPEMEncrypted(char[] pem) throws IOException
+	{
+		return isPEMEncrypted(parsePEM(pem));
+	}
+
+	public static Object decode(char[] pem, String password) throws IOException
+	{
+		PEMStructure ps = parsePEM(pem);
+
+		if (isPEMEncrypted(ps))
+		{
+			if (password == null)
+				throw new IOException("PEM is encrypted, but no password was specified");
+
+			decryptPEM(ps, StringEncoder.GetBytes(password));
+		}
+
+		if (ps.pemType == PEM_DSA_PRIVATE_KEY)
+		{
+			SimpleDERReader dr = new SimpleDERReader(ps.data);
+
+			byte[] seq = dr.readSequenceAsByteArray();
+
+			if (dr.available() != 0)
+				throw new IOException("Padding in DSA PRIVATE KEY DER stream.");
+
+			dr.resetInput(seq);
+
+			BigInteger version = dr.readInt();
+
+			if (version.compareTo(BigInteger.ZERO) != 0)
+				throw new IOException("Wrong version (" + version + ") in DSA PRIVATE KEY DER stream.");
+
+			BigInteger p = dr.readInt();
+			BigInteger q = dr.readInt();
+			BigInteger g = dr.readInt();
+			BigInteger y = dr.readInt();
+			BigInteger x = dr.readInt();
+
+			if (dr.available() != 0)
+				throw new IOException("Padding in DSA PRIVATE KEY DER stream.");
+
+			return new DSAPrivateKey(p, q, g, y, x);
+		}
+
+		if (ps.pemType == PEM_RSA_PRIVATE_KEY)
+		{
+			SimpleDERReader dr = new SimpleDERReader(ps.data);
+
+			byte[] seq = dr.readSequenceAsByteArray();
+
+			if (dr.available() != 0)
+				throw new IOException("Padding in RSA PRIVATE KEY DER stream.");
+
+			dr.resetInput(seq);
+
+			BigInteger version = dr.readInt();
+
+			if ((version.compareTo(BigInteger.ZERO) != 0) && (version.compareTo(BigInteger.ONE) != 0))
+				throw new IOException("Wrong version (" + version + ") in RSA PRIVATE KEY DER stream.");
+
+			BigInteger n = dr.readInt();
+			BigInteger e = dr.readInt();
+			BigInteger d = dr.readInt();
+
+			return new RSAPrivateKey(d, e, n);
+		}
+
+		throw new IOException("PEM problem: it is of unknown type");
+	}
+
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/PEMDecryptException.java b/src/main/java/ch/ethz/ssh2/crypto/PEMDecryptException.java
new file mode 100644
index 0000000..488479b
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/PEMDecryptException.java
@@ -0,0 +1,39 @@
+
+package ch.ethz.ssh2.crypto;
+
+/*
+ * Copyright (c) 2002-2010 David Kocher. All rights reserved.
+ *
+ * http://cyberduck.ch/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * Bug fixes, suggestions and comments should be sent to:
+ * dkocher@cyberduck.ch
+ */
+
+import java.io.IOException;
+
+/**
+ * @version $Id: PEMDecryptException.java 5865 2010-03-27 03:28:11Z dkocher $
+ */
+public class PEMDecryptException extends IOException
+{
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	public PEMDecryptException(String message)
+	{
+		super(message);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/PEMStructure.java b/src/main/java/ch/ethz/ssh2/crypto/PEMStructure.java
new file mode 100644
index 0000000..f665a55
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/PEMStructure.java
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto;
+
+/**
+ * Parsed PEM structure.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class PEMStructure
+{
+	int pemType;
+	String dekInfo[];
+	String procType[];
+	byte[] data;
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/crypto/SimpleDERReader.java b/src/main/java/ch/ethz/ssh2/crypto/SimpleDERReader.java
new file mode 100644
index 0000000..bf569ef
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/SimpleDERReader.java
@@ -0,0 +1,158 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto;
+
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+/**
+ * SimpleDERReader.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class SimpleDERReader
+{
+	byte[] buffer;
+	int pos;
+	int count;
+
+	public SimpleDERReader(byte[] b)
+	{
+		resetInput(b);
+	}
+	
+	public SimpleDERReader(byte[] b, int off, int len)
+	{
+		resetInput(b, off, len);
+	}
+
+	public void resetInput(byte[] b)
+	{
+		resetInput(b, 0, b.length);
+	}
+	
+	public void resetInput(byte[] b, int off, int len)
+	{
+		buffer = b;
+		pos = off;
+		count = len;
+	}
+
+	private byte readByte() throws IOException
+	{
+		if (count <= 0)
+			throw new IOException("DER byte array: out of data");
+		count--;
+		return buffer[pos++];
+	}
+
+	private byte[] readBytes(int len) throws IOException
+	{
+		if (len > count)
+			throw new IOException("DER byte array: out of data");
+
+		byte[] b = new byte[len];
+
+		System.arraycopy(buffer, pos, b, 0, len);
+
+		pos += len;
+		count -= len;
+
+		return b;
+	}
+
+	public int available()
+	{
+		return count;
+	}
+
+	private int readLength() throws IOException
+	{
+		int len = readByte() & 0xff;
+
+		if ((len & 0x80) == 0)
+			return len;
+
+		int remain = len & 0x7F;
+
+		if (remain == 0)
+			return -1;
+
+		len = 0;
+		
+		while (remain > 0)
+		{
+			len = len << 8;
+			len = len | (readByte() & 0xff);
+			remain--;
+		}
+
+		return len;
+	}
+
+	public int ignoreNextObject() throws IOException
+	{
+		int type = readByte() & 0xff;
+
+		int len = readLength();
+
+		if ((len < 0) || len > available())
+			throw new IOException("Illegal len in DER object (" + len  + ")");
+
+		readBytes(len);
+		
+		return type;
+	}
+	
+	public BigInteger readInt() throws IOException
+	{
+		int type = readByte() & 0xff;
+		
+		if (type != 0x02)
+			throw new IOException("Expected DER Integer, but found type " + type);
+		
+		int len = readLength();
+
+		if ((len < 0) || len > available())
+			throw new IOException("Illegal len in DER object (" + len  + ")");
+
+		byte[] b = readBytes(len);
+
+		return new BigInteger(b);
+	}
+
+	public byte[] readSequenceAsByteArray() throws IOException
+	{
+		int type = readByte() & 0xff;
+		
+		if (type != 0x30)
+			throw new IOException("Expected DER Sequence, but found type " + type);
+		
+		int len = readLength();
+
+		if ((len < 0) || len > available())
+			throw new IOException("Illegal len in DER object (" + len  + ")");
+
+		return readBytes(len);
+	}
+	
+	public byte[] readOctetString() throws IOException
+	{
+		int type = readByte() & 0xff;
+		
+		if (type != 0x04)
+			throw new IOException("Expected DER Octetstring, but found type " + type);
+		
+		int len = readLength();
+
+		if ((len < 0) || len > available())
+			throw new IOException("Illegal len in DER object (" + len  + ")");
+
+		return readBytes(len);
+	}
+
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/AES.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/AES.java
new file mode 100644
index 0000000..1f4d4c6
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/AES.java
@@ -0,0 +1,697 @@
+package ch.ethz.ssh2.crypto.cipher;
+
+/*
+ This file was shamelessly taken from the Bouncy Castle Crypto package.
+ Their licence file states the following:
+
+ Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
+ (http://www.bouncycastle.org)
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE. 
+ */
+
+/**
+ * An implementation of the AES (Rijndael), from FIPS-197.
+ * <p>
+ * For further details see: <a
+ * href="http://csrc.nist.gov/encryption/aes/">http://csrc.nist.gov/encryption/aes/
+ * </a>.
+ * 
+ * This implementation is based on optimizations from Dr. Brian Gladman's paper
+ * and C code at <a
+ * href="http://fp.gladman.plus.com/cryptography_technology/rijndael/">http://fp.gladman.plus.com/cryptography_technology/rijndael/
+ * </a>
+ * 
+ * There are three levels of tradeoff of speed vs memory Because java has no
+ * preprocessor, they are written as three separate classes from which to choose
+ * 
+ * The fastest uses 8Kbytes of static tables to precompute round calculations, 4
+ * 256 word tables for encryption and 4 for decryption.
+ * 
+ * The middle performance version uses only one 256 word table for each, for a
+ * total of 2Kbytes, adding 12 rotate operations per round to compute the values
+ * contained in the other tables from the contents of the first
+ * 
+ * The slowest version uses no static tables at all and computes the values in
+ * each round
+ * <p>
+ * This file contains the fast version with 8Kbytes of static tables for round
+ * precomputation
+ * 
+ * @author See comments in the source file
+ * @version 2.50, 03/15/10
+ */
+public class AES implements BlockCipher
+{
+	// The S box
+	private static final byte[] S = { (byte) 99, (byte) 124, (byte) 119, (byte) 123, (byte) 242, (byte) 107,
+			(byte) 111, (byte) 197, (byte) 48, (byte) 1, (byte) 103, (byte) 43, (byte) 254, (byte) 215, (byte) 171,
+			(byte) 118, (byte) 202, (byte) 130, (byte) 201, (byte) 125, (byte) 250, (byte) 89, (byte) 71, (byte) 240,
+			(byte) 173, (byte) 212, (byte) 162, (byte) 175, (byte) 156, (byte) 164, (byte) 114, (byte) 192, (byte) 183,
+			(byte) 253, (byte) 147, (byte) 38, (byte) 54, (byte) 63, (byte) 247, (byte) 204, (byte) 52, (byte) 165,
+			(byte) 229, (byte) 241, (byte) 113, (byte) 216, (byte) 49, (byte) 21, (byte) 4, (byte) 199, (byte) 35,
+			(byte) 195, (byte) 24, (byte) 150, (byte) 5, (byte) 154, (byte) 7, (byte) 18, (byte) 128, (byte) 226,
+			(byte) 235, (byte) 39, (byte) 178, (byte) 117, (byte) 9, (byte) 131, (byte) 44, (byte) 26, (byte) 27,
+			(byte) 110, (byte) 90, (byte) 160, (byte) 82, (byte) 59, (byte) 214, (byte) 179, (byte) 41, (byte) 227,
+			(byte) 47, (byte) 132, (byte) 83, (byte) 209, (byte) 0, (byte) 237, (byte) 32, (byte) 252, (byte) 177,
+			(byte) 91, (byte) 106, (byte) 203, (byte) 190, (byte) 57, (byte) 74, (byte) 76, (byte) 88, (byte) 207,
+			(byte) 208, (byte) 239, (byte) 170, (byte) 251, (byte) 67, (byte) 77, (byte) 51, (byte) 133, (byte) 69,
+			(byte) 249, (byte) 2, (byte) 127, (byte) 80, (byte) 60, (byte) 159, (byte) 168, (byte) 81, (byte) 163,
+			(byte) 64, (byte) 143, (byte) 146, (byte) 157, (byte) 56, (byte) 245, (byte) 188, (byte) 182, (byte) 218,
+			(byte) 33, (byte) 16, (byte) 255, (byte) 243, (byte) 210, (byte) 205, (byte) 12, (byte) 19, (byte) 236,
+			(byte) 95, (byte) 151, (byte) 68, (byte) 23, (byte) 196, (byte) 167, (byte) 126, (byte) 61, (byte) 100,
+			(byte) 93, (byte) 25, (byte) 115, (byte) 96, (byte) 129, (byte) 79, (byte) 220, (byte) 34, (byte) 42,
+			(byte) 144, (byte) 136, (byte) 70, (byte) 238, (byte) 184, (byte) 20, (byte) 222, (byte) 94, (byte) 11,
+			(byte) 219, (byte) 224, (byte) 50, (byte) 58, (byte) 10, (byte) 73, (byte) 6, (byte) 36, (byte) 92,
+			(byte) 194, (byte) 211, (byte) 172, (byte) 98, (byte) 145, (byte) 149, (byte) 228, (byte) 121, (byte) 231,
+			(byte) 200, (byte) 55, (byte) 109, (byte) 141, (byte) 213, (byte) 78, (byte) 169, (byte) 108, (byte) 86,
+			(byte) 244, (byte) 234, (byte) 101, (byte) 122, (byte) 174, (byte) 8, (byte) 186, (byte) 120, (byte) 37,
+			(byte) 46, (byte) 28, (byte) 166, (byte) 180, (byte) 198, (byte) 232, (byte) 221, (byte) 116, (byte) 31,
+			(byte) 75, (byte) 189, (byte) 139, (byte) 138, (byte) 112, (byte) 62, (byte) 181, (byte) 102, (byte) 72,
+			(byte) 3, (byte) 246, (byte) 14, (byte) 97, (byte) 53, (byte) 87, (byte) 185, (byte) 134, (byte) 193,
+			(byte) 29, (byte) 158, (byte) 225, (byte) 248, (byte) 152, (byte) 17, (byte) 105, (byte) 217, (byte) 142,
+			(byte) 148, (byte) 155, (byte) 30, (byte) 135, (byte) 233, (byte) 206, (byte) 85, (byte) 40, (byte) 223,
+			(byte) 140, (byte) 161, (byte) 137, (byte) 13, (byte) 191, (byte) 230, (byte) 66, (byte) 104, (byte) 65,
+			(byte) 153, (byte) 45, (byte) 15, (byte) 176, (byte) 84, (byte) 187, (byte) 22, };
+
+	// The inverse S-box
+	private static final byte[] Si = { (byte) 82, (byte) 9, (byte) 106, (byte) 213, (byte) 48, (byte) 54, (byte) 165,
+			(byte) 56, (byte) 191, (byte) 64, (byte) 163, (byte) 158, (byte) 129, (byte) 243, (byte) 215, (byte) 251,
+			(byte) 124, (byte) 227, (byte) 57, (byte) 130, (byte) 155, (byte) 47, (byte) 255, (byte) 135, (byte) 52,
+			(byte) 142, (byte) 67, (byte) 68, (byte) 196, (byte) 222, (byte) 233, (byte) 203, (byte) 84, (byte) 123,
+			(byte) 148, (byte) 50, (byte) 166, (byte) 194, (byte) 35, (byte) 61, (byte) 238, (byte) 76, (byte) 149,
+			(byte) 11, (byte) 66, (byte) 250, (byte) 195, (byte) 78, (byte) 8, (byte) 46, (byte) 161, (byte) 102,
+			(byte) 40, (byte) 217, (byte) 36, (byte) 178, (byte) 118, (byte) 91, (byte) 162, (byte) 73, (byte) 109,
+			(byte) 139, (byte) 209, (byte) 37, (byte) 114, (byte) 248, (byte) 246, (byte) 100, (byte) 134, (byte) 104,
+			(byte) 152, (byte) 22, (byte) 212, (byte) 164, (byte) 92, (byte) 204, (byte) 93, (byte) 101, (byte) 182,
+			(byte) 146, (byte) 108, (byte) 112, (byte) 72, (byte) 80, (byte) 253, (byte) 237, (byte) 185, (byte) 218,
+			(byte) 94, (byte) 21, (byte) 70, (byte) 87, (byte) 167, (byte) 141, (byte) 157, (byte) 132, (byte) 144,
+			(byte) 216, (byte) 171, (byte) 0, (byte) 140, (byte) 188, (byte) 211, (byte) 10, (byte) 247, (byte) 228,
+			(byte) 88, (byte) 5, (byte) 184, (byte) 179, (byte) 69, (byte) 6, (byte) 208, (byte) 44, (byte) 30,
+			(byte) 143, (byte) 202, (byte) 63, (byte) 15, (byte) 2, (byte) 193, (byte) 175, (byte) 189, (byte) 3,
+			(byte) 1, (byte) 19, (byte) 138, (byte) 107, (byte) 58, (byte) 145, (byte) 17, (byte) 65, (byte) 79,
+			(byte) 103, (byte) 220, (byte) 234, (byte) 151, (byte) 242, (byte) 207, (byte) 206, (byte) 240, (byte) 180,
+			(byte) 230, (byte) 115, (byte) 150, (byte) 172, (byte) 116, (byte) 34, (byte) 231, (byte) 173, (byte) 53,
+			(byte) 133, (byte) 226, (byte) 249, (byte) 55, (byte) 232, (byte) 28, (byte) 117, (byte) 223, (byte) 110,
+			(byte) 71, (byte) 241, (byte) 26, (byte) 113, (byte) 29, (byte) 41, (byte) 197, (byte) 137, (byte) 111,
+			(byte) 183, (byte) 98, (byte) 14, (byte) 170, (byte) 24, (byte) 190, (byte) 27, (byte) 252, (byte) 86,
+			(byte) 62, (byte) 75, (byte) 198, (byte) 210, (byte) 121, (byte) 32, (byte) 154, (byte) 219, (byte) 192,
+			(byte) 254, (byte) 120, (byte) 205, (byte) 90, (byte) 244, (byte) 31, (byte) 221, (byte) 168, (byte) 51,
+			(byte) 136, (byte) 7, (byte) 199, (byte) 49, (byte) 177, (byte) 18, (byte) 16, (byte) 89, (byte) 39,
+			(byte) 128, (byte) 236, (byte) 95, (byte) 96, (byte) 81, (byte) 127, (byte) 169, (byte) 25, (byte) 181,
+			(byte) 74, (byte) 13, (byte) 45, (byte) 229, (byte) 122, (byte) 159, (byte) 147, (byte) 201, (byte) 156,
+			(byte) 239, (byte) 160, (byte) 224, (byte) 59, (byte) 77, (byte) 174, (byte) 42, (byte) 245, (byte) 176,
+			(byte) 200, (byte) 235, (byte) 187, (byte) 60, (byte) 131, (byte) 83, (byte) 153, (byte) 97, (byte) 23,
+			(byte) 43, (byte) 4, (byte) 126, (byte) 186, (byte) 119, (byte) 214, (byte) 38, (byte) 225, (byte) 105,
+			(byte) 20, (byte) 99, (byte) 85, (byte) 33, (byte) 12, (byte) 125, };
+
+	// vector used in calculating key schedule (powers of x in GF(256))
+	private static final int[] rcon = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab,
+			0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 };
+
+	// precomputation tables of calculations for rounds
+	private static final int[] T0 = { 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 0xbd6b6bd6,
+			0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d,
+			0x9a7676ec, 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+			0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, 0xc2b7b775,
+			0x1cfdfde1, 0xae93933d, 0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551,
+			0x34e5e5d1, 0x08f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, 0x0c040408, 0x52c7c795, 0x65232346,
+			0x5ec3c39d, 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+			0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36,
+			0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd,
+			0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, 0x60202040, 0x1ffcfce3, 0xc8b1b179,
+			0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+			0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 0xcf45458a,
+			0x10f9f9e9, 0x06020204, 0x817f7ffe, 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d,
+			0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf,
+			0x63212142, 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+			0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 0xac6464c8,
+			0xe75d5dba, 0x2b191932, 0x957373e6, 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54,
+			0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16,
+			0x76dbdbad, 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
+			0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5,
+			0x43c8c88b, 0x5937376e, 0xb76d6dda, 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac,
+			0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, 0xd5baba6f, 0x887878f0, 0x6f25254a,
+			0x722e2e5c, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+			0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, 0xd8484890,
+			0x05030306, 0x01f6f6f7, 0x120e0e1c, 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199,
+			0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, 0xbb6969d2, 0x70d9d9a9, 0x898e8e07,
+			0xa7949433, 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+			0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, 0xc3414182,
+			0xb0999929, 0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c };
+
+	private static final int[] T1 = { 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 0x6b6bd6bd,
+			0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d, 0xfefee719, 0xd7d7b562, 0xabab4de6,
+			0x7676ec9a, 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,
+			0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b, 0xb7b775c2,
+			0xfdfde11c, 0x93933dae, 0x26264c6a, 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, 0x3434685c, 0xa5a551f4,
+			0xe5e5d134, 0xf1f1f908, 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, 0x0404080c, 0xc7c79552, 0x23234665,
+			0xc3c39d5e, 0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5, 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,
+			0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e, 0x1b1b362d,
+			0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, 0x2929527b, 0xe3e3dd3e,
+			0x2f2f5e71, 0x84841397, 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, 0x20204060, 0xfcfce31f, 0xb1b179c8,
+			0x5b5bb6ed, 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,
+			0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, 0x45458acf,
+			0xf9f9e910, 0x02020406, 0x7f7ffe81, 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, 0x5151a2f3, 0xa3a35dfe,
+			0x404080c0, 0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, 0xbcbc63df, 0xb6b677c1, 0xdadaaf75,
+			0x21214263, 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, 0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f,
+			0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, 0x6464c8ac,
+			0x5d5dbae7, 0x1919322b, 0x7373e695, 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e,
+			0x90903bab, 0x88880b83, 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, 0xdedea779, 0x5e5ebce2, 0x0b0b161d,
+			0xdbdbad76, 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e, 0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4,
+			0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b, 0xe7e7d532,
+			0xc8c88b43, 0x37376e59, 0x6d6ddab7, 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 0x6c6cd8b4, 0x5656acfa,
+			0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018, 0xbaba6fd5, 0x7878f088, 0x25254a6f,
+			0x2e2e5c72, 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,
+			0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa, 0x484890d8,
+			0x03030605, 0xf6f6f701, 0x0e0e1c12, 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 0x86861791, 0xc1c19958,
+			0x1d1d3a27, 0x9e9e27b9, 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, 0x6969d2bb, 0xd9d9a970, 0x8e8e0789,
+			0x949433a7, 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,
+			0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8, 0x414182c3,
+			0x999929b0, 0x2d2d5a77, 0x0f0f1e11, 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a };
+
+	private static final int[] T2 = { 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 0x6bd6bd6b,
+			0x6fdeb16f, 0xc59154c5, 0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b, 0xfee719fe, 0xd7b562d7, 0xab4de6ab,
+			0x76ec9a76, 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,
+			0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0, 0xb775c2b7,
+			0xfde11cfd, 0x933dae93, 0x264c6a26, 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, 0x34685c34, 0xa551f4a5,
+			0xe5d134e5, 0xf1f908f1, 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, 0x04080c04, 0xc79552c7, 0x23466523,
+			0xc39d5ec3, 0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a, 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,
+			0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a, 0x1b362d1b,
+			0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, 0x29527b29, 0xe3dd3ee3,
+			0x2f5e712f, 0x84139784, 0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced, 0x20406020, 0xfce31ffc, 0xb179c8b1,
+			0x5bb6ed5b, 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,
+			0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, 0x458acf45,
+			0xf9e910f9, 0x02040602, 0x7ffe817f, 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, 0x51a2f351, 0xa35dfea3,
+			0x4080c040, 0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da,
+			0x21426321, 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, 0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec,
+			0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, 0x64c8ac64,
+			0x5dbae75d, 0x19322b19, 0x73e69573, 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a,
+			0x903bab90, 0x880b8388, 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, 0xdea779de, 0x5ebce25e, 0x0b161d0b,
+			0xdbad76db, 0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a, 0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c,
+			0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79, 0xe7d532e7,
+			0xc88b43c8, 0x376e5937, 0x6ddab76d, 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 0x6cd8b46c, 0x56acfa56,
+			0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808, 0xba6fd5ba, 0x78f08878, 0x254a6f25,
+			0x2e5c722e, 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,
+			0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66, 0x4890d848,
+			0x03060503, 0xf6f701f6, 0x0e1c120e, 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 0x86179186, 0xc19958c1,
+			0x1d3a271d, 0x9e27b99e, 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, 0x69d2bb69, 0xd9a970d9, 0x8e07898e,
+			0x9433a794, 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,
+			0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868, 0x4182c341,
+			0x9929b099, 0x2d5a772d, 0x0f1e110f, 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16 };
+
+	private static final int[] T3 = { 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 0xd6bd6b6b,
+			0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b, 0xe719fefe, 0xb562d7d7, 0x4de6abab,
+			0xec9a7676, 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,
+			0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0, 0x75c2b7b7,
+			0xe11cfdfd, 0x3dae9393, 0x4c6a2626, 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, 0x685c3434, 0x51f4a5a5,
+			0xd134e5e5, 0xf908f1f1, 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, 0x080c0404, 0x9552c7c7, 0x46652323,
+			0x9d5ec3c3, 0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a, 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,
+			0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a, 0x362d1b1b,
+			0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, 0x527b2929, 0xdd3ee3e3,
+			0x5e712f2f, 0x13978484, 0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded, 0x40602020, 0xe31ffcfc, 0x79c8b1b1,
+			0xb6ed5b5b, 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,
+			0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, 0x8acf4545,
+			0xe910f9f9, 0x04060202, 0xfe817f7f, 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, 0xa2f35151, 0x5dfea3a3,
+			0x80c04040, 0x058a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada,
+			0x42632121, 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,
+			0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, 0xc8ac6464,
+			0xbae75d5d, 0x322b1919, 0xe6957373, 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a,
+			0x3bab9090, 0x0b838888, 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, 0xa779dede, 0xbce25e5e, 0x161d0b0b,
+			0xad76dbdb, 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, 0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c,
+			0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979, 0xd532e7e7,
+			0x8b43c8c8, 0x6e593737, 0xdab76d6d, 0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 0xd8b46c6c, 0xacfa5656,
+			0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, 0x6fd5baba, 0xf0887878, 0x4a6f2525,
+			0x5c722e2e, 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,
+			0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666, 0x90d84848,
+			0x06050303, 0xf701f6f6, 0x1c120e0e, 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 0x17918686, 0x9958c1c1,
+			0x3a271d1d, 0x27b99e9e, 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, 0xd2bb6969, 0xa970d9d9, 0x07898e8e,
+			0x33a79494, 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,
+			0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868, 0x82c34141,
+			0x29b09999, 0x5a772d2d, 0x1e110f0f, 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616 };
+
+	private static final int[] Tinv0 = { 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f,
+			0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, 0xfcd7e54f, 0xd7cb2ac5, 0x80443526,
+			0x8fa362b5, 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, 0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
+			0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e, 0x6a89c275,
+			0x78798ef4, 0x6b3e5899, 0xdd71b927, 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 0x184adf63, 0x82311ae5,
+			0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, 0x58684870, 0x19fd458f, 0x876cde94,
+			0xb7f87b52, 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566, 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3,
+			0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e, 0xcdf4da65,
+			0xd5be0506, 0x1f6234d1, 0x8afea6c4, 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040,
+			0x069f715e, 0x51106ebd, 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 0xb58d5491, 0x055dc471, 0x6fd40604,
+			0xff155060, 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
+			0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, 0xfbff0efd,
+			0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0x0fe75793,
+			0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, 0x0aba93e2, 0xe52aa0c0, 0x43e0223c,
+			0x1d171b12, 0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
+			0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, 0xcadc31d7,
+			0x10856342, 0x40229713, 0x2011c684, 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc,
+			0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56,
+			0xef903322, 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
+			0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382, 0xbe805d9f,
+			0x7c93d069, 0xa92dd56f, 0xb31225cf, 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x097826cd, 0xf418596e,
+			0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef, 0xd99be7ba, 0xce366f4a, 0xd4099fea,
+			0xd67cb029, 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
+			0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4, 0xe3b5d19e,
+			0x1b886a4c, 0xb81f2cc1, 0x7f516546, 0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92,
+			0x335610e9, 0x1347d66d, 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, 0xee27a9ce, 0x35c961b7, 0xede51ce1,
+			0x3cb1477a, 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
+			0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff, 0x7101a839,
+			0xdeb30c08, 0x9ce4b4d8, 0x90c15664, 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0 };
+
+	private static final int[] Tinv1 = { 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, 0x459d1ff1,
+			0x58faacab, 0x03e34b93, 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525, 0xd7e54ffc, 0xcb2ac5d7, 0x44352680,
+			0xa362b58f, 0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1, 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6,
+			0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44, 0x89c2756a,
+			0x798ef478, 0x3e58996b, 0x71b927dd, 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, 0x4adf6318, 0x311ae582,
+			0x33519760, 0x7f536245, 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994, 0x68487058, 0xfd458f19, 0x6cde9487,
+			0xf87b52b7, 0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a, 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5,
+			0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1, 0xf4da65cd,
+			0xbe0506d5, 0x6234d11f, 0xfea6c48a, 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, 0xec830b39, 0xef6040aa,
+			0x9f715e06, 0x106ebd51, 0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46, 0x8d5491b5, 0x5dc47105, 0xd406046f,
+			0x155060ff, 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777, 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db,
+			0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000, 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, 0xff0efdfb,
+			0x38850f56, 0xd5ae3d1e, 0x392d3627, 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, 0x670a0cb1, 0xe757930f,
+			0x96eeb4d2, 0x919b1b9e, 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, 0xba93e20a, 0x2aa0c0e5, 0xe0223c43,
+			0x171b121d, 0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, 0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd,
+			0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, 0xdc31d7ca,
+			0x85634210, 0x22971340, 0x11c68420, 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 0x2f9e1d4b, 0x30b2dcf3,
+			0x52860dec, 0xe3c177d0, 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722, 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8,
+			0x903322ef, 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836, 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4,
+			0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5, 0x805d9fbe,
+			0x93d0697c, 0x2dd56fa9, 0x1225cfb3, 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, 0x7826cd09, 0x18596ef4,
+			0xb79aec01, 0x9a4f83a8, 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6, 0x9be7bad9, 0x366f4ace, 0x099fead4,
+			0x7cb029d6, 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315,
+			0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df, 0xb5d19ee3,
+			0x886a4c1b, 0x1f2cc1b8, 0x5165467f, 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, 0x1d67b35a, 0xd2db9252,
+			0x5610e933, 0x47d66d13, 0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89, 0x27a9ceee, 0xc961b735, 0xe51ce1ed,
+			0xb1477a3c, 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf, 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886,
+			0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41, 0x01a83971,
+			0xb30c08de, 0xe4b4d89c, 0xc1566490, 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042 };
+
+	private static final int[] Tinv2 = { 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, 0x9d1ff145,
+			0xfaacab58, 0xe34b9303, 0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c, 0xe54ffcd7, 0x2ac5d7cb, 0x35268044,
+			0x62b58fa3, 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9,
+			0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8, 0xc2756a89,
+			0x8ef47879, 0x58996b3e, 0xb927dd71, 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, 0xdf63184a, 0x1ae58231,
+			0x51976033, 0x5362457f, 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b, 0x48705868, 0x458f19fd, 0xde94876c,
+			0x7b52b7f8, 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab, 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508,
+			0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82, 0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2, 0xda65cdf4,
+			0x0506d5be, 0x34d11f62, 0xa6c48afe, 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, 0x830b39ec, 0x6040aaef,
+			0x715e069f, 0x6ebd5110, 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, 0x5491b58d, 0xc471055d, 0x06046fd4,
+			0x5060ff15, 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e, 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee,
+			0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000, 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, 0x0efdfbff,
+			0x850f5638, 0xae3d1ed5, 0x2d362739, 0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, 0x0a0cb167, 0x57930fe7,
+			0xeeb4d296, 0x9b1b9e91, 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, 0x93e20aba, 0xa0c0e52a, 0x223c43e0,
+			0x1b121d17, 0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60,
+			0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, 0x31d7cadc,
+			0x63421085, 0x97134022, 0xc6842011, 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 0x9e1d4b2f, 0xb2dcf330,
+			0x860dec52, 0xc177d0e3, 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264, 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c,
+			0x3322ef90, 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf,
+			0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af, 0x5d9fbe80,
+			0xd0697c93, 0xd56fa92d, 0x25cfb312, 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, 0x26cd0978, 0x596ef418,
+			0x9aec01b7, 0x4f83a89a, 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8, 0xe7bad99b, 0x6f4ace36, 0x9fead409,
+			0xb029d67c, 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8,
+			0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04, 0xd19ee3b5,
+			0x6a4c1b88, 0x2cc1b81f, 0x65467f51, 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41, 0x67b35a1d, 0xdb9252d2,
+			0x10e93356, 0xd66d1347, 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c, 0xa9ceee27, 0x61b735c9, 0x1ce1ede5,
+			0x477a3cb1, 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37, 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db,
+			0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195, 0xa8397101,
+			0x0c08deb3, 0xb4d89ce4, 0x566490c1, 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257 };
+
+	private static final int[] Tinv3 = { 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, 0x1ff1459d,
+			0xacab58fa, 0x4b9303e3, 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02, 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435,
+			0xb58fa362, 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3,
+			0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9, 0x756a89c2,
+			0xf478798e, 0x996b3e58, 0x27dd71b9, 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, 0x63184adf, 0xe582311a,
+			0x97603351, 0x62457f53, 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, 0x70586848, 0x8f19fd45, 0x94876cde,
+			0x52b7f87b, 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55, 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837,
+			0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216, 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269, 0x65cdf4da,
+			0x06d5be05, 0xd11f6234, 0xc48afea6, 0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6, 0x0b39ec83, 0x40aaef60,
+			0x5e069f71, 0xbd51106e, 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, 0x91b58d54, 0x71055dc4, 0x046fd406,
+			0x60ff1550, 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9, 0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8,
+			0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000, 0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, 0xfdfbff0e,
+			0x0f563885, 0x3d1ed5ae, 0x3627392d, 0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, 0x0cb1670a, 0x930fe757,
+			0xb4d296ee, 0x1b9e919b, 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, 0xe20aba93, 0xc0e52aa0, 0x3c43e022,
+			0x121d171b, 0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f,
+			0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, 0xd7cadc31,
+			0x42108563, 0x13402297, 0x842011c6, 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, 0x1d4b2f9e, 0xdcf330b2,
+			0x0dec5286, 0x77d0e3c1, 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9, 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d,
+			0x22ef9033, 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad,
+			0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3, 0x9fbe805d,
+			0x697c93d0, 0x6fa92dd5, 0xcfb31225, 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, 0xcd097826, 0x6ef41859,
+			0xec01b79a, 0x83a89a4f, 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815, 0xbad99be7, 0x4ace366f, 0xead4099f,
+			0x29d67cb0, 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7,
+			0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496, 0x9ee3b5d1,
+			0x4c1b886a, 0xc1b81f2c, 0x467f5165, 0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b, 0xb35a1d67, 0x9252d2db,
+			0xe9335610, 0x6d1347d6, 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13, 0xceee27a9, 0xb735c961, 0xe1ede51c,
+			0x7a3cb147, 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7, 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44,
+			0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d, 0x397101a8,
+			0x08deb30c, 0xd89ce4b4, 0x6490c156, 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8 };
+
+	private int shift(int r, int shift)
+	{
+		return (((r >>> shift) | (r << (32 - shift))));
+	}
+
+	/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
+
+	private static final int m1 = 0x80808080;
+	private static final int m2 = 0x7f7f7f7f;
+	private static final int m3 = 0x0000001b;
+
+	private int FFmulX(int x)
+	{
+		return (((x & m2) << 1) ^ (((x & m1) >>> 7) * m3));
+	}
+
+	/*
+	 * The following defines provide alternative definitions of FFmulX that
+	 * might give improved performance if a fast 32-bit multiply is not
+	 * available.
+	 * 
+	 * private int FFmulX(int x) { int u = x & m1; u |= (u >> 1); return ((x &
+	 * m2) < < 1) ^ ((u >>> 3) | (u >>> 6)); } private static final int m4 =
+	 * 0x1b1b1b1b; private int FFmulX(int x) { int u = x & m1; return ((x & m2) < <
+	 * 1) ^ ((u - (u >>> 7)) & m4); }
+	 * 
+	 */
+
+	private int inv_mcol(int x)
+	{
+		int f2 = FFmulX(x);
+		int f4 = FFmulX(f2);
+		int f8 = FFmulX(f4);
+		int f9 = x ^ f8;
+
+		return f2 ^ f4 ^ f8 ^ shift(f2 ^ f9, 8) ^ shift(f4 ^ f9, 16) ^ shift(f9, 24);
+	}
+
+	private int subWord(int x)
+	{
+		return (S[x & 255] & 255 | ((S[(x >> 8) & 255] & 255) << 8) | ((S[(x >> 16) & 255] & 255) << 16) | S[(x >> 24) & 255] << 24);
+	}
+
+	/**
+	 * Calculate the necessary round keys The number of calculations depends on
+	 * key size and block size AES specified a fixed block size of 128 bits and
+	 * key sizes 128/192/256 bits This code is written assuming those are the
+	 * only possible values
+	 */
+	private int[][] generateWorkingKey(byte[] key, boolean forEncryption)
+	{
+		int KC = key.length / 4; // key length in words
+		int t;
+
+		if (((KC != 4) && (KC != 6) && (KC != 8)) || ((KC * 4) != key.length))
+		{
+			throw new IllegalArgumentException("Key length not 128/192/256 bits.");
+		}
+
+		ROUNDS = KC + 6; // This is not always true for the generalized
+		// Rijndael that allows larger block sizes
+		int[][] W = new int[ROUNDS + 1][4]; // 4 words in a block
+
+		//
+		// copy the key into the round key array
+		//
+
+		t = 0;
+		for (int i = 0; i < key.length; t++)
+		{
+			W[t >> 2][t & 3] = (key[i] & 0xff) | ((key[i + 1] & 0xff) << 8) | ((key[i + 2] & 0xff) << 16)
+					| (key[i + 3] << 24);
+			i += 4;
+		}
+
+		//
+		// while not enough round key material calculated
+		// calculate new values
+		//
+		int k = (ROUNDS + 1) << 2;
+		for (int i = KC; (i < k); i++)
+		{
+			int temp = W[(i - 1) >> 2][(i - 1) & 3];
+			if ((i % KC) == 0)
+			{
+				temp = subWord(shift(temp, 8)) ^ rcon[(i / KC) - 1];
+			}
+			else if ((KC > 6) && ((i % KC) == 4))
+			{
+				temp = subWord(temp);
+			}
+
+			W[i >> 2][i & 3] = W[(i - KC) >> 2][(i - KC) & 3] ^ temp;
+		}
+
+		if (!forEncryption)
+		{
+			for (int j = 1; j < ROUNDS; j++)
+			{
+				for (int i = 0; i < 4; i++)
+				{
+					W[j][i] = inv_mcol(W[j][i]);
+				}
+			}
+		}
+
+		return W;
+	}
+
+	private int ROUNDS;
+	private int[][] WorkingKey = null;
+	private int C0, C1, C2, C3;
+	private boolean doEncrypt;
+
+	private static final int BLOCK_SIZE = 16;
+
+	/**
+	 * default constructor - 128 bit block size.
+	 */
+	public AES()
+	{
+	}
+
+	/**
+	 * initialise an AES cipher.
+	 * 
+	 * @param forEncryption
+	 *            whether or not we are for encryption.
+	 * @param key
+	 *            the key required to set up the cipher.
+	 * @exception IllegalArgumentException
+	 *                if the params argument is inappropriate.
+	 */
+
+	public final void init(boolean forEncryption, byte[] key)
+	{
+		WorkingKey = generateWorkingKey(key, forEncryption);
+		this.doEncrypt = forEncryption;
+	}
+
+	public final String getAlgorithmName()
+	{
+		return "AES";
+	}
+
+	public final int getBlockSize()
+	{
+		return BLOCK_SIZE;
+	}
+
+	public final int processBlock(byte[] in, int inOff, byte[] out, int outOff)
+	{
+		if (WorkingKey == null)
+		{
+			throw new IllegalStateException("AES engine not initialised");
+		}
+
+		if ((inOff + (32 / 2)) > in.length)
+		{
+			throw new IllegalArgumentException("input buffer too short");
+		}
+
+		if ((outOff + (32 / 2)) > out.length)
+		{
+			throw new IllegalArgumentException("output buffer too short");
+		}
+
+		if (doEncrypt)
+		{
+			unpackBlock(in, inOff);
+			encryptBlock(WorkingKey);
+			packBlock(out, outOff);
+		}
+		else
+		{
+			unpackBlock(in, inOff);
+			decryptBlock(WorkingKey);
+			packBlock(out, outOff);
+		}
+
+		return BLOCK_SIZE;
+	}
+
+	public final void reset()
+	{
+	}
+
+	private void unpackBlock(byte[] bytes, int off)
+	{
+		int index = off;
+
+		C0 = (bytes[index++] & 0xff);
+		C0 |= (bytes[index++] & 0xff) << 8;
+		C0 |= (bytes[index++] & 0xff) << 16;
+		C0 |= bytes[index++] << 24;
+
+		C1 = (bytes[index++] & 0xff);
+		C1 |= (bytes[index++] & 0xff) << 8;
+		C1 |= (bytes[index++] & 0xff) << 16;
+		C1 |= bytes[index++] << 24;
+
+		C2 = (bytes[index++] & 0xff);
+		C2 |= (bytes[index++] & 0xff) << 8;
+		C2 |= (bytes[index++] & 0xff) << 16;
+		C2 |= bytes[index++] << 24;
+
+		C3 = (bytes[index++] & 0xff);
+		C3 |= (bytes[index++] & 0xff) << 8;
+		C3 |= (bytes[index++] & 0xff) << 16;
+		C3 |= bytes[index++] << 24;
+	}
+
+	private void packBlock(byte[] bytes, int off)
+	{
+		int index = off;
+
+		bytes[index++] = (byte) C0;
+		bytes[index++] = (byte) (C0 >> 8);
+		bytes[index++] = (byte) (C0 >> 16);
+		bytes[index++] = (byte) (C0 >> 24);
+
+		bytes[index++] = (byte) C1;
+		bytes[index++] = (byte) (C1 >> 8);
+		bytes[index++] = (byte) (C1 >> 16);
+		bytes[index++] = (byte) (C1 >> 24);
+
+		bytes[index++] = (byte) C2;
+		bytes[index++] = (byte) (C2 >> 8);
+		bytes[index++] = (byte) (C2 >> 16);
+		bytes[index++] = (byte) (C2 >> 24);
+
+		bytes[index++] = (byte) C3;
+		bytes[index++] = (byte) (C3 >> 8);
+		bytes[index++] = (byte) (C3 >> 16);
+		bytes[index++] = (byte) (C3 >> 24);
+	}
+
+	private void encryptBlock(int[][] KW)
+	{
+		int r, r0, r1, r2, r3;
+
+		C0 ^= KW[0][0];
+		C1 ^= KW[0][1];
+		C2 ^= KW[0][2];
+		C3 ^= KW[0][3];
+
+		for (r = 1; r < ROUNDS - 1;)
+		{
+			r0 = T0[C0 & 255] ^ T1[(C1 >> 8) & 255] ^ T2[(C2 >> 16) & 255] ^ T3[(C3 >> 24) & 255] ^ KW[r][0];
+			r1 = T0[C1 & 255] ^ T1[(C2 >> 8) & 255] ^ T2[(C3 >> 16) & 255] ^ T3[(C0 >> 24) & 255] ^ KW[r][1];
+			r2 = T0[C2 & 255] ^ T1[(C3 >> 8) & 255] ^ T2[(C0 >> 16) & 255] ^ T3[(C1 >> 24) & 255] ^ KW[r][2];
+			r3 = T0[C3 & 255] ^ T1[(C0 >> 8) & 255] ^ T2[(C1 >> 16) & 255] ^ T3[(C2 >> 24) & 255] ^ KW[r++][3];
+			C0 = T0[r0 & 255] ^ T1[(r1 >> 8) & 255] ^ T2[(r2 >> 16) & 255] ^ T3[(r3 >> 24) & 255] ^ KW[r][0];
+			C1 = T0[r1 & 255] ^ T1[(r2 >> 8) & 255] ^ T2[(r3 >> 16) & 255] ^ T3[(r0 >> 24) & 255] ^ KW[r][1];
+			C2 = T0[r2 & 255] ^ T1[(r3 >> 8) & 255] ^ T2[(r0 >> 16) & 255] ^ T3[(r1 >> 24) & 255] ^ KW[r][2];
+			C3 = T0[r3 & 255] ^ T1[(r0 >> 8) & 255] ^ T2[(r1 >> 16) & 255] ^ T3[(r2 >> 24) & 255] ^ KW[r++][3];
+		}
+
+		r0 = T0[C0 & 255] ^ T1[(C1 >> 8) & 255] ^ T2[(C2 >> 16) & 255] ^ T3[(C3 >> 24) & 255] ^ KW[r][0];
+		r1 = T0[C1 & 255] ^ T1[(C2 >> 8) & 255] ^ T2[(C3 >> 16) & 255] ^ T3[(C0 >> 24) & 255] ^ KW[r][1];
+		r2 = T0[C2 & 255] ^ T1[(C3 >> 8) & 255] ^ T2[(C0 >> 16) & 255] ^ T3[(C1 >> 24) & 255] ^ KW[r][2];
+		r3 = T0[C3 & 255] ^ T1[(C0 >> 8) & 255] ^ T2[(C1 >> 16) & 255] ^ T3[(C2 >> 24) & 255] ^ KW[r++][3];
+
+		// the final round's table is a simple function of S so we don't use a
+		// whole other four tables for it
+
+		C0 = (S[r0 & 255] & 255) ^ ((S[(r1 >> 8) & 255] & 255) << 8) ^ ((S[(r2 >> 16) & 255] & 255) << 16)
+				^ (S[(r3 >> 24) & 255] << 24) ^ KW[r][0];
+		C1 = (S[r1 & 255] & 255) ^ ((S[(r2 >> 8) & 255] & 255) << 8) ^ ((S[(r3 >> 16) & 255] & 255) << 16)
+				^ (S[(r0 >> 24) & 255] << 24) ^ KW[r][1];
+		C2 = (S[r2 & 255] & 255) ^ ((S[(r3 >> 8) & 255] & 255) << 8) ^ ((S[(r0 >> 16) & 255] & 255) << 16)
+				^ (S[(r1 >> 24) & 255] << 24) ^ KW[r][2];
+		C3 = (S[r3 & 255] & 255) ^ ((S[(r0 >> 8) & 255] & 255) << 8) ^ ((S[(r1 >> 16) & 255] & 255) << 16)
+				^ (S[(r2 >> 24) & 255] << 24) ^ KW[r][3];
+
+	}
+
+	private void decryptBlock(int[][] KW)
+	{
+		int r, r0, r1, r2, r3;
+
+		C0 ^= KW[ROUNDS][0];
+		C1 ^= KW[ROUNDS][1];
+		C2 ^= KW[ROUNDS][2];
+		C3 ^= KW[ROUNDS][3];
+
+		for (r = ROUNDS - 1; r > 1;)
+		{
+			r0 = Tinv0[C0 & 255] ^ Tinv1[(C3 >> 8) & 255] ^ Tinv2[(C2 >> 16) & 255] ^ Tinv3[(C1 >> 24) & 255]
+					^ KW[r][0];
+			r1 = Tinv0[C1 & 255] ^ Tinv1[(C0 >> 8) & 255] ^ Tinv2[(C3 >> 16) & 255] ^ Tinv3[(C2 >> 24) & 255]
+					^ KW[r][1];
+			r2 = Tinv0[C2 & 255] ^ Tinv1[(C1 >> 8) & 255] ^ Tinv2[(C0 >> 16) & 255] ^ Tinv3[(C3 >> 24) & 255]
+					^ KW[r][2];
+			r3 = Tinv0[C3 & 255] ^ Tinv1[(C2 >> 8) & 255] ^ Tinv2[(C1 >> 16) & 255] ^ Tinv3[(C0 >> 24) & 255]
+					^ KW[r--][3];
+			C0 = Tinv0[r0 & 255] ^ Tinv1[(r3 >> 8) & 255] ^ Tinv2[(r2 >> 16) & 255] ^ Tinv3[(r1 >> 24) & 255]
+					^ KW[r][0];
+			C1 = Tinv0[r1 & 255] ^ Tinv1[(r0 >> 8) & 255] ^ Tinv2[(r3 >> 16) & 255] ^ Tinv3[(r2 >> 24) & 255]
+					^ KW[r][1];
+			C2 = Tinv0[r2 & 255] ^ Tinv1[(r1 >> 8) & 255] ^ Tinv2[(r0 >> 16) & 255] ^ Tinv3[(r3 >> 24) & 255]
+					^ KW[r][2];
+			C3 = Tinv0[r3 & 255] ^ Tinv1[(r2 >> 8) & 255] ^ Tinv2[(r1 >> 16) & 255] ^ Tinv3[(r0 >> 24) & 255]
+					^ KW[r--][3];
+		}
+
+		r0 = Tinv0[C0 & 255] ^ Tinv1[(C3 >> 8) & 255] ^ Tinv2[(C2 >> 16) & 255] ^ Tinv3[(C1 >> 24) & 255] ^ KW[r][0];
+		r1 = Tinv0[C1 & 255] ^ Tinv1[(C0 >> 8) & 255] ^ Tinv2[(C3 >> 16) & 255] ^ Tinv3[(C2 >> 24) & 255] ^ KW[r][1];
+		r2 = Tinv0[C2 & 255] ^ Tinv1[(C1 >> 8) & 255] ^ Tinv2[(C0 >> 16) & 255] ^ Tinv3[(C3 >> 24) & 255] ^ KW[r][2];
+		r3 = Tinv0[C3 & 255] ^ Tinv1[(C2 >> 8) & 255] ^ Tinv2[(C1 >> 16) & 255] ^ Tinv3[(C0 >> 24) & 255] ^ KW[r--][3];
+
+		// the final round's table is a simple function of Si so we don't use a
+		// whole other four tables for it
+
+		C0 = (Si[r0 & 255] & 255) ^ ((Si[(r3 >> 8) & 255] & 255) << 8) ^ ((Si[(r2 >> 16) & 255] & 255) << 16)
+				^ (Si[(r1 >> 24) & 255] << 24) ^ KW[0][0];
+		C1 = (Si[r1 & 255] & 255) ^ ((Si[(r0 >> 8) & 255] & 255) << 8) ^ ((Si[(r3 >> 16) & 255] & 255) << 16)
+				^ (Si[(r2 >> 24) & 255] << 24) ^ KW[0][1];
+		C2 = (Si[r2 & 255] & 255) ^ ((Si[(r1 >> 8) & 255] & 255) << 8) ^ ((Si[(r0 >> 16) & 255] & 255) << 16)
+				^ (Si[(r3 >> 24) & 255] << 24) ^ KW[0][2];
+		C3 = (Si[r3 & 255] & 255) ^ ((Si[(r2 >> 8) & 255] & 255) << 8) ^ ((Si[(r1 >> 16) & 255] & 255) << 16)
+				^ (Si[(r0 >> 24) & 255] << 24) ^ KW[0][3];
+	}
+
+	public void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff)
+	{
+		processBlock(src, srcoff, dst, dstoff);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipher.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipher.java
new file mode 100644
index 0000000..b8cdce5
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipher.java
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.cipher;
+
+/**
+ * BlockCipher.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public interface BlockCipher
+{
+	public void init(boolean forEncryption, byte[] key);
+
+	public int getBlockSize();
+
+	public void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff);
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipherFactory.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipherFactory.java
new file mode 100644
index 0000000..1f93336
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipherFactory.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.cipher;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Vector;
+
+/**
+ * BlockCipherFactory.
+ *
+ * @author Christian Plattner
+ * @version $Id: BlockCipherFactory.java 29 2011-05-28 21:28:32Z dkocher@sudo.ch $
+ */
+public class BlockCipherFactory
+{
+	private static final class CipherEntry
+	{
+		String type;
+		int blocksize;
+		int keysize;
+		String cipherClass;
+
+		public CipherEntry(String type, int blockSize, int keySize, String cipherClass)
+		{
+			this.type = type;
+			this.blocksize = blockSize;
+			this.keysize = keySize;
+			this.cipherClass = cipherClass;
+		}
+	}
+
+	private static final List<CipherEntry> ciphers = new Vector<CipherEntry>();
+
+	static
+	{
+		/* Higher Priority First */
+		ciphers.add(new CipherEntry("aes128-ctr", 16, 16, "ch.ethz.ssh2.crypto.cipher.AES"));
+		ciphers.add(new CipherEntry("aes192-ctr", 16, 24, "ch.ethz.ssh2.crypto.cipher.AES"));
+		ciphers.add(new CipherEntry("aes256-ctr", 16, 32, "ch.ethz.ssh2.crypto.cipher.AES"));
+		ciphers.add(new CipherEntry("blowfish-ctr", 8, 16, "ch.ethz.ssh2.crypto.cipher.BlowFish"));
+
+		ciphers.add(new CipherEntry("aes128-cbc", 16, 16, "ch.ethz.ssh2.crypto.cipher.AES"));
+		ciphers.add(new CipherEntry("aes192-cbc", 16, 24, "ch.ethz.ssh2.crypto.cipher.AES"));
+		ciphers.add(new CipherEntry("aes256-cbc", 16, 32, "ch.ethz.ssh2.crypto.cipher.AES"));
+		ciphers.add(new CipherEntry("blowfish-cbc", 8, 16, "ch.ethz.ssh2.crypto.cipher.BlowFish"));
+
+		ciphers.add(new CipherEntry("3des-ctr", 8, 24, "ch.ethz.ssh2.crypto.cipher.DESede"));
+		ciphers.add(new CipherEntry("3des-cbc", 8, 24, "ch.ethz.ssh2.crypto.cipher.DESede"));
+	}
+
+	public static String[] getDefaultCipherList()
+	{
+		List<String> list = new ArrayList<String>(ciphers.size());
+		for (CipherEntry ce : ciphers)
+		{
+			list.add(ce.type);
+		}
+		return list.toArray(new String[ciphers.size()]);
+	}
+
+	public static void checkCipherList(String[] cipherCandidates)
+	{
+		for (String cipherCandidate : cipherCandidates)
+		{
+			getEntry(cipherCandidate);
+		}
+	}
+
+	//	@SuppressWarnings("rawtypes")
+	public static BlockCipher createCipher(String type, boolean encrypt, byte[] key, byte[] iv)
+	{
+		try
+		{
+			CipherEntry ce = getEntry(type);
+			Class cc = Class.forName(ce.cipherClass);
+			BlockCipher bc = (BlockCipher) cc.newInstance();
+
+			if (type.endsWith("-cbc"))
+			{
+				bc.init(encrypt, key);
+				return new CBCMode(bc, iv, encrypt);
+			}
+			else if (type.endsWith("-ctr"))
+			{
+				bc.init(true, key);
+				return new CTRMode(bc, iv, encrypt);
+			}
+			throw new IllegalArgumentException("Cannot instantiate " + type);
+		}
+		catch (ClassNotFoundException e)
+		{
+			throw new IllegalArgumentException("Cannot instantiate " + type, e);
+		}
+		catch (InstantiationException e)
+		{
+			throw new IllegalArgumentException("Cannot instantiate " + type, e);
+		}
+		catch (IllegalAccessException e)
+		{
+			throw new IllegalArgumentException("Cannot instantiate " + type, e);
+		}
+	}
+
+	private static CipherEntry getEntry(String type)
+	{
+		for (CipherEntry ce : ciphers)
+		{
+			if (ce.type.equals(type))
+			{
+				return ce;
+			}
+		}
+		throw new IllegalArgumentException("Unkown algorithm " + type);
+	}
+
+	public static int getBlockSize(String type)
+	{
+		CipherEntry ce = getEntry(type);
+		return ce.blocksize;
+	}
+
+	public static int getKeySize(String type)
+	{
+		CipherEntry ce = getEntry(type);
+		return ce.keysize;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/BlowFish.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/BlowFish.java
new file mode 100644
index 0000000..ccaa931
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/BlowFish.java
@@ -0,0 +1,402 @@
+package ch.ethz.ssh2.crypto.cipher;
+
+/*
+ This file was shamelessly taken from the Bouncy Castle Crypto package.
+ Their licence file states the following:
+
+ Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
+ (http://www.bouncycastle.org)
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE. 
+ */
+
+/**
+ * A class that provides Blowfish key encryption operations, such as encoding
+ * data and generating keys. All the algorithms herein are from Applied
+ * Cryptography and implement a simplified cryptography interface.
+ * 
+ * @author See comments in the source file
+ * @version 2.50, 03/15/10
+ */
+public class BlowFish implements BlockCipher
+{
+
+	private final static int[] KP = { 0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0,
+			0x082EFA98, 0xEC4E6C89, 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C, 0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5,
+			0xB5470917, 0x9216D5D9, 0x8979FB1B },
+
+	KS0 = { 0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, 0xB8E1AFED, 0x6A267E96, 0xBA7C9045, 0xF12C7F99, 0x24A19947,
+			0xB3916CF7, 0x0801F2E2, 0x858EFC16, 0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, 0x0D95748F, 0x728EB658,
+			0x718BCD58, 0x82154AEE, 0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013, 0xC5D1B023, 0x286085F0, 0xCA417918,
+			0xB8DB38EF, 0x8E79DCB0, 0x603A180E, 0x6C9E0E8B, 0xB01E8A3E, 0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60,
+			0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, 0x55CA396A, 0x2AAB10B6, 0xB4CC5C34, 0x1141E8CE, 0xA15486AF,
+			0x7C72E993, 0xB3EE1411, 0x636FBC2A, 0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, 0xAFD6BA33, 0x6C24CF5C,
+			0x7A325381, 0x28958677, 0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193, 0x61D809CC, 0xFB21A991, 0x487CAC60,
+			0x5DEC8032, 0xEF845D5D, 0xE98575B1, 0xDC262302, 0xEB651B88, 0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239,
+			0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, 0x21C66842, 0xF6E96C9A, 0x670C9C61, 0xABD388F0, 0x6A51A0D2,
+			0xD8542F68, 0x960FA728, 0xAB5133A3, 0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, 0xA1F1651D, 0x39AF0176,
+			0x66CA593E, 0x82430E88, 0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE, 0xE06F75D8, 0x85C12073, 0x401A449F,
+			0x56C16AA6, 0x4ED3AA62, 0x363F7706, 0x1BFEDF72, 0x429B023D, 0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B,
+			0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, 0xE3FE501A, 0xB6794C3B, 0x976CE0BD, 0x04C006BA, 0xC1A94FB6,
+			0x409F60C4, 0x5E5C9EC2, 0x196A2463, 0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, 0x6DFC511F, 0x9B30952C,
+			0xCC814544, 0xAF5EBD09, 0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3, 0xC0CBA857, 0x45C8740F, 0xD20B5F39,
+			0xB9D3FBDB, 0x5579C0BD, 0x1A60320A, 0xD6A100C6, 0x402C7279, 0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8,
+			0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, 0x323DB5FA, 0xFD238760, 0x53317B48, 0x3E00DF82, 0x9E5C57BB,
+			0xCA6F8CA0, 0x1A87562E, 0xDF1769DB, 0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, 0x695B27B0, 0xBBCA58C8,
+			0xE1FFA35D, 0xB8F011A0, 0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B, 0x9A53E479, 0xB6F84565, 0xD28E49BC,
+			0x4BFB9790, 0xE1DDF2DA, 0xA4CB7E33, 0x62FB1341, 0xCEE4C6E8, 0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4,
+			0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, 0xD08ED1D0, 0xAFC725E0, 0x8E3C5B2F, 0x8E7594B7, 0x8FF6E2FB,
+			0xF2122B64, 0x8888B812, 0x900DF01C, 0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, 0x2F2F2218, 0xBE0E1777,
+			0xEA752DFE, 0x8B021FA1, 0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299, 0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81,
+			0xD2ADA8D9, 0x165FA266, 0x80957705, 0x93CC7314, 0x211A1477, 0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF,
+			0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, 0x00250E2D, 0x2071B35E, 0x226800BB, 0x57B8E0AF, 0x2464369B,
+			0xF009B91E, 0x5563911D, 0x59DFA6AA, 0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, 0x83260376, 0x6295CFA9,
+			0x11C81968, 0x4E734A41, 0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915, 0xD60F573F, 0xBC9BC6E4, 0x2B60A476,
+			0x81E67400, 0x08BA6FB5, 0x571BE91F, 0xF296EC6B, 0x2A0DD915, 0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664,
+			0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A },
+
+	KS1 = { 0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623, 0xAD6EA6B0, 0x49A7DF7D, 0x9CEE60B8, 0x8FEDB266, 0xECAA8C71,
+			0x699A17FF, 0x5664526C, 0xC2B19EE1, 0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E, 0x3F54989A, 0x5B429D65,
+			0x6B8FE4D6, 0x99F73FD6, 0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1, 0x4CDD2086, 0x8470EB26, 0x6382E9C6,
+			0x021ECC5E, 0x09686B3F, 0x3EBAEFC9, 0x3C971814, 0x6B6A70A1, 0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737,
+			0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8, 0xB03ADA37, 0xF0500C0D, 0xF01C1F04, 0x0200B3FF, 0xAE0CF51A,
+			0x3CB574B2, 0x25837A58, 0xDC0921BD, 0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701, 0x3AE5E581, 0x37C2DADC,
+			0xC8B57634, 0x9AF3DDA7, 0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41, 0xE238CD99, 0x3BEA0E2F, 0x3280BBA1,
+			0x183EB331, 0x4E548B38, 0x4F6DB908, 0x6F420D03, 0xF60A04BF, 0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF,
+			0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E, 0x5512721F, 0x2E6B7124, 0x501ADDE6, 0x9F84CD87, 0x7A584718,
+			0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C, 0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2, 0xEF1C1847, 0x3215D908,
+			0xDD433B37, 0x24C2BA16, 0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD, 0x71DFF89E, 0x10314E55, 0x81AC77D6,
+			0x5F11199B, 0x043556F1, 0xD7A3C76B, 0x3C11183B, 0x5924A509, 0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E,
+			0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3, 0x771FE71C, 0x4E3D06FA, 0x2965DCB9, 0x99E71D0F, 0x803E89D6,
+			0x5266C825, 0x2E4CC978, 0x9C10B36A, 0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4, 0xF2F74EA7, 0x361D2B3D,
+			0x1939260F, 0x19C27960, 0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66, 0xE3BC4595, 0xA67BC883, 0xB17F37D1,
+			0x018CFF28, 0xC332DDEF, 0xBE6C5AA5, 0x65582185, 0x68AB9802, 0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84,
+			0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510, 0x13CCA830, 0xEB61BD96, 0x0334FE1E, 0xAA0363CF, 0xB5735C90,
+			0x4C70A239, 0xD59E9E0B, 0xCBAADE14, 0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E, 0x648B1EAF, 0x19BDF0CA,
+			0xA02369B9, 0x655ABB50, 0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7, 0x9B540B19, 0x875FA099, 0x95F7997E,
+			0x623D7DA8, 0xF837889A, 0x97E32D77, 0x11ED935F, 0x16681281, 0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99,
+			0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696, 0xCDB30AEB, 0x532E3054, 0x8FD948E4, 0x6DBC3128, 0x58EBF2EF,
+			0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73, 0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0, 0x45EEE2B6, 0xA3AAABEA,
+			0xDB6C4F15, 0xFACB4FD0, 0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105, 0xD81E799E, 0x86854DC7, 0xE44B476A,
+			0x3D816250, 0xCF62A1F2, 0x5B8D2646, 0xFC8883A0, 0xC1C7B6A3, 0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285,
+			0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00, 0x58428D2A, 0x0C55F5EA, 0x1DADF43E, 0x233F7061, 0x3372F092,
+			0x8D937E41, 0xD65FECF1, 0x6C223BDB, 0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E, 0xA6078084, 0x19F8509E,
+			0xE8EFD855, 0x61D99735, 0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC, 0x9E447A2E, 0xC3453484, 0xFDD56705,
+			0x0E1E9EC9, 0xDB73DBD3, 0x105588CD, 0x675FDA79, 0xE3674340, 0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20,
+			0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7 },
+
+	KS2 = { 0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, 0x411520F7, 0x7602D4F7, 0xBCF46B2E, 0xD4A20068, 0xD4082471,
+			0x3320F46A, 0x43B7D4B7, 0x500061AF, 0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, 0x4D95FC1D, 0x96B591AF,
+			0x70F4DDD3, 0x66A02F45, 0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504, 0x96EB27B3, 0x55FD3941, 0xDA2547E6,
+			0xABCA0A9A, 0x28507825, 0x530429F4, 0x0A2C86DA, 0xE9B66DFB, 0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE,
+			0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, 0xAACE1E7C, 0xD3375FEC, 0xCE78A399, 0x406B2A42, 0x20FE9E35,
+			0xD9F385B9, 0xEE39D7AB, 0x3B124E8B, 0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, 0x3A6EFA74, 0xDD5B4332,
+			0x6841E7F7, 0xCA7820FB, 0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527, 0x55533A3A, 0x20838D87, 0xFE6BA9B7,
+			0xD096954B, 0x55A867BC, 0xA1159A58, 0xCCA92963, 0x99E1DB33, 0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C,
+			0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, 0x95C11548, 0xE4C66D22, 0x48C1133F, 0xC70F86DC, 0x07F9C9EE,
+			0x41041F0F, 0x404779A4, 0x5D886E17, 0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, 0x257B7834, 0x602A9C60,
+			0xDFF8E8A3, 0x1F636C1B, 0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115, 0x6B2395E0, 0x333E92E1, 0x3B240B62,
+			0xEEBEB922, 0x85B2A20E, 0xE6BA0D99, 0xDE720C8C, 0x2DA2F728, 0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0,
+			0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, 0x0A476341, 0x992EFF74, 0x3A6F6EAB, 0xF4F8FD37, 0xA812DC60,
+			0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D, 0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, 0xF1290DC7, 0xCC00FFA3,
+			0xB5390F92, 0x690FED0B, 0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3, 0xBB132F88, 0x515BAD24, 0x7B9479BF,
+			0x763BD6EB, 0x37392EB3, 0xCC115979, 0x8026E297, 0xF42E312D, 0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C,
+			0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, 0x1A6B1018, 0x11CAEDFA, 0x3D25BDD8, 0xE2E1C3C9, 0x44421659,
+			0x0A121386, 0xD90CEC6E, 0xD5ABEA2A, 0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, 0x9DBC8057, 0xF0F7C086,
+			0x60787BF8, 0x6003604D, 0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC, 0x83426B33, 0xF01EAB71, 0xB0804187,
+			0x3C005E5F, 0x77A057BE, 0xBDE8AE24, 0x55464299, 0xBF582E61, 0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2,
+			0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, 0x7AEB2661, 0x8B1DDF84, 0x846A0E79, 0x915F95E2, 0x466E598E,
+			0x20B45770, 0x8CD55591, 0xC902DE4C, 0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, 0xB77F19B6, 0xE0A9DC09,
+			0x662D09A1, 0xC4324633, 0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10, 0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F,
+			0x2868F169, 0xDCB7DA83, 0x573906FE, 0xA1E2CE9B, 0x4FCD7F52, 0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027,
+			0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, 0xF0177A28, 0xC0F586E0, 0x006058AA, 0x30DC7D62, 0x11E69ED7,
+			0x2338EA63, 0x53C2DD94, 0xC2C21634, 0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, 0x6F05E409, 0x4B7C0188,
+			0x39720A3D, 0x7C927C24, 0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC, 0xED545578, 0x08FCA5B5, 0xD83D7CD3,
+			0x4DAD0FC4, 0x1E50EF5E, 0xB161E6F8, 0xA28514D9, 0x6C51133C, 0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837,
+			0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0 },
+
+	KS3 = { 0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, 0x5CB0679E, 0x4FA33742, 0xD3822740, 0x99BC9BBE, 0xD5118E9D,
+			0xBF0F7315, 0xD62D1C7E, 0xC700C47B, 0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, 0x5748AB2F, 0xBC946E79,
+			0xC6A376D2, 0x6549C2C8, 0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6, 0x2939BBDB, 0xA9BA4650, 0xAC9526E8,
+			0xBE5EE304, 0xA1FAD5F0, 0x6A2D519A, 0x63EF8CE2, 0x9A86EE22, 0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4,
+			0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, 0x2826A2F9, 0xA73A3AE1, 0x4BA99586, 0xEF5562E9, 0xC72FEFD3,
+			0xF752F7DA, 0x3F046F69, 0x77FA0A59, 0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, 0xE990FD5A, 0x9E34D797,
+			0x2CF0B7D9, 0x022B8B51, 0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28, 0x1F9F25CF, 0xADF2B89B, 0x5AD6B472,
+			0x5A88F54C, 0xE029AC71, 0xE019A5E6, 0x47B0ACFD, 0xED93FA9B, 0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28,
+			0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, 0x15056DD4, 0x88F46DBA, 0x03A16125, 0x0564F0BD, 0xC3EB9E15,
+			0x3C9057A2, 0x97271AEC, 0xA93A072A, 0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, 0x7533D928, 0xB155FDF5,
+			0x03563482, 0x8ABA3CBB, 0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F, 0x4DE81751, 0x3830DC8E, 0x379D5862,
+			0x9320F991, 0xEA7A90C2, 0xFB3E7BCE, 0x5121CE64, 0x774FBE32, 0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680,
+			0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, 0xB39A460A, 0x6445C0DD, 0x586CDECF, 0x1C20C8AE, 0x5BBEF7DD,
+			0x1B588D40, 0xCCD2017F, 0x6BB4E3BB, 0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, 0x72EACEA8, 0xFA6484BB,
+			0x8D6612AE, 0xBF3C6F47, 0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370, 0x740E0D8D, 0xE75B1357, 0xF8721671,
+			0xAF537D5D, 0x4040CB08, 0x4EB4E2CC, 0x34D2466A, 0x0115AF84, 0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048,
+			0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, 0x611560B1, 0xE7933FDC, 0xBB3A792B, 0x344525BD, 0xA08839E1,
+			0x51CE794B, 0x2F32C9B7, 0xA01FBAC9, 0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, 0x1A908749, 0xD44FBD9A,
+			0xD0DADECB, 0xD50ADA38, 0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F, 0xF79E59B7, 0x43F5BB3A, 0xF2D519FF,
+			0x27D9459C, 0xBF97222C, 0x15E6FC2A, 0x0F91FC71, 0x9B941525, 0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1,
+			0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, 0xE0EC6E0E, 0x1698DB3B, 0x4C98A0BE, 0x3278E964, 0x9F1F9532,
+			0xE0D392DF, 0xD3A0342B, 0x8971F21E, 0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, 0xDF359F8D, 0x9B992F2E,
+			0xE60B6F47, 0x0FE3F11D, 0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F, 0x1618B166, 0xFD2C1D05, 0x848FD2C5,
+			0xF6FB2299, 0xF523F357, 0xA6327623, 0x93A83531, 0x56CCCD02, 0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC,
+			0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, 0xE6C6C7BD, 0x327A140A, 0x45E1D006, 0xC3F27B9A, 0xC9AA53FD,
+			0x62A80F00, 0xBB25BFE2, 0x35BDD2F6, 0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, 0x53113EC0, 0x1640E3D3,
+			0x38ABBD60, 0x2547ADF0, 0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060, 0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0,
+			0x4CF9AA7E, 0x1948C25C, 0x02FB8A8C, 0x01C36AE4, 0xD6EBE1F9, 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F,
+			0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6 };
+
+	// ====================================
+	// Useful constants
+	// ====================================
+
+	private static final int ROUNDS = 16;
+	private static final int BLOCK_SIZE = 8; // bytes = 64 bits
+	private static final int SBOX_SK = 256;
+	private static final int P_SZ = ROUNDS + 2;
+
+	private final int[] S0, S1, S2, S3; // the s-boxes
+	private final int[] P; // the p-array
+
+	private boolean doEncrypt = false;
+
+	private byte[] workingKey = null;
+
+	public BlowFish()
+	{
+		S0 = new int[SBOX_SK];
+		S1 = new int[SBOX_SK];
+		S2 = new int[SBOX_SK];
+		S3 = new int[SBOX_SK];
+		P = new int[P_SZ];
+	}
+
+	/**
+	 * initialise a Blowfish cipher.
+	 * 
+	 * @param encrypting
+	 *            whether or not we are for encryption.
+	 * @param key
+	 *            the key required to set up the cipher.
+	 * @exception IllegalArgumentException
+	 *                if the params argument is inappropriate.
+	 */
+	public void init(boolean encrypting, byte[] key)
+	{
+		this.doEncrypt = encrypting;
+		this.workingKey = key;
+		setKey(this.workingKey);
+	}
+
+	public String getAlgorithmName()
+	{
+		return "Blowfish";
+	}
+
+	public final void transformBlock(byte[] in, int inOff, byte[] out, int outOff)
+	{
+		if (workingKey == null)
+		{
+			throw new IllegalStateException("Blowfish not initialised");
+		}
+
+		if (doEncrypt)
+		{
+			encryptBlock(in, inOff, out, outOff);
+		}
+		else
+		{
+			decryptBlock(in, inOff, out, outOff);
+		}
+	}
+
+	public void reset()
+	{
+	}
+
+	public int getBlockSize()
+	{
+		return BLOCK_SIZE;
+	}
+
+	// ==================================
+	// Private Implementation
+	// ==================================
+
+	private int F(int x)
+	{
+		return (((S0[(x >>> 24)] + S1[(x >>> 16) & 0xff]) ^ S2[(x >>> 8) & 0xff]) + S3[x & 0xff]);
+	}
+
+	/**
+	 * apply the encryption cycle to each value pair in the table.
+	 */
+	private void processTable(int xl, int xr, int[] table)
+	{
+		int size = table.length;
+
+		for (int s = 0; s < size; s += 2)
+		{
+			xl ^= P[0];
+
+			for (int i = 1; i < ROUNDS; i += 2)
+			{
+				xr ^= F(xl) ^ P[i];
+				xl ^= F(xr) ^ P[i + 1];
+			}
+
+			xr ^= P[ROUNDS + 1];
+
+			table[s] = xr;
+			table[s + 1] = xl;
+
+			xr = xl; // end of cycle swap
+			xl = table[s];
+		}
+	}
+
+	private void setKey(byte[] key)
+	{
+		/*
+		 * - comments are from _Applied Crypto_, Schneier, p338 please be
+		 * careful comparing the two, AC numbers the arrays from 1, the enclosed
+		 * code from 0.
+		 * 
+		 * (1) Initialise the S-boxes and the P-array, with a fixed string This
+		 * string contains the hexadecimal digits of pi (3.141...)
+		 */
+		System.arraycopy(KS0, 0, S0, 0, SBOX_SK);
+		System.arraycopy(KS1, 0, S1, 0, SBOX_SK);
+		System.arraycopy(KS2, 0, S2, 0, SBOX_SK);
+		System.arraycopy(KS3, 0, S3, 0, SBOX_SK);
+
+		System.arraycopy(KP, 0, P, 0, P_SZ);
+
+		/*
+		 * (2) Now, XOR P[0] with the first 32 bits of the key, XOR P[1] with
+		 * the second 32-bits of the key, and so on for all bits of the key (up
+		 * to P[17]). Repeatedly cycle through the key bits until the entire
+		 * P-array has been XOR-ed with the key bits
+		 */
+		int keyLength = key.length;
+		int keyIndex = 0;
+
+		for (int i = 0; i < P_SZ; i++)
+		{
+			// get the 32 bits of the key, in 4 * 8 bit chunks
+			int data = 0x0000000;
+			for (int j = 0; j < 4; j++)
+			{
+				// create a 32 bit block
+				data = (data << 8) | (key[keyIndex++] & 0xff);
+
+				// wrap when we get to the end of the key
+				if (keyIndex >= keyLength)
+				{
+					keyIndex = 0;
+				}
+			}
+			// XOR the newly created 32 bit chunk onto the P-array
+			P[i] ^= data;
+		}
+
+		/*
+		 * (3) Encrypt the all-zero string with the Blowfish algorithm, using
+		 * the subkeys described in (1) and (2)
+		 * 
+		 * (4) Replace P1 and P2 with the output of step (3)
+		 * 
+		 * (5) Encrypt the output of step(3) using the Blowfish algorithm, with
+		 * the modified subkeys.
+		 * 
+		 * (6) Replace P3 and P4 with the output of step (5)
+		 * 
+		 * (7) Continue the process, replacing all elements of the P-array and
+		 * then all four S-boxes in order, with the output of the continuously
+		 * changing Blowfish algorithm
+		 */
+
+		processTable(0, 0, P);
+		processTable(P[P_SZ - 2], P[P_SZ - 1], S0);
+		processTable(S0[SBOX_SK - 2], S0[SBOX_SK - 1], S1);
+		processTable(S1[SBOX_SK - 2], S1[SBOX_SK - 1], S2);
+		processTable(S2[SBOX_SK - 2], S2[SBOX_SK - 1], S3);
+	}
+
+	/**
+	 * Encrypt the given input starting at the given offset and place the result
+	 * in the provided buffer starting at the given offset. The input will be an
+	 * exact multiple of our blocksize.
+	 */
+	private void encryptBlock(byte[] src, int srcIndex, byte[] dst, int dstIndex)
+	{
+		int xl = BytesTo32bits(src, srcIndex);
+		int xr = BytesTo32bits(src, srcIndex + 4);
+
+		xl ^= P[0];
+
+		for (int i = 1; i < ROUNDS; i += 2)
+		{
+			xr ^= F(xl) ^ P[i];
+			xl ^= F(xr) ^ P[i + 1];
+		}
+
+		xr ^= P[ROUNDS + 1];
+
+		Bits32ToBytes(xr, dst, dstIndex);
+		Bits32ToBytes(xl, dst, dstIndex + 4);
+	}
+
+	/**
+	 * Decrypt the given input starting at the given offset and place the result
+	 * in the provided buffer starting at the given offset. The input will be an
+	 * exact multiple of our blocksize.
+	 */
+	private void decryptBlock(byte[] src, int srcIndex, byte[] dst, int dstIndex)
+	{
+		int xl = BytesTo32bits(src, srcIndex);
+		int xr = BytesTo32bits(src, srcIndex + 4);
+
+		xl ^= P[ROUNDS + 1];
+
+		for (int i = ROUNDS; i > 0; i -= 2)
+		{
+			xr ^= F(xl) ^ P[i];
+			xl ^= F(xr) ^ P[i - 1];
+		}
+
+		xr ^= P[0];
+
+		Bits32ToBytes(xr, dst, dstIndex);
+		Bits32ToBytes(xl, dst, dstIndex + 4);
+	}
+
+	private int BytesTo32bits(byte[] b, int i)
+	{
+		return ((b[i] & 0xff) << 24) | ((b[i + 1] & 0xff) << 16) | ((b[i + 2] & 0xff) << 8) | ((b[i + 3] & 0xff));
+	}
+
+	private void Bits32ToBytes(int in, byte[] b, int offset)
+	{
+		b[offset + 3] = (byte) in;
+		b[offset + 2] = (byte) (in >> 8);
+		b[offset + 1] = (byte) (in >> 16);
+		b[offset] = (byte) (in >> 24);
+	}
+
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/CBCMode.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/CBCMode.java
new file mode 100644
index 0000000..fbc5d75
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/CBCMode.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.cipher;
+
+/**
+ * CBCMode.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class CBCMode implements BlockCipher
+{
+	BlockCipher tc;
+	int blockSize;
+	boolean doEncrypt;
+
+	byte[] cbc_vector;
+	byte[] tmp_vector;
+
+	public void init(boolean forEncryption, byte[] key)
+	{
+	}
+	
+	public CBCMode(BlockCipher tc, byte[] iv, boolean doEncrypt)
+			throws IllegalArgumentException
+	{
+		this.tc = tc;
+		this.blockSize = tc.getBlockSize();
+		this.doEncrypt = doEncrypt;
+
+		if (this.blockSize != iv.length)
+			throw new IllegalArgumentException("IV must be " + blockSize
+					+ " bytes long! (currently " + iv.length + ")");
+
+		this.cbc_vector = new byte[blockSize];
+		this.tmp_vector = new byte[blockSize];
+		System.arraycopy(iv, 0, cbc_vector, 0, blockSize);
+	}
+
+	public int getBlockSize()
+	{
+		return blockSize;
+	}
+
+	private void encryptBlock(byte[] src, int srcoff, byte[] dst, int dstoff)
+	{
+		for (int i = 0; i < blockSize; i++)
+			cbc_vector[i] ^= src[srcoff + i];
+
+		tc.transformBlock(cbc_vector, 0, dst, dstoff);
+
+		System.arraycopy(dst, dstoff, cbc_vector, 0, blockSize);
+	}
+
+	private void decryptBlock(byte[] src, int srcoff, byte[] dst, int dstoff)
+	{
+		/* Assume the worst, src and dst are overlapping... */
+		
+		System.arraycopy(src, srcoff, tmp_vector, 0, blockSize);
+		
+		tc.transformBlock(src, srcoff, dst, dstoff);
+		
+		for (int i = 0; i < blockSize; i++)
+			dst[dstoff + i] ^= cbc_vector[i];
+
+		/* ...that is why we need a tmp buffer. */
+		
+		byte[] swap = cbc_vector;
+		cbc_vector = tmp_vector;
+		tmp_vector = swap;
+	}
+
+	public void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff)
+	{
+		if (doEncrypt)
+			encryptBlock(src, srcoff, dst, dstoff);
+		else
+			decryptBlock(src, srcoff, dst, dstoff);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/CTRMode.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/CTRMode.java
new file mode 100644
index 0000000..55c29b8
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/CTRMode.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.cipher;
+
+/**
+ * This is CTR mode as described in draft-ietf-secsh-newmodes-XY.txt
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class CTRMode implements BlockCipher
+{
+	byte[] X;
+	byte[] Xenc;
+
+	BlockCipher bc;
+	int blockSize;
+	boolean doEncrypt;
+
+	int count = 0;
+
+	public void init(boolean forEncryption, byte[] key)
+	{
+	}
+
+	public CTRMode(BlockCipher tc, byte[] iv, boolean doEnc) throws IllegalArgumentException
+	{
+		bc = tc;
+		blockSize = bc.getBlockSize();
+		doEncrypt = doEnc;
+
+		if (blockSize != iv.length)
+			throw new IllegalArgumentException("IV must be " + blockSize + " bytes long! (currently " + iv.length + ")");
+
+		X = new byte[blockSize];
+		Xenc = new byte[blockSize];
+
+		System.arraycopy(iv, 0, X, 0, blockSize);
+	}
+
+	public final int getBlockSize()
+	{
+		return blockSize;
+	}
+
+	public final void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff)
+	{
+		bc.transformBlock(X, 0, Xenc, 0);
+
+		for (int i = 0; i < blockSize; i++)
+		{
+			dst[dstoff + i] = (byte) (src[srcoff + i] ^ Xenc[i]);
+		}
+
+		for (int i = (blockSize - 1); i >= 0; i--)
+		{
+			X[i]++;
+			if (X[i] != 0)
+				break;
+
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/CipherInputStream.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/CipherInputStream.java
new file mode 100644
index 0000000..d35c90d
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/CipherInputStream.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.cipher;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * CipherInputStream.
+ *
+ * @author Christian Plattner
+ * @version $Id: CipherInputStream.java 11 2011-05-27 14:14:06Z dkocher@sudo.ch $
+ */
+public class CipherInputStream
+{
+	BlockCipher currentCipher;
+	InputStream bi;
+	byte[] buffer;
+	byte[] enc;
+	int blockSize;
+	int pos;
+
+	/*
+	 * We cannot use java.io.BufferedInputStream, since that is not available in
+	 * J2ME. Everything could be improved alot here.
+	 */
+
+	private static final int BUFF_SIZE = 8192;
+	byte[] input_buffer = new byte[BUFF_SIZE];
+	int input_buffer_pos = 0;
+	int input_buffer_size = 0;
+
+	public CipherInputStream(BlockCipher tc, InputStream bi)
+	{
+		this.bi = bi;
+		changeCipher(tc);
+	}
+
+	private int fill_buffer() throws IOException
+	{
+		input_buffer_pos = 0;
+		input_buffer_size = 0;
+		input_buffer_size = bi.read(input_buffer, 0, BUFF_SIZE);
+		return input_buffer_size;
+	}
+
+	private int internal_read(byte[] b, int off, int len) throws IOException
+	{
+		if (input_buffer_size < 0)
+		{
+			return -1;
+		}
+
+		if (input_buffer_pos >= input_buffer_size)
+		{
+			if (fill_buffer() <= 0)
+			{
+				return -1;
+			}
+		}
+
+		int avail = input_buffer_size - input_buffer_pos;
+		int thiscopy = (len > avail) ? avail : len;
+
+		System.arraycopy(input_buffer, input_buffer_pos, b, off, thiscopy);
+		input_buffer_pos += thiscopy;
+
+		return thiscopy;
+	}
+
+	public void changeCipher(BlockCipher bc)
+	{
+		this.currentCipher = bc;
+		blockSize = bc.getBlockSize();
+		buffer = new byte[blockSize];
+		enc = new byte[blockSize];
+		pos = blockSize;
+	}
+
+	private void getBlock() throws IOException
+	{
+		int n = 0;
+		while (n < blockSize)
+		{
+			int len = internal_read(enc, n, blockSize - n);
+			if (len < 0)
+			{
+				throw new IOException("Cannot read full block, EOF reached.");
+			}
+			n += len;
+		}
+
+		try
+		{
+			currentCipher.transformBlock(enc, 0, buffer, 0);
+		}
+		catch (Exception e)
+		{
+			throw new IOException("Error while decrypting block.");
+		}
+		pos = 0;
+	}
+
+	public int read(byte[] dst) throws IOException
+	{
+		return read(dst, 0, dst.length);
+	}
+
+	public int read(byte[] dst, int off, int len) throws IOException
+	{
+		int count = 0;
+
+		while (len > 0)
+		{
+			if (pos >= blockSize)
+			{
+				getBlock();
+			}
+
+			int avail = blockSize - pos;
+			int copy = Math.min(avail, len);
+			System.arraycopy(buffer, pos, dst, off, copy);
+			pos += copy;
+			off += copy;
+			len -= copy;
+			count += copy;
+		}
+		return count;
+	}
+
+	public int read() throws IOException
+	{
+		if (pos >= blockSize)
+		{
+			getBlock();
+		}
+		return buffer[pos++] & 0xff;
+	}
+
+	public int readPlain(byte[] b, int off, int len) throws IOException
+	{
+		if (pos != blockSize)
+		{
+			throw new IOException("Cannot read plain since crypto buffer is not aligned.");
+		}
+		int n = 0;
+		while (n < len)
+		{
+			int cnt = internal_read(b, off + n, len - n);
+			if (cnt < 0)
+			{
+				throw new IOException("Cannot fill buffer, EOF reached.");
+			}
+			n += cnt;
+		}
+		return n;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/CipherOutputStream.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/CipherOutputStream.java
new file mode 100644
index 0000000..27ba410
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/CipherOutputStream.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.cipher;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * CipherOutputStream.
+ *
+ * @author Christian Plattner
+ * @version $Id: CipherOutputStream.java 11 2011-05-27 14:14:06Z dkocher@sudo.ch $
+ */
+public class CipherOutputStream
+{
+	BlockCipher currentCipher;
+	OutputStream bo;
+	byte[] buffer;
+	byte[] enc;
+	int blockSize;
+	int pos;
+
+	/*
+	 * We cannot use java.io.BufferedOutputStream, since that is not available
+	 * in J2ME. Everything could be improved here alot.
+	 */
+
+	private static final int BUFF_SIZE = 8192;
+	byte[] out_buffer = new byte[BUFF_SIZE];
+	int out_buffer_pos = 0;
+
+	public CipherOutputStream(BlockCipher tc, OutputStream bo)
+	{
+		this.bo = bo;
+		changeCipher(tc);
+	}
+
+	private void internal_write(byte[] src, int off, int len) throws IOException
+	{
+		while (len > 0)
+		{
+			int space = BUFF_SIZE - out_buffer_pos;
+			int copy = (len > space) ? space : len;
+
+			System.arraycopy(src, off, out_buffer, out_buffer_pos, copy);
+
+			off += copy;
+			out_buffer_pos += copy;
+			len -= copy;
+
+			if (out_buffer_pos >= BUFF_SIZE)
+			{
+				bo.write(out_buffer, 0, BUFF_SIZE);
+				out_buffer_pos = 0;
+			}
+		}
+	}
+
+	private void internal_write(int b) throws IOException
+	{
+		out_buffer[out_buffer_pos++] = (byte) b;
+		if (out_buffer_pos >= BUFF_SIZE)
+		{
+			bo.write(out_buffer, 0, BUFF_SIZE);
+			out_buffer_pos = 0;
+		}
+	}
+
+	public void flush() throws IOException
+	{
+		if (pos != 0)
+		{
+			throw new IOException("FATAL: cannot flush since crypto buffer is not aligned.");
+		}
+
+		if (out_buffer_pos > 0)
+		{
+			bo.write(out_buffer, 0, out_buffer_pos);
+			out_buffer_pos = 0;
+		}
+		bo.flush();
+	}
+
+	public void changeCipher(BlockCipher bc)
+	{
+		this.currentCipher = bc;
+		blockSize = bc.getBlockSize();
+		buffer = new byte[blockSize];
+		enc = new byte[blockSize];
+		pos = 0;
+	}
+
+	private void writeBlock() throws IOException
+	{
+		try
+		{
+			currentCipher.transformBlock(buffer, 0, enc, 0);
+		}
+		catch (Exception e)
+		{
+			throw (IOException) new IOException("Error while decrypting block.").initCause(e);
+		}
+
+		internal_write(enc, 0, blockSize);
+		pos = 0;
+	}
+
+	public void write(byte[] src, int off, int len) throws IOException
+	{
+		while (len > 0)
+		{
+			int avail = blockSize - pos;
+			int copy = Math.min(avail, len);
+
+			System.arraycopy(src, off, buffer, pos, copy);
+			pos += copy;
+			off += copy;
+			len -= copy;
+
+			if (pos >= blockSize)
+			{
+				writeBlock();
+			}
+		}
+	}
+
+	public void write(int b) throws IOException
+	{
+		buffer[pos++] = (byte) b;
+		if (pos >= blockSize)
+		{
+			writeBlock();
+		}
+	}
+
+	public void writePlain(int b) throws IOException
+	{
+		if (pos != 0)
+		{
+			throw new IOException("Cannot write plain since crypto buffer is not aligned.");
+		}
+		internal_write(b);
+	}
+
+	public void writePlain(byte[] b, int off, int len) throws IOException
+	{
+		if (pos != 0)
+		{
+			throw new IOException("Cannot write plain since crypto buffer is not aligned.");
+		}
+		internal_write(b, off, len);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/DES.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/DES.java
new file mode 100644
index 0000000..1351768
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/DES.java
@@ -0,0 +1,372 @@
+package ch.ethz.ssh2.crypto.cipher;
+
+/*
+ This file is based on the 3DES implementation from the Bouncy Castle Crypto package.
+ Their licence file states the following:
+
+ Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
+ (http://www.bouncycastle.org)
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE. 
+ */
+
+/**
+ * DES.
+ * 
+ * @author See comments in the source file
+ * @version 2.50, 03/15/10
+ * 
+ */
+public class DES implements BlockCipher
+{
+	private int[] workingKey = null;
+
+	/**
+	 * standard constructor.
+	 */
+	public DES()
+	{
+	}
+
+	/**
+	 * initialise a DES cipher.
+	 * 
+	 * @param encrypting
+	 *            whether or not we are for encryption.
+	 * @param key
+	 *            the parameters required to set up the cipher.
+	 * @exception IllegalArgumentException
+	 *                if the params argument is inappropriate.
+	 */
+	public void init(boolean encrypting, byte[] key)
+	{
+		this.workingKey = generateWorkingKey(encrypting, key, 0);
+	}
+
+	public String getAlgorithmName()
+	{
+		return "DES";
+	}
+
+	public int getBlockSize()
+	{
+		return 8;
+	}
+
+	public void transformBlock(byte[] in, int inOff, byte[] out, int outOff)
+	{
+		if (workingKey == null)
+		{
+			throw new IllegalStateException("DES engine not initialised!");
+		}
+
+		desFunc(workingKey, in, inOff, out, outOff);
+	}
+
+	public void reset()
+	{
+	}
+
+	/**
+	 * what follows is mainly taken from "Applied Cryptography", by Bruce
+	 * Schneier, however it also bears great resemblance to Richard
+	 * Outerbridge's D3DES...
+	 */
+
+	static short[] Df_Key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32,
+			0x10, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67 };
+
+	static short[] bytebit = { 0200, 0100, 040, 020, 010, 04, 02, 01 };
+
+	static int[] bigbyte = { 0x800000, 0x400000, 0x200000, 0x100000, 0x80000, 0x40000, 0x20000, 0x10000, 0x8000,
+			0x4000, 0x2000, 0x1000, 0x800, 0x400, 0x200, 0x100, 0x80, 0x40, 0x20, 0x10, 0x8, 0x4, 0x2, 0x1 };
+
+	/*
+	 * Use the key schedule specified in the Standard (ANSI X3.92-1981).
+	 */
+
+	static byte[] pc1 = { 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2,
+			59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12,
+			4, 27, 19, 11, 3 };
+
+	static byte[] totrot = { 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 };
+
+	static byte[] pc2 = { 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40,
+			51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 };
+
+	static int[] SP1 = { 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004,
+			0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
+			0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, 0x00010004,
+			0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000, 0x00010000, 0x01010404,
+			0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000, 0x00010400,
+			0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, 0x01010404, 0x00010004, 0x01010000, 0x01000404,
+			0x01000004, 0x00000404, 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004,
+			0x00010400, 0x00000000, 0x01010004 };
+
+	static int[] SP2 = { 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020,
+			0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
+			0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, 0x00100020,
+			0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020, 0x00000000, 0x00108020,
+			0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000, 0x00000020,
+			0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, 0x00008020, 0x80108000, 0x00100000, 0x80000020,
+			0x00100020, 0x80008020, 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000,
+			0x80100020, 0x80108020, 0x00108000 };
+
+	static int[] SP3 = { 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208,
+			0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
+			0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, 0x08000208,
+			0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000, 0x08020200, 0x08000000,
+			0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008, 0x08020208,
+			0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, 0x08000208, 0x00020000, 0x08000000, 0x08020208,
+			0x00000008, 0x00020208, 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208,
+			0x00000008, 0x08020008, 0x00020200 };
+
+	static int[] SP4 = { 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001,
+			0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
+			0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, 0x00800081,
+			0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081, 0x00800080, 0x00800001,
+			0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080, 0x00800081,
+			0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802081, 0x00000081, 0x00000001, 0x00002000,
+			0x00800001, 0x00002001, 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080,
+			0x00800000, 0x00002000, 0x00802080 };
+
+	static int[] SP5 = { 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000,
+			0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
+			0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, 0x42080000,
+			0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100, 0x00080000, 0x42000100,
+			0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000, 0x42080000,
+			0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, 0x42080100, 0x00080100, 0x42000000, 0x42080100,
+			0x02080000, 0x00000000, 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000,
+			0x40080000, 0x02080100, 0x40000100 };
+
+	static int[] SP6 = { 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010,
+			0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
+			0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, 0x20400010,
+			0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000, 0x20004000, 0x00000010,
+			0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000, 0x20000000,
+			0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, 0x00404010, 0x20404000, 0x00000000, 0x20400010,
+			0x00000010, 0x00004000, 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000,
+			0x20000000, 0x00400010, 0x20004010 };
+
+	static int[] SP7 = { 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802,
+			0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
+			0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, 0x04200000,
+			0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800, 0x04000000, 0x00200800,
+			0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000, 0x04000800,
+			0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, 0x00000802, 0x04000002, 0x04200802, 0x04200000,
+			0x00200800, 0x00000000, 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002,
+			0x04000800, 0x00000800, 0x00200002 };
+
+	static int[] SP8 = { 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040,
+			0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
+			0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, 0x00001040,
+			0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000, 0x00041040, 0x00040000,
+			0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040, 0x10000040,
+			0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, 0x00000000, 0x10041040, 0x00040040, 0x10000040,
+			0x10040000, 0x10001000, 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040,
+			0x00040040, 0x10000000, 0x10041000 };
+
+	/**
+	 * generate an integer based working key based on our secret key and what we
+	 * processing we are planning to do.
+	 * 
+	 * Acknowledgements for this routine go to James Gillogly & Phil Karn.
+	 * (whoever, and wherever they are!).
+	 */
+	protected int[] generateWorkingKey(boolean encrypting, byte[] key, int off)
+	{
+		int[] newKey = new int[32];
+		boolean[] pc1m = new boolean[56], pcr = new boolean[56];
+
+		for (int j = 0; j < 56; j++)
+		{
+			int l = pc1[j];
+
+			pc1m[j] = ((key[off + (l >>> 3)] & bytebit[l & 07]) != 0);
+		}
+
+		for (int i = 0; i < 16; i++)
+		{
+			int l, m, n;
+
+			if (encrypting)
+			{
+				m = i << 1;
+			}
+			else
+			{
+				m = (15 - i) << 1;
+			}
+
+			n = m + 1;
+			newKey[m] = newKey[n] = 0;
+
+			for (int j = 0; j < 28; j++)
+			{
+				l = j + totrot[i];
+				if (l < 28)
+				{
+					pcr[j] = pc1m[l];
+				}
+				else
+				{
+					pcr[j] = pc1m[l - 28];
+				}
+			}
+
+			for (int j = 28; j < 56; j++)
+			{
+				l = j + totrot[i];
+				if (l < 56)
+				{
+					pcr[j] = pc1m[l];
+				}
+				else
+				{
+					pcr[j] = pc1m[l - 28];
+				}
+			}
+
+			for (int j = 0; j < 24; j++)
+			{
+				if (pcr[pc2[j]])
+				{
+					newKey[m] |= bigbyte[j];
+				}
+
+				if (pcr[pc2[j + 24]])
+				{
+					newKey[n] |= bigbyte[j];
+				}
+			}
+		}
+
+		//
+		// store the processed key
+		//
+		for (int i = 0; i != 32; i += 2)
+		{
+			int i1, i2;
+
+			i1 = newKey[i];
+			i2 = newKey[i + 1];
+
+			newKey[i] = ((i1 & 0x00fc0000) << 6) | ((i1 & 0x00000fc0) << 10) | ((i2 & 0x00fc0000) >>> 10)
+					| ((i2 & 0x00000fc0) >>> 6);
+
+			newKey[i + 1] = ((i1 & 0x0003f000) << 12) | ((i1 & 0x0000003f) << 16) | ((i2 & 0x0003f000) >>> 4)
+					| (i2 & 0x0000003f);
+		}
+
+		return newKey;
+	}
+
+	/**
+	 * the DES engine.
+	 */
+	protected void desFunc(int[] wKey, byte[] in, int inOff, byte[] out, int outOff)
+	{
+		int work, right, left;
+
+		left = (in[inOff + 0] & 0xff) << 24;
+		left |= (in[inOff + 1] & 0xff) << 16;
+		left |= (in[inOff + 2] & 0xff) << 8;
+		left |= (in[inOff + 3] & 0xff);
+
+		right = (in[inOff + 4] & 0xff) << 24;
+		right |= (in[inOff + 5] & 0xff) << 16;
+		right |= (in[inOff + 6] & 0xff) << 8;
+		right |= (in[inOff + 7] & 0xff);
+
+		work = ((left >>> 4) ^ right) & 0x0f0f0f0f;
+		right ^= work;
+		left ^= (work << 4);
+		work = ((left >>> 16) ^ right) & 0x0000ffff;
+		right ^= work;
+		left ^= (work << 16);
+		work = ((right >>> 2) ^ left) & 0x33333333;
+		left ^= work;
+		right ^= (work << 2);
+		work = ((right >>> 8) ^ left) & 0x00ff00ff;
+		left ^= work;
+		right ^= (work << 8);
+		right = ((right << 1) | ((right >>> 31) & 1)) & 0xffffffff;
+		work = (left ^ right) & 0xaaaaaaaa;
+		left ^= work;
+		right ^= work;
+		left = ((left << 1) | ((left >>> 31) & 1)) & 0xffffffff;
+
+		for (int round = 0; round < 8; round++)
+		{
+			int fval;
+
+			work = (right << 28) | (right >>> 4);
+			work ^= wKey[round * 4 + 0];
+			fval = SP7[work & 0x3f];
+			fval |= SP5[(work >>> 8) & 0x3f];
+			fval |= SP3[(work >>> 16) & 0x3f];
+			fval |= SP1[(work >>> 24) & 0x3f];
+			work = right ^ wKey[round * 4 + 1];
+			fval |= SP8[work & 0x3f];
+			fval |= SP6[(work >>> 8) & 0x3f];
+			fval |= SP4[(work >>> 16) & 0x3f];
+			fval |= SP2[(work >>> 24) & 0x3f];
+			left ^= fval;
+			work = (left << 28) | (left >>> 4);
+			work ^= wKey[round * 4 + 2];
+			fval = SP7[work & 0x3f];
+			fval |= SP5[(work >>> 8) & 0x3f];
+			fval |= SP3[(work >>> 16) & 0x3f];
+			fval |= SP1[(work >>> 24) & 0x3f];
+			work = left ^ wKey[round * 4 + 3];
+			fval |= SP8[work & 0x3f];
+			fval |= SP6[(work >>> 8) & 0x3f];
+			fval |= SP4[(work >>> 16) & 0x3f];
+			fval |= SP2[(work >>> 24) & 0x3f];
+			right ^= fval;
+		}
+
+		right = (right << 31) | (right >>> 1);
+		work = (left ^ right) & 0xaaaaaaaa;
+		left ^= work;
+		right ^= work;
+		left = (left << 31) | (left >>> 1);
+		work = ((left >>> 8) ^ right) & 0x00ff00ff;
+		right ^= work;
+		left ^= (work << 8);
+		work = ((left >>> 2) ^ right) & 0x33333333;
+		right ^= work;
+		left ^= (work << 2);
+		work = ((right >>> 16) ^ left) & 0x0000ffff;
+		left ^= work;
+		right ^= (work << 16);
+		work = ((right >>> 4) ^ left) & 0x0f0f0f0f;
+		left ^= work;
+		right ^= (work << 4);
+
+		out[outOff + 0] = (byte) ((right >>> 24) & 0xff);
+		out[outOff + 1] = (byte) ((right >>> 16) & 0xff);
+		out[outOff + 2] = (byte) ((right >>> 8) & 0xff);
+		out[outOff + 3] = (byte) (right & 0xff);
+		out[outOff + 4] = (byte) ((left >>> 24) & 0xff);
+		out[outOff + 5] = (byte) ((left >>> 16) & 0xff);
+		out[outOff + 6] = (byte) ((left >>> 8) & 0xff);
+		out[outOff + 7] = (byte) (left & 0xff);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/DESede.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/DESede.java
new file mode 100644
index 0000000..1e676a9
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/DESede.java
@@ -0,0 +1,109 @@
+package ch.ethz.ssh2.crypto.cipher;
+
+/*
+ This file was shamelessly taken (and modified) from the Bouncy Castle Crypto package.
+ Their licence file states the following:
+
+ Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle
+ (http://www.bouncycastle.org)
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE. 
+ */
+
+/**
+ * DESede.
+ * 
+ * @author See comments in the source file
+ * @version 2.50, 03/15/10
+ * 
+ */
+public class DESede extends DES
+{
+	private int[] key1 = null;
+	private int[] key2 = null;
+	private int[] key3 = null;
+
+	private boolean encrypt;
+
+	/**
+	 * standard constructor.
+	 */
+	public DESede()
+	{
+	}
+
+	/**
+	 * initialise a DES cipher.
+	 * 
+	 * @param encrypting
+	 *            whether or not we are for encryption.
+	 * @param key
+	 *            the parameters required to set up the cipher.
+	 * @exception IllegalArgumentException
+	 *                if the params argument is inappropriate.
+	 */
+	@Override
+	public void init(boolean encrypting, byte[] key)
+	{
+		key1 = generateWorkingKey(encrypting, key, 0);
+		key2 = generateWorkingKey(!encrypting, key, 8);
+		key3 = generateWorkingKey(encrypting, key, 16);
+
+		encrypt = encrypting;
+	}
+
+	@Override
+	public String getAlgorithmName()
+	{
+		return "DESede";
+	}
+
+	@Override
+	public int getBlockSize()
+	{
+		return 8;
+	}
+
+	@Override
+	public void transformBlock(byte[] in, int inOff, byte[] out, int outOff)
+	{
+		if (key1 == null)
+		{
+			throw new IllegalStateException("DESede engine not initialised!");
+		}
+
+		if (encrypt)
+		{
+			desFunc(key1, in, inOff, out, outOff);
+			desFunc(key2, out, outOff, out, outOff);
+			desFunc(key3, out, outOff, out, outOff);
+		}
+		else
+		{
+			desFunc(key3, in, inOff, out, outOff);
+			desFunc(key2, out, outOff, out, outOff);
+			desFunc(key1, out, outOff, out, outOff);
+		}
+	}
+
+	@Override
+	public void reset()
+	{
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/cipher/NullCipher.java b/src/main/java/ch/ethz/ssh2/crypto/cipher/NullCipher.java
new file mode 100644
index 0000000..14cc319
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/cipher/NullCipher.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.cipher;
+
+/**
+ * NullCipher.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class NullCipher implements BlockCipher
+{
+	private int blockSize = 8;
+	
+	public NullCipher()
+	{
+	}
+
+	public NullCipher(int blockSize)
+	{
+		this.blockSize = blockSize;
+	}
+	
+	public void init(boolean forEncryption, byte[] key)
+	{
+	}
+
+	public int getBlockSize()
+	{
+		return blockSize;
+	}
+
+	public void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff)
+	{
+		System.arraycopy(src, srcoff, dst, dstoff, blockSize);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/dh/DhExchange.java b/src/main/java/ch/ethz/ssh2/crypto/dh/DhExchange.java
new file mode 100644
index 0000000..aeb550f
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/dh/DhExchange.java
@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.dh;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import ch.ethz.ssh2.crypto.digest.HashForSSH2Types;
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.util.StringEncoder;
+
+/**
+ * @author Christian Plattner
+ * @version $Id: DhExchange.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class DhExchange
+{
+	private static final Logger log = Logger.getLogger(DhExchange.class);
+
+	/* Given by the standard */
+
+	static final BigInteger p1, p14;
+	static final BigInteger g;
+
+	BigInteger p;
+
+	/* Client public and private */
+
+	BigInteger e;
+	BigInteger x;
+
+	/* Server public */
+
+	BigInteger f;
+
+	/* Shared secret */
+
+	BigInteger k;
+
+	static
+	{
+		final String p1_string = "17976931348623159077083915679378745319786029604875"
+				+ "60117064444236841971802161585193689478337958649255415021805654859805036464"
+				+ "40548199239100050792877003355816639229553136239076508735759914822574862575"
+				+ "00742530207744771258955095793777842444242661733472762929938766870920560605"
+				+ "0270810842907692932019128194467627007";
+
+		final String p14_string = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129"
+				+ "024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0"
+				+ "A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB"
+				+ "6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A"
+				+ "163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208"
+				+ "552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36C"
+				+ "E3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF69558171"
+				+ "83995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF";
+
+		p1 = new BigInteger(p1_string);
+		p14 = new BigInteger(p14_string, 16);
+		g = new BigInteger("2");
+	}
+
+	public DhExchange()
+	{
+	}
+
+	public void init(int group, SecureRandom rnd)
+	{
+		k = null;
+
+		if (group == 1)
+			p = p1;
+		else if (group == 14)
+			p = p14;
+		else
+			throw new IllegalArgumentException("Unknown DH group " + group);
+
+		x = new BigInteger(p.bitLength() - 1, rnd);
+
+		e = g.modPow(x, p);
+	}
+
+	/**
+	 * @return Returns the e.
+	 * @throws IllegalStateException
+	 */
+	public BigInteger getE()
+	{
+		if (e == null)
+			throw new IllegalStateException("DhDsaExchange not initialized!");
+
+		return e;
+	}
+
+	/**
+	 * @return Returns the shared secret k.
+	 * @throws IllegalStateException
+	 */
+	public BigInteger getK()
+	{
+		if (k == null)
+			throw new IllegalStateException("Shared secret not yet known, need f first!");
+
+		return k;
+	}
+
+	/**
+	 * @param f
+	 */
+	public void setF(BigInteger f)
+	{
+		if (e == null)
+			throw new IllegalStateException("DhDsaExchange not initialized!");
+
+		BigInteger zero = BigInteger.valueOf(0);
+
+		if (zero.compareTo(f) >= 0 || p.compareTo(f) <= 0)
+			throw new IllegalArgumentException("Invalid f specified!");
+
+		this.f = f;
+		this.k = f.modPow(x, p);
+	}
+
+	public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload,
+							 byte[] serverKexPayload, byte[] hostKey)
+	{
+		HashForSSH2Types hash = new HashForSSH2Types("SHA1");
+
+		if (log.isInfoEnabled())
+		{
+			log.info("Client: '" + StringEncoder.GetString(clientversion) + "'");
+		    log.info("Server: '" + StringEncoder.GetString(serverversion) + "'");
+		}
+		hash.updateByteString(clientversion);
+		hash.updateByteString(serverversion);
+		hash.updateByteString(clientKexPayload);
+		hash.updateByteString(serverKexPayload);
+		hash.updateByteString(hostKey);
+		hash.updateBigInt(e);
+		hash.updateBigInt(f);
+		hash.updateBigInt(k);
+
+		return hash.getDigest();
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/dh/DhGroupExchange.java b/src/main/java/ch/ethz/ssh2/crypto/dh/DhGroupExchange.java
new file mode 100644
index 0000000..c2defda
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/dh/DhGroupExchange.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.dh;
+
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import ch.ethz.ssh2.DHGexParameters;
+import ch.ethz.ssh2.crypto.digest.HashForSSH2Types;
+
+/**
+ * DhGroupExchange.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class DhGroupExchange
+{
+	/* Given by the standard */
+
+	private BigInteger p;
+	private BigInteger g;
+
+	/* Client public and private */
+
+	private BigInteger e;
+	private BigInteger x;
+
+	/* Server public */
+
+	private BigInteger f;
+
+	/* Shared secret */
+
+	private BigInteger k;
+
+	public DhGroupExchange(BigInteger p, BigInteger g)
+	{
+		this.p = p;
+		this.g = g;
+	}
+
+	public void init(SecureRandom rnd)
+	{
+		k = null;
+
+		x = new BigInteger(p.bitLength() - 1, rnd);
+		e = g.modPow(x, p);
+	}
+
+	/**
+	 * @return Returns the e.
+	 */
+	public BigInteger getE()
+	{
+		if (e == null)
+			throw new IllegalStateException("Not initialized!");
+
+		return e;
+	}
+
+	/**
+	 * @return Returns the shared secret k.
+	 */
+	public BigInteger getK()
+	{
+		if (k == null)
+			throw new IllegalStateException("Shared secret not yet known, need f first!");
+
+		return k;
+	}
+
+	/**
+	 * Sets f and calculates the shared secret.
+	 */
+	public void setF(BigInteger f)
+	{
+		if (e == null)
+			throw new IllegalStateException("Not initialized!");
+
+		BigInteger zero = BigInteger.valueOf(0);
+
+		if (zero.compareTo(f) >= 0 || p.compareTo(f) <= 0)
+			throw new IllegalArgumentException("Invalid f specified!");
+
+		this.f = f;
+		this.k = f.modPow(x, p);
+	}
+
+	public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload,
+			byte[] serverKexPayload, byte[] hostKey, DHGexParameters para)
+	{
+		HashForSSH2Types hash = new HashForSSH2Types("SHA1");
+
+		hash.updateByteString(clientversion);
+		hash.updateByteString(serverversion);
+		hash.updateByteString(clientKexPayload);
+		hash.updateByteString(serverKexPayload);
+		hash.updateByteString(hostKey);
+		if (para.getMin_group_len() > 0)
+			hash.updateUINT32(para.getMin_group_len());
+		hash.updateUINT32(para.getPref_group_len());
+		if (para.getMax_group_len() > 0)
+			hash.updateUINT32(para.getMax_group_len());
+		hash.updateBigInt(p);
+		hash.updateBigInt(g);
+		hash.updateBigInt(e);
+		hash.updateBigInt(f);
+		hash.updateBigInt(k);
+
+		return hash.getDigest();
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/Digest.java b/src/main/java/ch/ethz/ssh2/crypto/digest/Digest.java
new file mode 100644
index 0000000..0b8adb8
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/digest/Digest.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.digest;
+
+/**
+ * Digest.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public interface Digest
+{
+	public int getDigestLength();
+
+	public void update(byte b);
+
+	public void update(byte[] b);
+
+	public void update(byte b[], int off, int len);
+
+	public void reset();
+
+	public void digest(byte[] out);
+
+	public void digest(byte[] out, int off);
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/HMAC.java b/src/main/java/ch/ethz/ssh2/crypto/digest/HMAC.java
new file mode 100644
index 0000000..fcdf43d
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/digest/HMAC.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.digest;
+
+/**
+ * HMAC.
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public final class HMAC implements Digest
+{
+	Digest md;
+	byte[] k_xor_ipad;
+	byte[] k_xor_opad;
+
+	byte[] tmp;
+
+	int size;
+
+	public HMAC(Digest md, byte[] key, int size)
+	{
+		this.md = md;
+		this.size = size;
+
+		tmp = new byte[md.getDigestLength()];
+
+		int blocksize = 64;
+
+		k_xor_ipad = new byte[blocksize];
+		k_xor_opad = new byte[blocksize];
+
+		if (key.length > blocksize)
+		{
+			md.reset();
+			md.update(key);
+			md.digest(tmp);
+			key = tmp;
+		}
+
+		System.arraycopy(key, 0, k_xor_ipad, 0, key.length);
+		System.arraycopy(key, 0, k_xor_opad, 0, key.length);
+
+		for (int i = 0; i < blocksize; i++)
+		{
+			k_xor_ipad[i] ^= 0x36;
+			k_xor_opad[i] ^= 0x5C;
+		}
+		md.update(k_xor_ipad);
+	}
+
+	public int getDigestLength()
+	{
+		return size;
+	}
+
+	public void update(byte b)
+	{
+		md.update(b);
+	}
+
+	public void update(byte[] b)
+	{
+		md.update(b);
+	}
+
+	public void update(byte[] b, int off, int len)
+	{
+		md.update(b, off, len);
+	}
+
+	public void reset()
+	{
+		md.reset();
+		md.update(k_xor_ipad);
+	}
+
+	public void digest(byte[] out)
+	{
+		digest(out, 0);
+	}
+
+	public void digest(byte[] out, int off)
+	{
+		md.digest(tmp);
+
+		md.update(k_xor_opad);
+		md.update(tmp);
+
+		md.digest(tmp);
+
+		System.arraycopy(tmp, 0, out, off, size);
+
+		md.update(k_xor_ipad);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/HashForSSH2Types.java b/src/main/java/ch/ethz/ssh2/crypto/digest/HashForSSH2Types.java
new file mode 100644
index 0000000..45eea70
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/digest/HashForSSH2Types.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.digest;
+
+import java.math.BigInteger;
+
+/**
+ * HashForSSH2Types.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class HashForSSH2Types
+{
+	Digest md;
+
+	public HashForSSH2Types(Digest md)
+	{
+		this.md = md;
+	}
+
+	public HashForSSH2Types(String type)
+	{
+		if (type.equals("SHA1"))
+		{
+			md = new SHA1();
+		}
+		else if (type.equals("MD5"))
+		{
+			md = new MD5();
+		}
+		else
+			throw new IllegalArgumentException("Unknown algorithm " + type);
+	}
+
+	public void updateByte(byte b)
+	{
+		/* HACK - to test it with J2ME */
+		byte[] tmp = new byte[1];
+		tmp[0] = b;
+		md.update(tmp);
+	}
+
+	public void updateBytes(byte[] b)
+	{
+		md.update(b);
+	}
+
+	public void updateUINT32(int v)
+	{
+		md.update((byte) (v >> 24));
+		md.update((byte) (v >> 16));
+		md.update((byte) (v >> 8));
+		md.update((byte) (v));
+	}
+
+	public void updateByteString(byte[] b)
+	{
+		updateUINT32(b.length);
+		updateBytes(b);
+	}
+
+	public void updateBigInt(BigInteger b)
+	{
+		updateByteString(b.toByteArray());
+	}
+
+	public void reset()
+	{
+		md.reset();
+	}
+
+	public int getDigestLength()
+	{
+		return md.getDigestLength();
+	}
+
+	public byte[] getDigest()
+	{
+		byte[] tmp = new byte[md.getDigestLength()];
+		getDigest(tmp);
+		return tmp;
+	}
+
+	public void getDigest(byte[] out)
+	{
+		getDigest(out, 0);
+	}
+
+	public void getDigest(byte[] out, int off)
+	{
+		md.digest(out, off);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/MAC.java b/src/main/java/ch/ethz/ssh2/crypto/digest/MAC.java
new file mode 100644
index 0000000..ab40de3
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/digest/MAC.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.digest;
+
+/**
+ * MAC.
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public final class MAC
+{
+	Digest mac;
+	int size;
+
+	public static String[] getMacList()
+	{
+		/* Higher Priority First */
+
+		return new String[]{"hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5"};
+	}
+
+	public static void checkMacList(String[] macs)
+	{
+		for (int i = 0; i < macs.length; i++)
+			getKeyLen(macs[i]);
+	}
+
+	public static int getKeyLen(String type)
+	{
+		if (type.equals("hmac-sha1"))
+			return 20;
+		if (type.equals("hmac-sha1-96"))
+			return 20;
+		if (type.equals("hmac-md5"))
+			return 16;
+		if (type.equals("hmac-md5-96"))
+			return 16;
+		throw new IllegalArgumentException("Unkown algorithm " + type);
+	}
+
+	public MAC(String type, byte[] key)
+	{
+		if (type.equals("hmac-sha1"))
+		{
+			mac = new HMAC(new SHA1(), key, 20);
+		}
+		else if (type.equals("hmac-sha1-96"))
+		{
+			mac = new HMAC(new SHA1(), key, 12);
+		}
+		else if (type.equals("hmac-md5"))
+		{
+			mac = new HMAC(new MD5(), key, 16);
+		}
+		else if (type.equals("hmac-md5-96"))
+		{
+			mac = new HMAC(new MD5(), key, 12);
+		}
+		else
+			throw new IllegalArgumentException("Unkown algorithm " + type);
+
+		size = mac.getDigestLength();
+	}
+
+	public void initMac(int seq)
+	{
+		mac.reset();
+		mac.update((byte) (seq >> 24));
+		mac.update((byte) (seq >> 16));
+		mac.update((byte) (seq >> 8));
+		mac.update((byte) (seq));
+	}
+
+	public void update(byte[] packetdata, int off, int len)
+	{
+		mac.update(packetdata, off, len);
+	}
+
+	public void getMac(byte[] out, int off)
+	{
+		mac.digest(out, off);
+	}
+
+	public int size()
+	{
+		return size;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/MD5.java b/src/main/java/ch/ethz/ssh2/crypto/digest/MD5.java
new file mode 100644
index 0000000..bd3c451
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/digest/MD5.java
@@ -0,0 +1,271 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.digest;
+
+/**
+ * MD5. Based on the example code in RFC 1321. Optimized (...a little).
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+/*
+ * The following disclaimer has been copied from RFC 1321:
+ * 
+ * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights
+ * reserved.
+ * 
+ * License to copy and use this software is granted provided that it is
+ * identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in
+ * all material mentioning or referencing this software or this function.
+ * 
+ * License is also granted to make and use derivative works provided that such
+ * works are identified as "derived from the RSA Data Security, Inc. MD5
+ * Message-Digest Algorithm" in all material mentioning or referencing the
+ * derived work.
+ * 
+ * RSA Data Security, Inc. makes no representations concerning either the
+ * merchantability of this software or the suitability of this software for any
+ * particular purpose. It is provided "as is" without express or implied
+ * warranty of any kind.
+ * 
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ * 
+ */
+
+public final class MD5 implements Digest
+{
+	private int state0, state1, state2, state3;
+	private long count;
+	private final byte[] block = new byte[64];
+	private final int x[] = new int[16];
+
+	private static final byte[] padding = new byte[] { (byte) 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+			0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+
+	public MD5()
+	{
+		reset();
+	}
+
+	private static int FF(int a, int b, int c, int d, int x, int s, int ac)
+	{
+		a += ((b & c) | ((~b) & d)) + x + ac;
+		return ((a << s) | (a >>> (32 - s))) + b;
+	}
+
+	private static int GG(int a, int b, int c, int d, int x, int s, int ac)
+	{
+		a += ((b & d) | (c & (~d))) + x + ac;
+		return ((a << s) | (a >>> (32 - s))) + b;
+	}
+
+	private static int HH(int a, int b, int c, int d, int x, int s, int ac)
+	{
+		a += (b ^ c ^ d) + x + ac;
+		return ((a << s) | (a >>> (32 - s))) + b;
+	}
+
+	private static int II(int a, int b, int c, int d, int x, int s, int ac)
+	{
+		a += (c ^ (b | (~d))) + x + ac;
+		return ((a << s) | (a >>> (32 - s))) + b;
+	}
+
+	private static void encode(byte[] dst, int dstoff, int word)
+	{
+		dst[dstoff] = (byte) (word);
+		dst[dstoff + 1] = (byte) (word >> 8);
+		dst[dstoff + 2] = (byte) (word >> 16);
+		dst[dstoff + 3] = (byte) (word >> 24);
+	}
+
+	private void transform(byte[] src, int pos)
+	{
+		int a = state0;
+		int b = state1;
+		int c = state2;
+		int d = state3;
+
+		for (int i = 0; i < 16; i++, pos += 4)
+		{
+			x[i] = (src[pos] & 0xff) | ((src[pos + 1] & 0xff) << 8) | ((src[pos + 2] & 0xff) << 16)
+					| ((src[pos + 3] & 0xff) << 24);
+		}
+
+		/* Round 1 */
+
+		a = FF(a, b, c, d, x[0], 7, 0xd76aa478); /* 1 */
+		d = FF(d, a, b, c, x[1], 12, 0xe8c7b756); /* 2 */
+		c = FF(c, d, a, b, x[2], 17, 0x242070db); /* 3 */
+		b = FF(b, c, d, a, x[3], 22, 0xc1bdceee); /* 4 */
+		a = FF(a, b, c, d, x[4], 7, 0xf57c0faf); /* 5 */
+		d = FF(d, a, b, c, x[5], 12, 0x4787c62a); /* 6 */
+		c = FF(c, d, a, b, x[6], 17, 0xa8304613); /* 7 */
+		b = FF(b, c, d, a, x[7], 22, 0xfd469501); /* 8 */
+		a = FF(a, b, c, d, x[8], 7, 0x698098d8); /* 9 */
+		d = FF(d, a, b, c, x[9], 12, 0x8b44f7af); /* 10 */
+		c = FF(c, d, a, b, x[10], 17, 0xffff5bb1); /* 11 */
+		b = FF(b, c, d, a, x[11], 22, 0x895cd7be); /* 12 */
+		a = FF(a, b, c, d, x[12], 7, 0x6b901122); /* 13 */
+		d = FF(d, a, b, c, x[13], 12, 0xfd987193); /* 14 */
+		c = FF(c, d, a, b, x[14], 17, 0xa679438e); /* 15 */
+		b = FF(b, c, d, a, x[15], 22, 0x49b40821); /* 16 */
+
+		/* Round 2 */
+		a = GG(a, b, c, d, x[1], 5, 0xf61e2562); /* 17 */
+		d = GG(d, a, b, c, x[6], 9, 0xc040b340); /* 18 */
+		c = GG(c, d, a, b, x[11], 14, 0x265e5a51); /* 19 */
+		b = GG(b, c, d, a, x[0], 20, 0xe9b6c7aa); /* 20 */
+		a = GG(a, b, c, d, x[5], 5, 0xd62f105d); /* 21 */
+		d = GG(d, a, b, c, x[10], 9, 0x2441453); /* 22 */
+		c = GG(c, d, a, b, x[15], 14, 0xd8a1e681); /* 23 */
+		b = GG(b, c, d, a, x[4], 20, 0xe7d3fbc8); /* 24 */
+		a = GG(a, b, c, d, x[9], 5, 0x21e1cde6); /* 25 */
+		d = GG(d, a, b, c, x[14], 9, 0xc33707d6); /* 26 */
+		c = GG(c, d, a, b, x[3], 14, 0xf4d50d87); /* 27 */
+		b = GG(b, c, d, a, x[8], 20, 0x455a14ed); /* 28 */
+		a = GG(a, b, c, d, x[13], 5, 0xa9e3e905); /* 29 */
+		d = GG(d, a, b, c, x[2], 9, 0xfcefa3f8); /* 30 */
+		c = GG(c, d, a, b, x[7], 14, 0x676f02d9); /* 31 */
+		b = GG(b, c, d, a, x[12], 20, 0x8d2a4c8a); /* 32 */
+
+		/* Round 3 */
+		a = HH(a, b, c, d, x[5], 4, 0xfffa3942); /* 33 */
+		d = HH(d, a, b, c, x[8], 11, 0x8771f681); /* 34 */
+		c = HH(c, d, a, b, x[11], 16, 0x6d9d6122); /* 35 */
+		b = HH(b, c, d, a, x[14], 23, 0xfde5380c); /* 36 */
+		a = HH(a, b, c, d, x[1], 4, 0xa4beea44); /* 37 */
+		d = HH(d, a, b, c, x[4], 11, 0x4bdecfa9); /* 38 */
+		c = HH(c, d, a, b, x[7], 16, 0xf6bb4b60); /* 39 */
+		b = HH(b, c, d, a, x[10], 23, 0xbebfbc70); /* 40 */
+		a = HH(a, b, c, d, x[13], 4, 0x289b7ec6); /* 41 */
+		d = HH(d, a, b, c, x[0], 11, 0xeaa127fa); /* 42 */
+		c = HH(c, d, a, b, x[3], 16, 0xd4ef3085); /* 43 */
+		b = HH(b, c, d, a, x[6], 23, 0x4881d05); /* 44 */
+		a = HH(a, b, c, d, x[9], 4, 0xd9d4d039); /* 45 */
+		d = HH(d, a, b, c, x[12], 11, 0xe6db99e5); /* 46 */
+		c = HH(c, d, a, b, x[15], 16, 0x1fa27cf8); /* 47 */
+		b = HH(b, c, d, a, x[2], 23, 0xc4ac5665); /* 48 */
+
+		/* Round 4 */
+		a = II(a, b, c, d, x[0], 6, 0xf4292244); /* 49 */
+		d = II(d, a, b, c, x[7], 10, 0x432aff97); /* 50 */
+		c = II(c, d, a, b, x[14], 15, 0xab9423a7); /* 51 */
+		b = II(b, c, d, a, x[5], 21, 0xfc93a039); /* 52 */
+		a = II(a, b, c, d, x[12], 6, 0x655b59c3); /* 53 */
+		d = II(d, a, b, c, x[3], 10, 0x8f0ccc92); /* 54 */
+		c = II(c, d, a, b, x[10], 15, 0xffeff47d); /* 55 */
+		b = II(b, c, d, a, x[1], 21, 0x85845dd1); /* 56 */
+		a = II(a, b, c, d, x[8], 6, 0x6fa87e4f); /* 57 */
+		d = II(d, a, b, c, x[15], 10, 0xfe2ce6e0); /* 58 */
+		c = II(c, d, a, b, x[6], 15, 0xa3014314); /* 59 */
+		b = II(b, c, d, a, x[13], 21, 0x4e0811a1); /* 60 */
+		a = II(a, b, c, d, x[4], 6, 0xf7537e82); /* 61 */
+		d = II(d, a, b, c, x[11], 10, 0xbd3af235); /* 62 */
+		c = II(c, d, a, b, x[2], 15, 0x2ad7d2bb); /* 63 */
+		b = II(b, c, d, a, x[9], 21, 0xeb86d391); /* 64 */
+
+		state0 += a;
+		state1 += b;
+		state2 += c;
+		state3 += d;
+	}
+
+	public final void reset()
+	{
+		count = 0;
+
+		state0 = 0x67452301;
+		state1 = 0xefcdab89;
+		state2 = 0x98badcfe;
+		state3 = 0x10325476;
+
+		/* Clear traces in memory... */
+
+		for (int i = 0; i < 16; i++)
+			x[i] = 0;
+	}
+
+	public final void update(byte b)
+	{
+		final int space = 64 - ((int) (count & 0x3f));
+
+		count++;
+
+		block[64 - space] = b;
+
+		if (space == 1)
+			transform(block, 0);
+	}
+
+	public final void update(byte[] buff, int pos, int len)
+	{
+		int space = 64 - ((int) (count & 0x3f));
+
+		count += len;
+
+		while (len > 0)
+		{
+			if (len < space)
+			{
+				System.arraycopy(buff, pos, block, 64 - space, len);
+				break;
+			}
+
+			if (space == 64)
+			{
+				transform(buff, pos);
+			}
+			else
+			{
+				System.arraycopy(buff, pos, block, 64 - space, space);
+				transform(block, 0);
+			}
+
+			pos += space;
+			len -= space;
+			space = 64;
+		}
+	}
+
+	public final void update(byte[] b)
+	{
+		update(b, 0, b.length);
+	}
+
+	public final void digest(byte[] dst, int pos)
+	{
+		byte[] bits = new byte[8];
+
+		encode(bits, 0, (int) (count << 3));
+		encode(bits, 4, (int) (count >> 29));
+
+		int idx = (int) count & 0x3f;
+		int padLen = (idx < 56) ? (56 - idx) : (120 - idx);
+
+		update(padding, 0, padLen);
+		update(bits, 0, 8);
+
+		encode(dst, pos, state0);
+		encode(dst, pos + 4, state1);
+		encode(dst, pos + 8, state2);
+		encode(dst, pos + 12, state3);
+
+		reset();
+	}
+
+	public final void digest(byte[] dst)
+	{
+		digest(dst, 0);
+	}
+
+	public final int getDigestLength()
+	{
+		return 16;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/SHA1.java b/src/main/java/ch/ethz/ssh2/crypto/digest/SHA1.java
new file mode 100644
index 0000000..795005e
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/crypto/digest/SHA1.java
@@ -0,0 +1,667 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.crypto.digest;
+
+/**
+ * SHA-1 implementation based on FIPS PUB 180-1.
+ * Highly optimized.
+ * <p/>
+ * (http://www.itl.nist.gov/fipspubs/fip180-1.htm)
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public final class SHA1 implements Digest
+{
+	private int H0, H1, H2, H3, H4;
+
+	private final int[] w = new int[80];
+	private int currentPos;
+	private long currentLen;
+
+	public SHA1()
+	{
+		reset();
+	}
+
+	public int getDigestLength()
+	{
+		return 20;
+	}
+
+	public void reset()
+	{
+		H0 = 0x67452301;
+		H1 = 0xEFCDAB89;
+		H2 = 0x98BADCFE;
+		H3 = 0x10325476;
+		H4 = 0xC3D2E1F0;
+
+		currentPos = 0;
+		currentLen = 0;
+
+		/* In case of complete paranoia, we should also wipe out the
+		 * information contained in the w[] array */
+	}
+
+	public void update(byte b[])
+	{
+		update(b, 0, b.length);
+	}
+
+	public void update(byte b[], int off, int len)
+	{
+		if (len >= 4)
+		{
+			int idx = currentPos >> 2;
+
+			switch (currentPos & 3)
+			{
+				case 0:
+					w[idx] = (((b[off++] & 0xff) << 24) | ((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8) | (b[off++] & 0xff));
+					len -= 4;
+					currentPos += 4;
+					currentLen += 32;
+					if (currentPos == 64)
+					{
+						perform();
+						currentPos = 0;
+					}
+					break;
+				case 1:
+					w[idx] = (w[idx] << 24) | (((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8) | (b[off++] & 0xff));
+					len -= 3;
+					currentPos += 3;
+					currentLen += 24;
+					if (currentPos == 64)
+					{
+						perform();
+						currentPos = 0;
+					}
+					break;
+				case 2:
+					w[idx] = (w[idx] << 16) | (((b[off++] & 0xff) << 8) | (b[off++] & 0xff));
+					len -= 2;
+					currentPos += 2;
+					currentLen += 16;
+					if (currentPos == 64)
+					{
+						perform();
+						currentPos = 0;
+					}
+					break;
+				case 3:
+					w[idx] = (w[idx] << 8) | (b[off++] & 0xff);
+					len--;
+					currentPos++;
+					currentLen += 8;
+					if (currentPos == 64)
+					{
+						perform();
+						currentPos = 0;
+					}
+					break;
+			}
+
+			/* Now currentPos is a multiple of 4 - this is the place to be...*/
+
+			while (len >= 8)
+			{
+				w[currentPos >> 2] = ((b[off++] & 0xff) << 24) | ((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8)
+						| (b[off++] & 0xff);
+				currentPos += 4;
+
+				if (currentPos == 64)
+				{
+					perform();
+					currentPos = 0;
+				}
+
+				w[currentPos >> 2] = ((b[off++] & 0xff) << 24) | ((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8)
+						| (b[off++] & 0xff);
+
+				currentPos += 4;
+
+				if (currentPos == 64)
+				{
+					perform();
+					currentPos = 0;
+				}
+
+				currentLen += 64;
+				len -= 8;
+			}
+
+			while (len < 0) //(len >= 4)
+			{
+				w[currentPos >> 2] = ((b[off++] & 0xff) << 24) | ((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8)
+						| (b[off++] & 0xff);
+				len -= 4;
+				currentPos += 4;
+				currentLen += 32;
+				if (currentPos == 64)
+				{
+					perform();
+					currentPos = 0;
+				}
+			}
+		}
+
+		/* Remaining bytes (1-3) */
+
+		while (len > 0)
+		{
+			/* Here is room for further improvements */
+			int idx = currentPos >> 2;
+			w[idx] = (w[idx] << 8) | (b[off++] & 0xff);
+
+			currentLen += 8;
+			currentPos++;
+
+			if (currentPos == 64)
+			{
+				perform();
+				currentPos = 0;
+			}
+			len--;
+		}
+	}
+
+	public void update(byte b)
+	{
+		int idx = currentPos >> 2;
+		w[idx] = (w[idx] << 8) | (b & 0xff);
+
+		currentLen += 8;
+		currentPos++;
+
+		if (currentPos == 64)
+		{
+			perform();
+			currentPos = 0;
+		}
+	}
+
+	private void putInt(byte[] b, int pos, int val)
+	{
+		b[pos] = (byte) (val >> 24);
+		b[pos + 1] = (byte) (val >> 16);
+		b[pos + 2] = (byte) (val >> 8);
+		b[pos + 3] = (byte) val;
+	}
+
+	public void digest(byte[] out)
+	{
+		digest(out, 0);
+	}
+
+	public void digest(byte[] out, int off)
+	{
+		/* Pad with a '1' and 7-31 zero bits... */
+
+		int idx = currentPos >> 2;
+		w[idx] = ((w[idx] << 8) | (0x80)) << ((3 - (currentPos & 3)) << 3);
+
+		currentPos = (currentPos & ~3) + 4;
+
+		if (currentPos == 64)
+		{
+			currentPos = 0;
+			perform();
+		}
+		else if (currentPos == 60)
+		{
+			currentPos = 0;
+			w[15] = 0;
+			perform();
+		}
+
+		/* Now currentPos is a multiple of 4 and we can do the remaining
+		 * padding much more efficiently, furthermore we are sure
+		 * that currentPos <= 56.
+		 */
+
+		for (int i = currentPos >> 2; i < 14; i++)
+			w[i] = 0;
+
+		w[14] = (int) (currentLen >> 32);
+		w[15] = (int) currentLen;
+
+		perform();
+
+		putInt(out, off, H0);
+		putInt(out, off + 4, H1);
+		putInt(out, off + 8, H2);
+		putInt(out, off + 12, H3);
+		putInt(out, off + 16, H4);
+
+		reset();
+	}
+
+	private void perform()
+	{
+		for (int t = 16; t < 80; t++)
+		{
+			int x = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
+			w[t] = ((x << 1) | (x >>> 31));
+		}
+
+		int A = H0;
+		int B = H1;
+		int C = H2;
+		int D = H3;
+		int E = H4;
+
+		/* Here we use variable substitution and loop unrolling
+		 * 
+		 * === Original step:
+		 * 
+		 * T = s5(A) + f(B,C,D) + E + w[0] + K;
+		 * E = D; D = C; C = s30(B); B = A; A = T;
+		 * 
+		 * === Rewritten step:
+		 * 
+		 * T = s5(A + f(B,C,D) + E + w[0] + K;
+		 * B = s30(B);
+		 * E = D; D = C; C = B; B = A; A = T;
+		 * 
+		 * === Let's rewrite things, introducing new variables:
+		 * 
+		 * E0 = E; D0 = D; C0 = C; B0 = B; A0 = A;
+		 * 
+		 * T = s5(A0) + f(B0,C0,D0) + E0 + w[0] + K;
+		 * B0 = s30(B0);
+		 * E1 = D0; D1 = C0; C1 = B0; B1 = A0; A1 = T;
+		 * 
+		 * T = s5(A1) + f(B1,C1,D1) + E1 + w[1] + K;
+		 * B1 = s30(B1);
+		 * E2 = D1; D2 = C1; C2 = B1; B2 = A1; A2 = T;
+		 * 
+		 * E = E2; D = E2; C = C2; B = B2; A = A2;
+		 * 
+		 * === No need for 'T', we can write into 'Ex' instead since
+		 * after the calculation of 'T' nobody is interested
+		 * in 'Ex' anymore. 
+		 * 
+		 * E0 = E; D0 = D; C0 = C; B0 = B; A0 = A;
+		 * 
+		 * E0 = E0 + s5(A0) + f(B0,C0,D0) + w[0] + K;
+		 * B0 = s30(B0);
+		 * E1 = D0; D1 = C0; C1 = B0; B1 = A0; A1 = E0;
+		 * 
+		 * E1 = E1 + s5(A1) + f(B1,C1,D1) + w[1] + K;
+		 * B1 = s30(B1);
+		 * E2 = D1; D2 = C1; C2 = B1; B2 = A1; A2 = E1;
+		 * 
+		 * E = Ex; D = Ex; C = Cx; B = Bx; A = Ax;
+		 * 
+		 * === Further optimization: get rid of the swap operations
+		 * Idea: instead of swapping the variables, swap the names of
+		 * the used variables in the next step:
+		 * 
+		 * E0 = E; D0 = d; C0 = C; B0 = B; A0 = A;
+		 * 
+		 * E0 = E0 + s5(A0) + f(B0,C0,D0) + w[0] + K;
+		 * B0 = s30(B0);
+		 * // E1 = D0; D1 = C0; C1 = B0; B1 = A0; A1 = E0;
+		 * 
+		 * D0 = D0 + s5(E0) + f(A0,B0,C0) + w[1] + K;
+		 * A0 = s30(A0);
+		 * E2 = C0; D2 = B0; C2 = A0; B2 = E0; A2 = D0;
+		 * 
+		 * E = E2; D = D2; C = C2; B = B2; A = A2;
+		 * 
+		 * === OK, let's do this several times, also, directly
+		 * use A (instead of A0) and B,C,D,E.
+		 * 
+		 * E = E + s5(A) + f(B,C,D) + w[0] + K;
+		 * B = s30(B);
+		 * // E1 = D; D1 = C; C1 = B; B1 = A; A1 = E;
+		 * 
+		 * D = D + s5(E) + f(A,B,C) + w[1] + K;
+		 * A = s30(A);
+		 * // E2 = C; D2 = B; C2 = A; B2 = E; A2 = D;
+		 * 
+		 * C = C + s5(D) + f(E,A,B) + w[2] + K;
+		 * E = s30(E);
+		 * // E3 = B; D3 = A; C3 = E; B3 = D; A3 = C;
+		 * 
+		 * B = B + s5(C) + f(D,E,A) + w[3] + K;
+		 * D = s30(D);
+		 * // E4 = A; D4 = E; C4 = D; B4 = C; A4 = B;
+		 * 
+		 * A = A + s5(B) + f(C,D,E) + w[4] + K;
+		 * C = s30(C);
+		 * // E5 = E; D5 = D; C5 = C; B5 = B; A5 = A;
+		 * 
+		 * //E = E5; D = D5; C = C5; B = B5; A = A5;
+		 * 
+		 * === Very nice, after 5 steps each variable
+		 * has the same contents as after 5 steps with
+		 * the original algorithm!
+		 * 
+		 * We therefore can easily unroll each interval,
+		 * as the number of steps in each interval is a
+		 * multiple of 5 (20 steps per interval).
+		 */
+
+		E += ((A << 5) | (A >>> 27)) + ((B & C) | ((~B) & D)) + w[0] + 0x5A827999;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + ((A & B) | ((~A) & C)) + w[1] + 0x5A827999;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + ((E & A) | ((~E) & B)) + w[2] + 0x5A827999;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + ((D & E) | ((~D) & A)) + w[3] + 0x5A827999;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + ((C & D) | ((~C) & E)) + w[4] + 0x5A827999;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + ((B & C) | ((~B) & D)) + w[5] + 0x5A827999;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + ((A & B) | ((~A) & C)) + w[6] + 0x5A827999;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + ((E & A) | ((~E) & B)) + w[7] + 0x5A827999;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + ((D & E) | ((~D) & A)) + w[8] + 0x5A827999;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + ((C & D) | ((~C) & E)) + w[9] + 0x5A827999;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + ((B & C) | ((~B) & D)) + w[10] + 0x5A827999;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + ((A & B) | ((~A) & C)) + w[11] + 0x5A827999;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + ((E & A) | ((~E) & B)) + w[12] + 0x5A827999;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + ((D & E) | ((~D) & A)) + w[13] + 0x5A827999;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + ((C & D) | ((~C) & E)) + w[14] + 0x5A827999;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + ((B & C) | ((~B) & D)) + w[15] + 0x5A827999;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + ((A & B) | ((~A) & C)) + w[16] + 0x5A827999;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + ((E & A) | ((~E) & B)) + w[17] + 0x5A827999;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + ((D & E) | ((~D) & A)) + w[18] + 0x5A827999;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + ((C & D) | ((~C) & E)) + w[19] + 0x5A827999;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[20] + 0x6ED9EBA1;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[21] + 0x6ED9EBA1;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[22] + 0x6ED9EBA1;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[23] + 0x6ED9EBA1;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[24] + 0x6ED9EBA1;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[25] + 0x6ED9EBA1;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[26] + 0x6ED9EBA1;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[27] + 0x6ED9EBA1;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[28] + 0x6ED9EBA1;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[29] + 0x6ED9EBA1;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[30] + 0x6ED9EBA1;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[31] + 0x6ED9EBA1;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[32] + 0x6ED9EBA1;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[33] + 0x6ED9EBA1;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[34] + 0x6ED9EBA1;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[35] + 0x6ED9EBA1;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[36] + 0x6ED9EBA1;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[37] + 0x6ED9EBA1;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[38] + 0x6ED9EBA1;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[39] + 0x6ED9EBA1;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + ((B & C) | (B & D) | (C & D)) + w[40] + 0x8F1BBCDC;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + ((A & B) | (A & C) | (B & C)) + w[41] + 0x8F1BBCDC;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + ((E & A) | (E & B) | (A & B)) + w[42] + 0x8F1BBCDC;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + ((D & E) | (D & A) | (E & A)) + w[43] + 0x8F1BBCDC;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + ((C & D) | (C & E) | (D & E)) + w[44] + 0x8F1BBCDC;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + ((B & C) | (B & D) | (C & D)) + w[45] + 0x8F1BBCDC;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + ((A & B) | (A & C) | (B & C)) + w[46] + 0x8F1BBCDC;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + ((E & A) | (E & B) | (A & B)) + w[47] + 0x8F1BBCDC;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + ((D & E) | (D & A) | (E & A)) + w[48] + 0x8F1BBCDC;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + ((C & D) | (C & E) | (D & E)) + w[49] + 0x8F1BBCDC;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + ((B & C) | (B & D) | (C & D)) + w[50] + 0x8F1BBCDC;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + ((A & B) | (A & C) | (B & C)) + w[51] + 0x8F1BBCDC;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + ((E & A) | (E & B) | (A & B)) + w[52] + 0x8F1BBCDC;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + ((D & E) | (D & A) | (E & A)) + w[53] + 0x8F1BBCDC;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + ((C & D) | (C & E) | (D & E)) + w[54] + 0x8F1BBCDC;
+		C = ((C << 30) | (C >>> 2));
+
+		E = E + ((A << 5) | (A >>> 27)) + ((B & C) | (B & D) | (C & D)) + w[55] + 0x8F1BBCDC;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + ((A & B) | (A & C) | (B & C)) + w[56] + 0x8F1BBCDC;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + ((E & A) | (E & B) | (A & B)) + w[57] + 0x8F1BBCDC;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + ((D & E) | (D & A) | (E & A)) + w[58] + 0x8F1BBCDC;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + ((C & D) | (C & E) | (D & E)) + w[59] + 0x8F1BBCDC;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[60] + 0xCA62C1D6;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[61] + 0xCA62C1D6;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[62] + 0xCA62C1D6;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[63] + 0xCA62C1D6;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[64] + 0xCA62C1D6;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[65] + 0xCA62C1D6;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[66] + 0xCA62C1D6;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[67] + 0xCA62C1D6;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[68] + 0xCA62C1D6;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[69] + 0xCA62C1D6;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[70] + 0xCA62C1D6;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[71] + 0xCA62C1D6;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[72] + 0xCA62C1D6;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[73] + 0xCA62C1D6;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[74] + 0xCA62C1D6;
+		C = ((C << 30) | (C >>> 2));
+
+		E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[75] + 0xCA62C1D6;
+		B = ((B << 30) | (B >>> 2));
+
+		D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[76] + 0xCA62C1D6;
+		A = ((A << 30) | (A >>> 2));
+
+		C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[77] + 0xCA62C1D6;
+		E = ((E << 30) | (E >>> 2));
+
+		B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[78] + 0xCA62C1D6;
+		D = ((D << 30) | (D >>> 2));
+
+		A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[79] + 0xCA62C1D6;
+		C = ((C << 30) | (C >>> 2));
+
+		H0 += A;
+		H1 += B;
+		H2 += C;
+		H3 += D;
+		H4 += E;
+
+		// debug(80, H0, H1, H2, H3, H4);
+	}
+
+	private static String toHexString(byte[] b)
+	{
+		final String hexChar = "0123456789ABCDEF";
+
+		StringBuilder sb = new StringBuilder();
+		for (int i = 0; i < b.length; i++)
+		{
+			sb.append(hexChar.charAt((b[i] >> 4) & 0x0f));
+			sb.append(hexChar.charAt(b[i] & 0x0f));
+		}
+		return sb.toString();
+	}
+
+	public static void main(String[] args)
+	{
+		SHA1 sha = new SHA1();
+
+		byte[] dig1 = new byte[20];
+		byte[] dig2 = new byte[20];
+		byte[] dig3 = new byte[20];
+
+		/*
+		 * We do not specify a charset name for getBytes(), since we assume that
+		 * the JVM's default encoder maps the _used_ ASCII characters exactly as
+		 * getBytes("US-ASCII") would do. (Ah, yes, too lazy to catch the
+		 * exception that can be thrown by getBytes("US-ASCII")). Note: This has
+		 * no effect on the SHA-1 implementation, this is just for the following
+		 * test code.
+		 */
+
+		sha.update("abc".getBytes());
+		sha.digest(dig1);
+
+		sha.update("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq".getBytes());
+		sha.digest(dig2);
+
+		for (int i = 0; i < 1000000; i++)
+			sha.update((byte) 'a');
+		sha.digest(dig3);
+
+		String dig1_res = toHexString(dig1);
+		String dig2_res = toHexString(dig2);
+		String dig3_res = toHexString(dig3);
+
+		String dig1_ref = "A9993E364706816ABA3E25717850C26C9CD0D89D";
+		String dig2_ref = "84983E441C3BD26EBAAE4AA1F95129E5E54670F1";
+		String dig3_ref = "34AA973CD4C4DAA4F61EEB2BDBAD27316534016F";
+
+		if (dig1_res.equals(dig1_ref))
+			System.out.println("SHA-1 Test 1 OK.");
+		else
+			System.out.println("SHA-1 Test 1 FAILED.");
+
+		if (dig2_res.equals(dig2_ref))
+			System.out.println("SHA-1 Test 2 OK.");
+		else
+			System.out.println("SHA-1 Test 2 FAILED.");
+
+		if (dig3_res.equals(dig3_ref))
+			System.out.println("SHA-1 Test 3 OK.");
+		else
+			System.out.println("SHA-1 Test 3 FAILED.");
+
+		if (dig3_res.equals(dig3_ref))
+			System.out.println("SHA-1 Test 3 OK.");
+		else
+			System.out.println("SHA-1 Test 3 FAILED.");
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/log/Logger.java b/src/main/java/ch/ethz/ssh2/log/Logger.java
new file mode 100644
index 0000000..1f1c6c7
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/log/Logger.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.log;
+
+import java.util.logging.Level;
+
+/**
+ * Logger delegating to JRE logging.
+ *
+ * @author Christian Plattner
+ * @version $Id: Logger.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class Logger
+{
+
+	private java.util.logging.Logger delegate;
+
+	public static Logger getLogger(Class x)
+	{
+		return new Logger(x);
+	}
+
+	public Logger(Class x)
+	{
+		this.delegate = java.util.logging.Logger.getLogger(x.getName());
+	}
+
+	public boolean isDebugEnabled()
+	{
+		return delegate.isLoggable(Level.FINER);
+	}
+
+	public void debug(String message)
+	{
+		delegate.fine(message);
+	}
+
+	public boolean isInfoEnabled()
+	{
+		return delegate.isLoggable(Level.FINE);
+	}
+
+	public void info(String message)
+	{
+		delegate.info(message);
+	}
+
+	public boolean isWarningEnabled()
+	{
+		return delegate.isLoggable(Level.WARNING);
+	}
+
+	public void warning(String message)
+	{
+		delegate.warning(message);
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketChannelOpenConfirmation.java b/src/main/java/ch/ethz/ssh2/packets/PacketChannelOpenConfirmation.java
new file mode 100644
index 0000000..e336817
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketChannelOpenConfirmation.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketChannelOpenConfirmation.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketChannelOpenConfirmation
+{
+	byte[] payload;
+
+	public int recipientChannelID;
+	public int senderChannelID;
+	public int initialWindowSize;
+	public int maxPacketSize;
+
+	public PacketChannelOpenConfirmation(int recipientChannelID, int senderChannelID, int initialWindowSize,
+			int maxPacketSize)
+	{
+		this.recipientChannelID = recipientChannelID;
+		this.senderChannelID = senderChannelID;
+		this.initialWindowSize = initialWindowSize;
+		this.maxPacketSize = maxPacketSize;
+	}
+
+	public PacketChannelOpenConfirmation(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_CHANNEL_OPEN_CONFIRMATION)
+			throw new IOException(
+					"This is not a SSH_MSG_CHANNEL_OPEN_CONFIRMATION! ("
+							+ packet_type + ")");
+
+		recipientChannelID = tr.readUINT32();
+		senderChannelID = tr.readUINT32();
+		initialWindowSize = tr.readUINT32();
+		maxPacketSize = tr.readUINT32();
+		
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_CHANNEL_OPEN_CONFIRMATION packet!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
+			tw.writeUINT32(recipientChannelID);
+			tw.writeUINT32(senderChannelID);
+			tw.writeUINT32(initialWindowSize);
+			tw.writeUINT32(maxPacketSize);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketChannelOpenFailure.java b/src/main/java/ch/ethz/ssh2/packets/PacketChannelOpenFailure.java
new file mode 100644
index 0000000..aa78a25
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketChannelOpenFailure.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketChannelOpenFailure.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketChannelOpenFailure
+{
+	byte[] payload;
+
+	public int recipientChannelID;
+	public int reasonCode;
+	public String description;
+	public String languageTag;
+
+	public PacketChannelOpenFailure(int recipientChannelID, int reasonCode, String description,
+			String languageTag)
+	{
+		this.recipientChannelID = recipientChannelID;
+		this.reasonCode = reasonCode;
+		this.description = description;
+		this.languageTag = languageTag;
+	}
+
+	public PacketChannelOpenFailure(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_CHANNEL_OPEN_FAILURE)
+			throw new IOException(
+					"This is not a SSH_MSG_CHANNEL_OPEN_FAILURE! ("
+							+ packet_type + ")");
+
+		recipientChannelID = tr.readUINT32();
+		reasonCode = tr.readUINT32();
+		description = tr.readString();
+		languageTag = tr.readString();
+		
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_CHANNEL_OPEN_FAILURE packet!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_OPEN_FAILURE);
+			tw.writeUINT32(recipientChannelID);
+			tw.writeUINT32(reasonCode);
+			tw.writeString(description);
+			tw.writeString(languageTag);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketChannelWindowAdjust.java b/src/main/java/ch/ethz/ssh2/packets/PacketChannelWindowAdjust.java
new file mode 100644
index 0000000..74c4916
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketChannelWindowAdjust.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketChannelWindowAdjust.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketChannelWindowAdjust
+{
+	byte[] payload;
+
+	public int recipientChannelID;
+	public int windowChange;
+
+	public PacketChannelWindowAdjust(int recipientChannelID, int windowChange)
+	{
+		this.recipientChannelID = recipientChannelID;
+		this.windowChange = windowChange;
+	}
+
+	public PacketChannelWindowAdjust(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_CHANNEL_WINDOW_ADJUST)
+			throw new IOException(
+					"This is not a SSH_MSG_CHANNEL_WINDOW_ADJUST! ("
+							+ packet_type + ")");
+
+		recipientChannelID = tr.readUINT32();
+		windowChange = tr.readUINT32();
+		
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_CHANNEL_WINDOW_ADJUST packet!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_WINDOW_ADJUST);
+			tw.writeUINT32(recipientChannelID);
+			tw.writeUINT32(windowChange);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketDisconnect.java b/src/main/java/ch/ethz/ssh2/packets/PacketDisconnect.java
new file mode 100644
index 0000000..b29fd7e
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketDisconnect.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+import java.io.IOException;
+
+/**
+ * PacketDisconnect.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketDisconnect
+{
+	byte[] payload;
+
+	int reason;
+	String desc;
+	String lang;
+
+	public PacketDisconnect(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_DISCONNECT)
+			throw new IOException("This is not a Disconnect Packet! ("
+					+ packet_type + ")");
+
+		reason = tr.readUINT32();
+		desc = tr.readString();
+		lang = tr.readString();
+	}
+
+	public PacketDisconnect(int reason, String desc, String lang)
+	{
+		this.reason = reason;
+		this.desc = desc;
+		this.lang = lang;
+	}
+	
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_DISCONNECT);
+			tw.writeUINT32(reason);
+			tw.writeString(desc);
+			tw.writeString(lang);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketGlobalCancelForwardRequest.java b/src/main/java/ch/ethz/ssh2/packets/PacketGlobalCancelForwardRequest.java
new file mode 100644
index 0000000..ff02d0f
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketGlobalCancelForwardRequest.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * PacketGlobalCancelForwardRequest.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketGlobalCancelForwardRequest
+{
+	byte[] payload;
+
+	public boolean wantReply;
+	public String bindAddress;
+	public int bindPort;
+
+	public PacketGlobalCancelForwardRequest(boolean wantReply, String bindAddress, int bindPort)
+	{
+		this.wantReply = wantReply;
+		this.bindAddress = bindAddress;
+		this.bindPort = bindPort;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_GLOBAL_REQUEST);
+			
+			tw.writeString("cancel-tcpip-forward");
+			tw.writeBoolean(wantReply);
+			tw.writeString(bindAddress);
+			tw.writeUINT32(bindPort);
+
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketGlobalForwardRequest.java b/src/main/java/ch/ethz/ssh2/packets/PacketGlobalForwardRequest.java
new file mode 100644
index 0000000..396dc16
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketGlobalForwardRequest.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * PacketGlobalForwardRequest.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketGlobalForwardRequest
+{
+	byte[] payload;
+
+	public boolean wantReply;
+	public String bindAddress;
+	public int bindPort;
+
+	public PacketGlobalForwardRequest(boolean wantReply, String bindAddress, int bindPort)
+	{
+		this.wantReply = wantReply;
+		this.bindAddress = bindAddress;
+		this.bindPort = bindPort;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_GLOBAL_REQUEST);
+			
+			tw.writeString("tcpip-forward");
+			tw.writeBoolean(wantReply);
+			tw.writeString(bindAddress);
+			tw.writeUINT32(bindPort);
+
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketIgnore.java b/src/main/java/ch/ethz/ssh2/packets/PacketIgnore.java
new file mode 100644
index 0000000..369ee88
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketIgnore.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketIgnore.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketIgnore
+{
+	byte[] payload;
+
+	byte[] data;
+
+	public void setData(byte[] data)
+	{
+		this.data = data;
+		payload = null;
+	}
+
+	public PacketIgnore()
+	{
+	}
+
+	public PacketIgnore(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_IGNORE)
+			throw new IOException("This is not a SSH_MSG_IGNORE packet! (" + packet_type + ")");
+
+		/* Could parse String body */
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_IGNORE);
+
+			if (data != null)
+				tw.writeString(data, 0, data.length);
+			else
+				tw.writeString("");
+
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketKexDHInit.java b/src/main/java/ch/ethz/ssh2/packets/PacketKexDHInit.java
new file mode 100644
index 0000000..3cfd6ae
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketKexDHInit.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.math.BigInteger;
+
+/**
+ * PacketKexDHInit.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketKexDHInit
+{
+	byte[] payload;
+
+	BigInteger e;
+
+	public PacketKexDHInit(BigInteger e)
+	{
+		this.e = e;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_KEXDH_INIT);
+			tw.writeMPInt(e);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketKexDHReply.java b/src/main/java/ch/ethz/ssh2/packets/PacketKexDHReply.java
new file mode 100644
index 0000000..1d6510f
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketKexDHReply.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+/**
+ * PacketKexDHReply.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketKexDHReply
+{
+	byte[] payload;
+
+	byte[] hostKey;
+	BigInteger f;
+	byte[] signature;
+	
+	public PacketKexDHReply(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_KEXDH_REPLY)
+			throw new IOException("This is not a SSH_MSG_KEXDH_REPLY! ("
+					+ packet_type + ")");
+
+		hostKey = tr.readByteString();
+		f = tr.readMPINT();
+		signature = tr.readByteString();
+
+		if (tr.remain() != 0) throw new IOException("PADDING IN SSH_MSG_KEXDH_REPLY!");
+	}
+
+	public BigInteger getF()
+	{
+		return f;
+	}
+	
+	public byte[] getHostKey()
+	{
+		return hostKey;
+	}
+
+	public byte[] getSignature()
+	{
+		return signature;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexGroup.java b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexGroup.java
new file mode 100644
index 0000000..4a4a69a
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexGroup.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+/**
+ * PacketKexDhGexGroup.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketKexDhGexGroup
+{
+	byte[] payload;
+
+	BigInteger p;
+	BigInteger g;
+
+	public PacketKexDhGexGroup(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_KEX_DH_GEX_GROUP)
+			throw new IllegalArgumentException(
+					"This is not a SSH_MSG_KEX_DH_GEX_GROUP! (" + packet_type
+							+ ")");
+
+		p = tr.readMPINT();
+		g = tr.readMPINT();
+
+		if (tr.remain() != 0)
+			throw new IOException("PADDING IN SSH_MSG_KEX_DH_GEX_GROUP!");
+	}
+
+	public BigInteger getG()
+	{
+		return g;
+	}
+
+	public BigInteger getP()
+	{
+		return p;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexInit.java b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexInit.java
new file mode 100644
index 0000000..0726029
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexInit.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.math.BigInteger;
+
+/**
+ * PacketKexDhGexInit.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketKexDhGexInit
+{
+	byte[] payload;
+
+	BigInteger e;
+
+	public PacketKexDhGexInit(BigInteger e)
+	{
+		this.e = e;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_KEX_DH_GEX_INIT);
+			tw.writeMPInt(e);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexReply.java b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexReply.java
new file mode 100644
index 0000000..a330ccb
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexReply.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+/**
+ * PacketKexDhGexReply.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketKexDhGexReply
+{
+	byte[] payload;
+
+	byte[] hostKey;
+	BigInteger f;
+	byte[] signature;
+
+	public PacketKexDhGexReply(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_KEX_DH_GEX_REPLY)
+			throw new IOException("This is not a SSH_MSG_KEX_DH_GEX_REPLY! (" + packet_type + ")");
+
+		hostKey = tr.readByteString();
+		f = tr.readMPINT();
+		signature = tr.readByteString();
+
+		if (tr.remain() != 0)
+			throw new IOException("PADDING IN SSH_MSG_KEX_DH_GEX_REPLY!");
+	}
+
+	public BigInteger getF()
+	{
+		return f;
+	}
+
+	public byte[] getHostKey()
+	{
+		return hostKey;
+	}
+
+	public byte[] getSignature()
+	{
+		return signature;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequest.java b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequest.java
new file mode 100644
index 0000000..9cf8db8
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequest.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import ch.ethz.ssh2.DHGexParameters;
+
+/**
+ * PacketKexDhGexRequest.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketKexDhGexRequest
+{
+	byte[] payload;
+
+	int min;
+	int n;
+	int max;
+
+	public PacketKexDhGexRequest(DHGexParameters para)
+	{
+		this.min = para.getMin_group_len();
+		this.n = para.getPref_group_len();
+		this.max = para.getMax_group_len();
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_KEX_DH_GEX_REQUEST);
+			tw.writeUINT32(min);
+			tw.writeUINT32(n);
+			tw.writeUINT32(max);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequestOld.java b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequestOld.java
new file mode 100644
index 0000000..a97c655
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequestOld.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import ch.ethz.ssh2.DHGexParameters;
+
+/**
+ * PacketKexDhGexRequestOld.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketKexDhGexRequestOld
+{
+	byte[] payload;
+
+	int n;
+
+	public PacketKexDhGexRequestOld(DHGexParameters para)
+	{
+		this.n = para.getPref_group_len();
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_KEX_DH_GEX_REQUEST_OLD);
+			tw.writeUINT32(n);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketKexInit.java b/src/main/java/ch/ethz/ssh2/packets/PacketKexInit.java
new file mode 100644
index 0000000..d3549d1
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketKexInit.java
@@ -0,0 +1,167 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+
+import ch.ethz.ssh2.crypto.CryptoWishList;
+import ch.ethz.ssh2.transport.KexParameters;
+
+/**
+ * PacketKexInit.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketKexInit
+{
+	byte[] payload;
+
+	KexParameters kp = new KexParameters();
+
+	public PacketKexInit(CryptoWishList cwl, SecureRandom rnd)
+	{
+		kp.cookie = new byte[16];
+		rnd.nextBytes(kp.cookie);
+
+		kp.kex_algorithms = cwl.kexAlgorithms;
+		kp.server_host_key_algorithms = cwl.serverHostKeyAlgorithms;
+		kp.encryption_algorithms_client_to_server = cwl.c2s_enc_algos;
+		kp.encryption_algorithms_server_to_client = cwl.s2c_enc_algos;
+		kp.mac_algorithms_client_to_server = cwl.c2s_mac_algos;
+		kp.mac_algorithms_server_to_client = cwl.s2c_mac_algos;
+		kp.compression_algorithms_client_to_server = new String[] { "none" };
+		kp.compression_algorithms_server_to_client = new String[] { "none" };
+		kp.languages_client_to_server = new String[] {};
+		kp.languages_server_to_client = new String[] {};
+		kp.first_kex_packet_follows = false;
+		kp.reserved_field1 = 0;
+	}
+
+	public PacketKexInit(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_KEXINIT)
+			throw new IOException("This is not a KexInitPacket! (" + packet_type + ")");
+
+		kp.cookie = tr.readBytes(16);
+		kp.kex_algorithms = tr.readNameList();
+		kp.server_host_key_algorithms = tr.readNameList();
+		kp.encryption_algorithms_client_to_server = tr.readNameList();
+		kp.encryption_algorithms_server_to_client = tr.readNameList();
+		kp.mac_algorithms_client_to_server = tr.readNameList();
+		kp.mac_algorithms_server_to_client = tr.readNameList();
+		kp.compression_algorithms_client_to_server = tr.readNameList();
+		kp.compression_algorithms_server_to_client = tr.readNameList();
+		kp.languages_client_to_server = tr.readNameList();
+		kp.languages_server_to_client = tr.readNameList();
+		kp.first_kex_packet_follows = tr.readBoolean();
+		kp.reserved_field1 = tr.readUINT32();
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in KexInitPacket!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_KEXINIT);
+			tw.writeBytes(kp.cookie, 0, 16);
+			tw.writeNameList(kp.kex_algorithms);
+			tw.writeNameList(kp.server_host_key_algorithms);
+			tw.writeNameList(kp.encryption_algorithms_client_to_server);
+			tw.writeNameList(kp.encryption_algorithms_server_to_client);
+			tw.writeNameList(kp.mac_algorithms_client_to_server);
+			tw.writeNameList(kp.mac_algorithms_server_to_client);
+			tw.writeNameList(kp.compression_algorithms_client_to_server);
+			tw.writeNameList(kp.compression_algorithms_server_to_client);
+			tw.writeNameList(kp.languages_client_to_server);
+			tw.writeNameList(kp.languages_server_to_client);
+			tw.writeBoolean(kp.first_kex_packet_follows);
+			tw.writeUINT32(kp.reserved_field1);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+
+	public KexParameters getKexParameters()
+	{
+		return kp;
+	}
+
+	public String[] getCompression_algorithms_client_to_server()
+	{
+		return kp.compression_algorithms_client_to_server;
+	}
+
+	public String[] getCompression_algorithms_server_to_client()
+	{
+		return kp.compression_algorithms_server_to_client;
+	}
+
+	public byte[] getCookie()
+	{
+		return kp.cookie;
+	}
+
+	public String[] getEncryption_algorithms_client_to_server()
+	{
+		return kp.encryption_algorithms_client_to_server;
+	}
+
+	public String[] getEncryption_algorithms_server_to_client()
+	{
+		return kp.encryption_algorithms_server_to_client;
+	}
+
+	public boolean isFirst_kex_packet_follows()
+	{
+		return kp.first_kex_packet_follows;
+	}
+
+	public String[] getKex_algorithms()
+	{
+		return kp.kex_algorithms;
+	}
+
+	public String[] getLanguages_client_to_server()
+	{
+		return kp.languages_client_to_server;
+	}
+
+	public String[] getLanguages_server_to_client()
+	{
+		return kp.languages_server_to_client;
+	}
+
+	public String[] getMac_algorithms_client_to_server()
+	{
+		return kp.mac_algorithms_client_to_server;
+	}
+
+	public String[] getMac_algorithms_server_to_client()
+	{
+		return kp.mac_algorithms_server_to_client;
+	}
+
+	public int getReserved_field1()
+	{
+		return kp.reserved_field1;
+	}
+
+	public String[] getServer_host_key_algorithms()
+	{
+		return kp.server_host_key_algorithms;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketNewKeys.java b/src/main/java/ch/ethz/ssh2/packets/PacketNewKeys.java
new file mode 100644
index 0000000..684de4a
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketNewKeys.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketNewKeys.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketNewKeys
+{
+	byte[] payload;
+
+	public PacketNewKeys()
+	{
+	}
+	
+	public PacketNewKeys(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_NEWKEYS)
+			throw new IOException("This is not a SSH_MSG_NEWKEYS! ("
+					+ packet_type + ")");
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_NEWKEYS packet!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_NEWKEYS);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketOpenDirectTCPIPChannel.java b/src/main/java/ch/ethz/ssh2/packets/PacketOpenDirectTCPIPChannel.java
new file mode 100644
index 0000000..47d7d03
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketOpenDirectTCPIPChannel.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * PacketOpenDirectTCPIPChannel.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketOpenDirectTCPIPChannel
+{
+	byte[] payload;
+
+	int channelID;
+	int initialWindowSize;
+	int maxPacketSize;
+
+	String host_to_connect;
+	int port_to_connect;
+	String originator_IP_address;
+	int originator_port;
+
+	public PacketOpenDirectTCPIPChannel(int channelID, int initialWindowSize, int maxPacketSize,
+			String host_to_connect, int port_to_connect, String originator_IP_address,
+			int originator_port)
+	{
+		this.channelID = channelID;
+		this.initialWindowSize = initialWindowSize;
+		this.maxPacketSize = maxPacketSize;
+		this.host_to_connect = host_to_connect;
+		this.port_to_connect = port_to_connect;
+		this.originator_IP_address = originator_IP_address;
+		this.originator_port = originator_port;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_OPEN);
+			tw.writeString("direct-tcpip");
+			tw.writeUINT32(channelID);
+			tw.writeUINT32(initialWindowSize);
+			tw.writeUINT32(maxPacketSize);
+			tw.writeString(host_to_connect);
+			tw.writeUINT32(port_to_connect);
+			tw.writeString(originator_IP_address);
+			tw.writeUINT32(originator_port);
+
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketOpenSessionChannel.java b/src/main/java/ch/ethz/ssh2/packets/PacketOpenSessionChannel.java
new file mode 100644
index 0000000..dc07b80
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketOpenSessionChannel.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketOpenSessionChannel.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketOpenSessionChannel
+{
+	byte[] payload;
+
+	int channelID;
+	int initialWindowSize;
+	int maxPacketSize;
+
+	public PacketOpenSessionChannel(int channelID, int initialWindowSize,
+			int maxPacketSize)
+	{
+		this.channelID = channelID;
+		this.initialWindowSize = initialWindowSize;
+		this.maxPacketSize = maxPacketSize;
+	}
+
+	public PacketOpenSessionChannel(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_CHANNEL_OPEN)
+			throw new IOException("This is not a SSH_MSG_CHANNEL_OPEN! ("
+					+ packet_type + ")");
+
+		channelID = tr.readUINT32();
+		initialWindowSize = tr.readUINT32();
+		maxPacketSize = tr.readUINT32();
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_CHANNEL_OPEN packet!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_OPEN);
+			tw.writeString("session");
+			tw.writeUINT32(channelID);
+			tw.writeUINT32(initialWindowSize);
+			tw.writeUINT32(maxPacketSize);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketServiceAccept.java b/src/main/java/ch/ethz/ssh2/packets/PacketServiceAccept.java
new file mode 100644
index 0000000..e696175
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketServiceAccept.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketServiceAccept.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketServiceAccept
+{
+	byte[] payload;
+
+	String serviceName;
+	
+	public PacketServiceAccept(String serviceName)
+	{
+		this.serviceName = serviceName;
+	}
+
+	public PacketServiceAccept(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_SERVICE_ACCEPT)
+			throw new IOException("This is not a SSH_MSG_SERVICE_ACCEPT! ("
+					+ packet_type + ")");
+
+		serviceName = "";
+		
+		if (tr.remain() != 0)
+		{
+			serviceName = tr.readString();
+		}	
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_SERVICE_ACCEPT);
+			tw.writeString(serviceName);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketServiceRequest.java b/src/main/java/ch/ethz/ssh2/packets/PacketServiceRequest.java
new file mode 100644
index 0000000..480f1b1
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketServiceRequest.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketServiceRequest.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketServiceRequest
+{
+	byte[] payload;
+
+	String serviceName;
+
+	public PacketServiceRequest(String serviceName)
+	{
+		this.serviceName = serviceName;
+	}
+
+	public PacketServiceRequest(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_SERVICE_REQUEST)
+			throw new IOException("This is not a SSH_MSG_SERVICE_REQUEST! ("
+					+ packet_type + ")");
+
+		serviceName = tr.readString();
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_SERVICE_REQUEST packet!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_SERVICE_REQUEST);
+			tw.writeString(serviceName);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketSessionExecCommand.java b/src/main/java/ch/ethz/ssh2/packets/PacketSessionExecCommand.java
new file mode 100644
index 0000000..b517f9a
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketSessionExecCommand.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+
+/**
+ * PacketSessionExecCommand.
+ *
+ * @author Christian Plattner
+ * @version $Id: PacketSessionExecCommand.java 5 2011-05-27 12:59:54Z dkocher@sudo.ch $
+ */
+public class PacketSessionExecCommand
+{
+	byte[] payload;
+
+	public int recipientChannelID;
+	public boolean wantReply;
+	public String command;
+
+	public PacketSessionExecCommand(int recipientChannelID, boolean wantReply, String command)
+	{
+		this.recipientChannelID = recipientChannelID;
+		this.wantReply = wantReply;
+		this.command = command;
+	}
+
+	public byte[] getPayload() throws IOException
+	{
+		return this.getPayload(null);
+	}
+
+	public byte[] getPayload(String charsetName) throws UnsupportedEncodingException
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST);
+			tw.writeUINT32(recipientChannelID);
+			tw.writeString("exec");
+			tw.writeBoolean(wantReply);
+			tw.writeString(command, charsetName);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketSessionPtyRequest.java b/src/main/java/ch/ethz/ssh2/packets/PacketSessionPtyRequest.java
new file mode 100644
index 0000000..752aa88
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketSessionPtyRequest.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * PacketSessionPtyRequest.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketSessionPtyRequest
+{
+	byte[] payload;
+
+	public int recipientChannelID;
+	public boolean wantReply;
+	public String term;
+	public int character_width;
+	public int character_height;
+	public int pixel_width;
+	public int pixel_height;
+	public byte[] terminal_modes;
+
+	public PacketSessionPtyRequest(int recipientChannelID, boolean wantReply, String term,
+			int character_width, int character_height, int pixel_width, int pixel_height,
+			byte[] terminal_modes)
+	{
+		this.recipientChannelID = recipientChannelID;
+		this.wantReply = wantReply;
+		this.term = term;
+		this.character_width = character_width;
+		this.character_height = character_height;
+		this.pixel_width = pixel_width;
+		this.pixel_height = pixel_height;
+		this.terminal_modes = terminal_modes;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST);
+			tw.writeUINT32(recipientChannelID);
+			tw.writeString("pty-req");
+			tw.writeBoolean(wantReply);
+			tw.writeString(term);
+			tw.writeUINT32(character_width);
+			tw.writeUINT32(character_height);
+			tw.writeUINT32(pixel_width);
+			tw.writeUINT32(pixel_height);
+			tw.writeString(terminal_modes, 0, terminal_modes.length);
+
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketSessionStartShell.java b/src/main/java/ch/ethz/ssh2/packets/PacketSessionStartShell.java
new file mode 100644
index 0000000..c4f50d5
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketSessionStartShell.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * PacketSessionStartShell.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketSessionStartShell
+{
+	byte[] payload;
+
+	public int recipientChannelID;
+	public boolean wantReply;
+
+	public PacketSessionStartShell(int recipientChannelID, boolean wantReply)
+	{
+		this.recipientChannelID = recipientChannelID;
+		this.wantReply = wantReply;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST);
+			tw.writeUINT32(recipientChannelID);
+			tw.writeString("shell");
+			tw.writeBoolean(wantReply);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketSessionSubsystemRequest.java b/src/main/java/ch/ethz/ssh2/packets/PacketSessionSubsystemRequest.java
new file mode 100644
index 0000000..4ee0fc6
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketSessionSubsystemRequest.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * PacketSessionSubsystemRequest.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketSessionSubsystemRequest
+{
+	byte[] payload;
+
+	public int recipientChannelID;
+	public boolean wantReply;
+	public String subsystem;
+
+	public PacketSessionSubsystemRequest(int recipientChannelID, boolean wantReply, String subsystem)
+	{
+		this.recipientChannelID = recipientChannelID;
+		this.wantReply = wantReply;
+		this.subsystem = subsystem;
+	}
+	
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST);
+			tw.writeUINT32(recipientChannelID);
+			tw.writeString("subsystem");
+			tw.writeBoolean(wantReply);
+			tw.writeString(subsystem);
+			payload = tw.getBytes();
+			tw.getBytes(payload);
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketSessionX11Request.java b/src/main/java/ch/ethz/ssh2/packets/PacketSessionX11Request.java
new file mode 100644
index 0000000..237621e
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketSessionX11Request.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * PacketSessionX11Request.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketSessionX11Request
+{
+	byte[] payload;
+
+	public int recipientChannelID;
+	public boolean wantReply;
+
+	public boolean singleConnection;
+	String x11AuthenticationProtocol;
+	String x11AuthenticationCookie;
+	int x11ScreenNumber;
+
+	public PacketSessionX11Request(int recipientChannelID, boolean wantReply, boolean singleConnection,
+			String x11AuthenticationProtocol, String x11AuthenticationCookie, int x11ScreenNumber)
+	{
+		this.recipientChannelID = recipientChannelID;
+		this.wantReply = wantReply;
+
+		this.singleConnection = singleConnection;
+		this.x11AuthenticationProtocol = x11AuthenticationProtocol;
+		this.x11AuthenticationCookie = x11AuthenticationCookie;
+		this.x11ScreenNumber = x11ScreenNumber;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST);
+			tw.writeUINT32(recipientChannelID);
+			tw.writeString("x11-req");
+			tw.writeBoolean(wantReply);
+
+			tw.writeBoolean(singleConnection);
+			tw.writeString(x11AuthenticationProtocol);
+			tw.writeString(x11AuthenticationCookie);
+			tw.writeUINT32(x11ScreenNumber);
+
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketUserauthBanner.java b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthBanner.java
new file mode 100644
index 0000000..84661db
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthBanner.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketUserauthBanner.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketUserauthBanner
+{
+	byte[] payload;
+
+	String message;
+	String language;
+
+	public PacketUserauthBanner(String message, String language)
+	{
+		this.message = message;
+		this.language = language;
+	}
+
+	public String getBanner()
+	{
+		return message;
+	}
+	
+	public PacketUserauthBanner(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_USERAUTH_BANNER)
+			throw new IOException("This is not a SSH_MSG_USERAUTH_BANNER! (" + packet_type + ")");
+
+		message = tr.readString("UTF-8");
+		language = tr.readString();
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_USERAUTH_REQUEST packet!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_USERAUTH_BANNER);
+			tw.writeString(message);
+			tw.writeString(language);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketUserauthFailure.java b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthFailure.java
new file mode 100644
index 0000000..ee1f5c5
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthFailure.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketUserauthBanner.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketUserauthFailure
+{
+	byte[] payload;
+
+	String[] authThatCanContinue;
+	boolean partialSuccess;
+
+	public PacketUserauthFailure(String[] authThatCanContinue, boolean partialSuccess)
+	{
+		this.authThatCanContinue = authThatCanContinue;
+		this.partialSuccess = partialSuccess;
+	}
+
+	public PacketUserauthFailure(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_USERAUTH_FAILURE)
+			throw new IOException("This is not a SSH_MSG_USERAUTH_FAILURE! (" + packet_type + ")");
+
+		authThatCanContinue = tr.readNameList();
+		partialSuccess = tr.readBoolean();
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_USERAUTH_FAILURE packet!");
+	}
+
+	public String[] getAuthThatCanContinue()
+	{
+		return authThatCanContinue;
+	}
+
+	public boolean isPartialSuccess()
+	{
+		return partialSuccess;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoRequest.java b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoRequest.java
new file mode 100644
index 0000000..20a6891
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoRequest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketUserauthInfoRequest.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketUserauthInfoRequest
+{
+	byte[] payload;
+
+	String name;
+	String instruction;
+	String languageTag;
+	int numPrompts;
+
+	String prompt[];
+	boolean echo[];
+
+	public PacketUserauthInfoRequest(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_USERAUTH_INFO_REQUEST)
+			throw new IOException("This is not a SSH_MSG_USERAUTH_INFO_REQUEST! (" + packet_type + ")");
+
+		name = tr.readString();
+		instruction = tr.readString();
+		languageTag = tr.readString();
+
+		numPrompts = tr.readUINT32();
+
+		prompt = new String[numPrompts];
+		echo = new boolean[numPrompts];
+
+		for (int i = 0; i < numPrompts; i++)
+		{
+			prompt[i] = tr.readString();
+			echo[i] = tr.readBoolean();
+		}
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_USERAUTH_INFO_REQUEST packet!");
+	}
+
+	public boolean[] getEcho()
+	{
+		return echo;
+	}
+
+	public String getInstruction()
+	{
+		return instruction;
+	}
+
+	public String getLanguageTag()
+	{
+		return languageTag;
+	}
+
+	public String getName()
+	{
+		return name;
+	}
+
+	public int getNumPrompts()
+	{
+		return numPrompts;
+	}
+
+	public String[] getPrompt()
+	{
+		return prompt;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoResponse.java b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoResponse.java
new file mode 100644
index 0000000..048e469
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoResponse.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * PacketUserauthInfoResponse.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketUserauthInfoResponse
+{
+	byte[] payload;
+
+	String[] responses;
+
+	public PacketUserauthInfoResponse(String[] responses)
+	{
+		this.responses = responses;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_USERAUTH_INFO_RESPONSE);
+			tw.writeUINT32(responses.length);
+			for (int i = 0; i < responses.length; i++)
+				tw.writeString(responses[i]);
+
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestInteractive.java b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestInteractive.java
new file mode 100644
index 0000000..33907f6
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestInteractive.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * PacketUserauthRequestInteractive.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketUserauthRequestInteractive
+{
+	byte[] payload;
+
+	String userName;
+	String serviceName;
+	String[] submethods;
+
+	public PacketUserauthRequestInteractive(String serviceName, String user, String[] submethods)
+	{
+		this.serviceName = serviceName;
+		this.userName = user;
+		this.submethods = submethods;
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST);
+			tw.writeString(userName);
+			tw.writeString(serviceName);
+			tw.writeString("keyboard-interactive");
+			tw.writeString(""); // draft-ietf-secsh-newmodes-04.txt says that
+			// the language tag should be empty.
+			tw.writeNameList(submethods);
+
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestNone.java b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestNone.java
new file mode 100644
index 0000000..2d83501
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestNone.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketUserauthRequestPassword.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketUserauthRequestNone
+{
+	byte[] payload;
+
+	String userName;
+	String serviceName;
+
+	public PacketUserauthRequestNone(String serviceName, String user)
+	{
+		this.serviceName = serviceName;
+		this.userName = user;
+	}
+
+	public PacketUserauthRequestNone(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_USERAUTH_REQUEST)
+			throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST! (" + packet_type + ")");
+
+		userName = tr.readString();
+		serviceName = tr.readString();
+
+		String method = tr.readString();
+
+		if (method.equals("none") == false)
+			throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST with type none!");
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_USERAUTH_REQUEST packet!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST);
+			tw.writeString(userName);
+			tw.writeString(serviceName);
+			tw.writeString("none");
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestPassword.java b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestPassword.java
new file mode 100644
index 0000000..e3f6816
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestPassword.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketUserauthRequestPassword.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketUserauthRequestPassword
+{
+	byte[] payload;
+
+	String userName;
+	String serviceName;
+	String password;
+
+	public PacketUserauthRequestPassword(String serviceName, String user, String pass)
+	{
+		this.serviceName = serviceName;
+		this.userName = user;
+		this.password = pass;
+	}
+
+	public PacketUserauthRequestPassword(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_USERAUTH_REQUEST)
+			throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST! (" + packet_type + ")");
+
+		userName = tr.readString();
+		serviceName = tr.readString();
+
+		String method = tr.readString();
+
+		if (method.equals("password") == false)
+			throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST with type password!");
+
+		/* ... */
+		
+		if (tr.remain() != 0)
+			throw new IOException("Padding in SSH_MSG_USERAUTH_REQUEST packet!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST);
+			tw.writeString(userName);
+			tw.writeString(serviceName);
+			tw.writeString("password");
+			tw.writeBoolean(false);
+			tw.writeString(password);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestPublicKey.java b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestPublicKey.java
new file mode 100644
index 0000000..98f0289
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestPublicKey.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+
+/**
+ * PacketUserauthRequestPublicKey.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class PacketUserauthRequestPublicKey
+{
+	byte[] payload;
+
+	String userName;
+	String serviceName;
+	String password;
+	String pkAlgoName;
+	byte[] pk;
+	byte[] sig;
+
+	public PacketUserauthRequestPublicKey(String serviceName, String user,
+			String pkAlgorithmName, byte[] pk, byte[] sig)
+	{
+		this.serviceName = serviceName;
+		this.userName = user;
+		this.pkAlgoName = pkAlgorithmName;
+		this.pk = pk;
+		this.sig = sig;
+	}
+
+	public PacketUserauthRequestPublicKey(byte payload[], int off, int len) throws IOException
+	{
+		this.payload = new byte[len];
+		System.arraycopy(payload, off, this.payload, 0, len);
+
+		TypesReader tr = new TypesReader(payload, off, len);
+
+		int packet_type = tr.readByte();
+
+		if (packet_type != Packets.SSH_MSG_USERAUTH_REQUEST)
+			throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST! ("
+					+ packet_type + ")");
+
+		throw new IOException("Not implemented!");
+	}
+
+	public byte[] getPayload()
+	{
+		if (payload == null)
+		{
+			TypesWriter tw = new TypesWriter();
+			tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST);
+			tw.writeString(userName);
+			tw.writeString(serviceName);
+			tw.writeString("publickey");
+			tw.writeBoolean(true);
+			tw.writeString(pkAlgoName);
+			tw.writeString(pk, 0, pk.length);
+			tw.writeString(sig, 0, sig.length);
+			payload = tw.getBytes();
+		}
+		return payload;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/Packets.java b/src/main/java/ch/ethz/ssh2/packets/Packets.java
new file mode 100644
index 0000000..4c4e74c
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/Packets.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+/**
+ * Packets.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class Packets
+{
+	public static final int SSH_MSG_DISCONNECT = 1;
+	public static final int SSH_MSG_IGNORE = 2;
+	public static final int SSH_MSG_UNIMPLEMENTED = 3;
+	public static final int SSH_MSG_DEBUG = 4;
+	public static final int SSH_MSG_SERVICE_REQUEST = 5;
+	public static final int SSH_MSG_SERVICE_ACCEPT = 6;
+
+	public static final int SSH_MSG_KEXINIT = 20;
+	public static final int SSH_MSG_NEWKEYS = 21;
+
+	public static final int SSH_MSG_KEXDH_INIT = 30;
+	public static final int SSH_MSG_KEXDH_REPLY = 31;
+
+	public static final int SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30;
+	public static final int SSH_MSG_KEX_DH_GEX_REQUEST = 34;
+	public static final int SSH_MSG_KEX_DH_GEX_GROUP = 31;
+	public static final int SSH_MSG_KEX_DH_GEX_INIT = 32;
+	public static final int SSH_MSG_KEX_DH_GEX_REPLY = 33;
+
+	public static final int SSH_MSG_USERAUTH_REQUEST = 50;
+	public static final int SSH_MSG_USERAUTH_FAILURE = 51;
+	public static final int SSH_MSG_USERAUTH_SUCCESS = 52;
+	public static final int SSH_MSG_USERAUTH_BANNER = 53;
+	public static final int SSH_MSG_USERAUTH_INFO_REQUEST = 60;
+	public static final int SSH_MSG_USERAUTH_INFO_RESPONSE = 61;
+
+	public static final int SSH_MSG_GLOBAL_REQUEST = 80;
+	public static final int SSH_MSG_REQUEST_SUCCESS = 81;
+	public static final int SSH_MSG_REQUEST_FAILURE = 82;
+
+	public static final int SSH_MSG_CHANNEL_OPEN = 90;
+	public static final int SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91;
+	public static final int SSH_MSG_CHANNEL_OPEN_FAILURE = 92;
+	public static final int SSH_MSG_CHANNEL_WINDOW_ADJUST = 93;
+	public static final int SSH_MSG_CHANNEL_DATA = 94;
+	public static final int SSH_MSG_CHANNEL_EXTENDED_DATA = 95;
+	public static final int SSH_MSG_CHANNEL_EOF = 96;
+	public static final int SSH_MSG_CHANNEL_CLOSE = 97;
+	public static final int SSH_MSG_CHANNEL_REQUEST = 98;
+	public static final int SSH_MSG_CHANNEL_SUCCESS = 99;
+	public static final int SSH_MSG_CHANNEL_FAILURE = 100;
+
+	public static final int SSH_EXTENDED_DATA_STDERR = 1;
+
+	public static final int SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT = 1;
+	public static final int SSH_DISCONNECT_PROTOCOL_ERROR = 2;
+	public static final int SSH_DISCONNECT_KEY_EXCHANGE_FAILED = 3;
+	public static final int SSH_DISCONNECT_RESERVED = 4;
+	public static final int SSH_DISCONNECT_MAC_ERROR = 5;
+	public static final int SSH_DISCONNECT_COMPRESSION_ERROR = 6;
+	public static final int SSH_DISCONNECT_SERVICE_NOT_AVAILABLE = 7;
+	public static final int SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED = 8;
+	public static final int SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE = 9;
+	public static final int SSH_DISCONNECT_CONNECTION_LOST = 10;
+	public static final int SSH_DISCONNECT_BY_APPLICATION = 11;
+	public static final int SSH_DISCONNECT_TOO_MANY_CONNECTIONS = 12;
+	public static final int SSH_DISCONNECT_AUTH_CANCELLED_BY_USER = 13;
+	public static final int SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 14;
+	public static final int SSH_DISCONNECT_ILLEGAL_USER_NAME = 15;
+
+	public static final int SSH_OPEN_ADMINISTRATIVELY_PROHIBITED = 1;
+	public static final int SSH_OPEN_CONNECT_FAILED = 2;
+	public static final int SSH_OPEN_UNKNOWN_CHANNEL_TYPE = 3;
+	public static final int SSH_OPEN_RESOURCE_SHORTAGE = 4;
+
+	private static final String[] reverseNames = new String[101];
+
+	static
+	{
+		reverseNames[1] = "SSH_MSG_DISCONNECT";
+		reverseNames[2] = "SSH_MSG_IGNORE";
+		reverseNames[3] = "SSH_MSG_UNIMPLEMENTED";
+		reverseNames[4] = "SSH_MSG_DEBUG";
+		reverseNames[5] = "SSH_MSG_SERVICE_REQUEST";
+		reverseNames[6] = "SSH_MSG_SERVICE_ACCEPT";
+
+		reverseNames[20] = "SSH_MSG_KEXINIT";
+		reverseNames[21] = "SSH_MSG_NEWKEYS";
+
+		reverseNames[30] = "SSH_MSG_KEXDH_INIT";
+		reverseNames[31] = "SSH_MSG_KEXDH_REPLY/SSH_MSG_KEX_DH_GEX_GROUP";
+		reverseNames[32] = "SSH_MSG_KEX_DH_GEX_INIT";
+		reverseNames[33] = "SSH_MSG_KEX_DH_GEX_REPLY";
+		reverseNames[34] = "SSH_MSG_KEX_DH_GEX_REQUEST";
+
+		reverseNames[50] = "SSH_MSG_USERAUTH_REQUEST";
+		reverseNames[51] = "SSH_MSG_USERAUTH_FAILURE";
+		reverseNames[52] = "SSH_MSG_USERAUTH_SUCCESS";
+		reverseNames[53] = "SSH_MSG_USERAUTH_BANNER";
+
+		reverseNames[60] = "SSH_MSG_USERAUTH_INFO_REQUEST";
+		reverseNames[61] = "SSH_MSG_USERAUTH_INFO_RESPONSE";
+
+		reverseNames[80] = "SSH_MSG_GLOBAL_REQUEST";
+		reverseNames[81] = "SSH_MSG_REQUEST_SUCCESS";
+		reverseNames[82] = "SSH_MSG_REQUEST_FAILURE";
+
+		reverseNames[90] = "SSH_MSG_CHANNEL_OPEN";
+		reverseNames[91] = "SSH_MSG_CHANNEL_OPEN_CONFIRMATION";
+		reverseNames[92] = "SSH_MSG_CHANNEL_OPEN_FAILURE";
+		reverseNames[93] = "SSH_MSG_CHANNEL_WINDOW_ADJUST";
+		reverseNames[94] = "SSH_MSG_CHANNEL_DATA";
+		reverseNames[95] = "SSH_MSG_CHANNEL_EXTENDED_DATA";
+		reverseNames[96] = "SSH_MSG_CHANNEL_EOF";
+		reverseNames[97] = "SSH_MSG_CHANNEL_CLOSE";
+		reverseNames[98] = "SSH_MSG_CHANNEL_REQUEST";
+		reverseNames[99] = "SSH_MSG_CHANNEL_SUCCESS";
+		reverseNames[100] = "SSH_MSG_CHANNEL_FAILURE";
+	}
+
+	public static final String getMessageName(int type)
+	{
+		String res = null;
+
+		if ((type >= 0) && (type < reverseNames.length))
+		{
+			res = reverseNames[type];
+		}
+
+		return (res == null) ? ("UNKNOWN MSG " + type) : res;
+	}
+
+	//	public static final void debug(String tag, byte[] msg)
+	//	{
+	//		System.err.println(tag + " Type: " + msg[0] + ", LEN: " + msg.length);
+	//
+	//		for (int i = 0; i < msg.length; i++)
+	//		{
+	//			if (((msg[i] >= 'a') && (msg[i] <= 'z')) || ((msg[i] >= 'A') && (msg[i] <= 'Z'))
+	//					|| ((msg[i] >= '0') && (msg[i] <= '9')) || (msg[i] == ' '))
+	//				System.err.print((char) msg[i]);
+	//			else
+	//				System.err.print(".");
+	//		}
+	//		System.err.println();
+	//		System.err.flush();
+	//	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/TypesReader.java b/src/main/java/ch/ethz/ssh2/packets/TypesReader.java
new file mode 100644
index 0000000..6a751f2
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/TypesReader.java
@@ -0,0 +1,179 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import ch.ethz.ssh2.util.StringEncoder;
+import ch.ethz.ssh2.util.Tokenizer;
+
+/**
+ * TypesReader.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class TypesReader
+{
+	byte[] arr;
+	int pos = 0;
+	int max = 0;
+
+	public TypesReader(byte[] arr)
+	{
+		this.arr = arr;
+		pos = 0;
+		max = arr.length;
+	}
+
+	public TypesReader(byte[] arr, int off)
+	{
+		this.arr = arr;
+		this.pos = off;
+		this.max = arr.length;
+
+		if ((pos < 0) || (pos > arr.length))
+			throw new IllegalArgumentException("Illegal offset.");
+	}
+
+	public TypesReader(byte[] arr, int off, int len)
+	{
+		this.arr = arr;
+		this.pos = off;
+		this.max = off + len;
+
+		if ((pos < 0) || (pos > arr.length))
+			throw new IllegalArgumentException("Illegal offset.");
+
+		if ((max < 0) || (max > arr.length))
+			throw new IllegalArgumentException("Illegal length.");
+	}
+
+	public int readByte() throws IOException
+	{
+		if (pos >= max)
+			throw new IOException("Packet too short.");
+
+		return (arr[pos++] & 0xff);
+	}
+
+	public byte[] readBytes(int len) throws IOException
+	{
+		if ((pos + len) > max)
+			throw new IOException("Packet too short.");
+
+		byte[] res = new byte[len];
+
+		System.arraycopy(arr, pos, res, 0, len);
+		pos += len;
+
+		return res;
+	}
+
+	public void readBytes(byte[] dst, int off, int len) throws IOException
+	{
+		if ((pos + len) > max)
+			throw new IOException("Packet too short.");
+
+		System.arraycopy(arr, pos, dst, off, len);
+		pos += len;
+	}
+
+	public boolean readBoolean() throws IOException
+	{
+		if (pos >= max)
+			throw new IOException("Packet too short.");
+
+		return (arr[pos++] != 0);
+	}
+
+	public int readUINT32() throws IOException
+	{
+		if ((pos + 4) > max)
+			throw new IOException("Packet too short.");
+
+		return ((arr[pos++] & 0xff) << 24) | ((arr[pos++] & 0xff) << 16) | ((arr[pos++] & 0xff) << 8)
+				| (arr[pos++] & 0xff);
+	}
+
+	public long readUINT64() throws IOException
+	{
+		if ((pos + 8) > max)
+			throw new IOException("Packet too short.");
+
+		long high = ((arr[pos++] & 0xff) << 24) | ((arr[pos++] & 0xff) << 16) | ((arr[pos++] & 0xff) << 8)
+				| (arr[pos++] & 0xff); /* sign extension may take place - will be shifted away =) */
+
+		long low = ((arr[pos++] & 0xff) << 24) | ((arr[pos++] & 0xff) << 16) | ((arr[pos++] & 0xff) << 8)
+				| (arr[pos++] & 0xff); /* sign extension may take place - handle below */
+
+		return (high << 32) | (low & 0xffffffffl); /* see Java language spec (15.22.1, 5.6.2) */
+	}
+
+	public BigInteger readMPINT() throws IOException
+	{
+		BigInteger b;
+
+		byte raw[] = readByteString();
+
+		if (raw.length == 0)
+			b = BigInteger.ZERO;
+		else
+			b = new BigInteger(raw);
+
+		return b;
+	}
+
+	public byte[] readByteString() throws IOException
+	{
+		int len = readUINT32();
+
+		if ((len + pos) > max)
+			throw new IOException("Malformed SSH byte string.");
+
+		byte[] res = new byte[len];
+		System.arraycopy(arr, pos, res, 0, len);
+		pos += len;
+		return res;
+	}
+
+	public String readString(String charsetName) throws IOException
+	{
+		int len = readUINT32();
+
+		if ((len + pos) > max)
+			throw new IOException("Malformed SSH string.");
+
+		String res = (charsetName == null) ? new String(arr, pos, len) : new String(arr, pos, len, charsetName);
+		pos += len;
+
+		return res;
+	}
+
+	public String readString() throws IOException
+	{
+		int len = readUINT32();
+
+		if ((len + pos) > max)
+			throw new IOException("Malformed SSH string.");
+
+		String res = StringEncoder.GetString(arr, pos, len);
+		pos += len;
+
+		return res;
+	}
+
+	public String[] readNameList() throws IOException
+	{
+		return Tokenizer.parseTokens(readString(), ',');
+	}
+
+	public int remain()
+	{
+		return max - pos;
+	}
+
+}
diff --git a/src/main/java/ch/ethz/ssh2/packets/TypesWriter.java b/src/main/java/ch/ethz/ssh2/packets/TypesWriter.java
new file mode 100644
index 0000000..30c2f40
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/packets/TypesWriter.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.packets;
+
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+
+import ch.ethz.ssh2.util.StringEncoder;
+
+/**
+ * TypesWriter.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class TypesWriter
+{
+	byte arr[];
+	int pos;
+
+	public TypesWriter()
+	{
+		arr = new byte[256];
+		pos = 0;
+	}
+
+	private void resize(int len)
+	{
+		byte new_arr[] = new byte[len];
+		System.arraycopy(arr, 0, new_arr, 0, arr.length);
+		arr = new_arr;
+	}
+
+	public int length()
+	{
+		return pos;
+	}
+
+	public byte[] getBytes()
+	{
+		byte[] dst = new byte[pos];
+		System.arraycopy(arr, 0, dst, 0, pos);
+		return dst;
+	}
+	
+	public void getBytes(byte dst[])
+	{
+		System.arraycopy(arr, 0, dst, 0, pos);
+	}
+
+	public void writeUINT32(int val, int off)
+	{
+		if ((off + 4) > arr.length)
+			resize(off + 32);
+
+		arr[off++] = (byte) (val >> 24);
+		arr[off++] = (byte) (val >> 16);
+		arr[off++] = (byte) (val >> 8);
+		arr[off++] = (byte) val;
+	}
+
+	public void writeUINT32(int val)
+	{
+		writeUINT32(val, pos);
+		pos += 4;
+	}
+
+	public void writeUINT64(long val)
+	{
+		if ((pos + 8) > arr.length)
+			resize(arr.length + 32);
+
+		arr[pos++] = (byte) (val >> 56);
+		arr[pos++] = (byte) (val >> 48);
+		arr[pos++] = (byte) (val >> 40);
+		arr[pos++] = (byte) (val >> 32);
+		arr[pos++] = (byte) (val >> 24);
+		arr[pos++] = (byte) (val >> 16);
+		arr[pos++] = (byte) (val >> 8);
+		arr[pos++] = (byte) val;
+	}
+
+	public void writeBoolean(boolean v)
+	{
+		if ((pos + 1) > arr.length)
+			resize(arr.length + 32);
+
+		arr[pos++] = v ? (byte) 1 : (byte) 0;
+	}
+
+	public void writeByte(int v, int off)
+	{
+		if ((off + 1) > arr.length)
+			resize(off + 32);
+
+		arr[off] = (byte) v;
+	}
+
+	public void writeByte(int v)
+	{
+		writeByte(v, pos);
+		pos++;
+	}
+
+	public void writeMPInt(BigInteger b)
+	{
+		byte raw[] = b.toByteArray();
+
+		if ((raw.length == 1) && (raw[0] == 0))
+			writeUINT32(0); /* String with zero bytes of data */
+		else
+			writeString(raw, 0, raw.length);
+	}
+
+	public void writeBytes(byte[] buff)
+	{
+		writeBytes(buff, 0, buff.length);
+	}
+	
+	public void writeBytes(byte[] buff, int off, int len)
+	{
+		if ((pos + len) > arr.length)
+			resize(arr.length + len + 32);
+
+		System.arraycopy(buff, off, arr, pos, len);
+		pos += len;
+	}
+
+	public void writeString(byte[] buff, int off, int len)
+	{
+		writeUINT32(len);
+		writeBytes(buff, off, len);
+	}
+
+	public void writeString(String v)
+	{
+		byte[] b = StringEncoder.GetBytes(v);
+
+		writeUINT32(b.length);
+		writeBytes(b, 0, b.length);
+	}
+	
+	public void writeString(String v, String charsetName) throws UnsupportedEncodingException
+	{
+		byte[] b = (charsetName == null) ? StringEncoder.GetBytes(v) : v.getBytes(charsetName);
+		
+		writeUINT32(b.length);
+		writeBytes(b, 0, b.length);
+	}
+
+	public void writeNameList(String v[])
+	{
+		StringBuilder sb = new StringBuilder();
+		for (int i = 0; i < v.length; i++)
+		{
+			if (i > 0)
+				sb.append(',');
+			sb.append(v[i]);
+		}
+		writeString(sb.toString());
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/sftp/AttrTextHints.java b/src/main/java/ch/ethz/ssh2/sftp/AttrTextHints.java
new file mode 100644
index 0000000..c3cf884
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/sftp/AttrTextHints.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.sftp;
+
+/**
+ * 
+ * Values for the 'text-hint' field in the SFTP ATTRS data type.
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ *
+ */
+public class AttrTextHints
+{
+	/**
+	 * The server knows the file is a text file, and should be opened
+	 * using the SSH_FXF_ACCESS_TEXT_MODE flag.
+	 */
+	public static final int SSH_FILEXFER_ATTR_KNOWN_TEXT = 0x00;
+
+	/**
+	 * The server has applied a heuristic or other mechanism and
+	 * believes that the file should be opened with the
+	 * SSH_FXF_ACCESS_TEXT_MODE flag.
+	 */
+	public static final int SSH_FILEXFER_ATTR_GUESSED_TEXT = 0x01;
+
+	/**
+	 * The server knows the file has binary content.
+	 */
+	public static final int SSH_FILEXFER_ATTR_KNOWN_BINARY = 0x02;
+
+	/**
+	 * The server has applied a heuristic or other mechanism and
+	 * believes has binary content, and should not be opened with the
+	 * SSH_FXF_ACCESS_TEXT_MODE flag.
+	 */
+	public static final int SSH_FILEXFER_ATTR_GUESSED_BINARY = 0x03;
+}
diff --git a/src/main/java/ch/ethz/ssh2/sftp/AttribBits.java b/src/main/java/ch/ethz/ssh2/sftp/AttribBits.java
new file mode 100644
index 0000000..65a524a
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/sftp/AttribBits.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.sftp;
+
+/**
+ * 
+ * SFTP Attribute Bits for the "attrib-bits" and "attrib-bits-valid" fields
+ * of the SFTP ATTR data type.
+ * <p>
+ * Yes, these are the "attrib-bits", even though they have "_FLAGS_" in
+ * their name. Don't ask - I did not invent it.
+ * <p>
+ * "<i>These fields, taken together, reflect various attributes of the file
+ * or directory, on the server. Bits not set in 'attrib-bits-valid' MUST be
+ * ignored in the 'attrib-bits' field.  This allows both the server and the
+ * client to communicate only the bits it knows about without inadvertently
+ * twiddling bits they don't understand.</i>"
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ *
+ */
+public class AttribBits
+{
+	/**
+	 * Advisory, read-only bit. This bit is not part of the access
+	 * control information on the file, but is rather an advisory field
+	 * indicating that the file should not be written.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_READONLY = 0x00000001;
+
+	/**
+	 * The file is part of the operating system.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_SYSTEM = 0x00000002;
+
+	/**
+	 * File SHOULD NOT be shown to user unless specifically requested.
+	 * For example, most UNIX systems SHOULD set this bit if the filename
+	 * begins with a 'period'. This bit may be read-only (see section 5.4 of
+	 * the SFTP standard draft). Most UNIX systems will not allow this to be
+	 * changed.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_HIDDEN = 0x00000004;
+
+	/**
+	 * This attribute applies only to directories. This attribute is
+	 * always read-only, and cannot be modified. This attribute means
+	 * that files and directory names in this directory should be compared
+	 * without regard to case.
+	 * <p>
+	 * It is recommended that where possible, the server's filesystem be
+	 * allowed to do comparisons. For example, if a client wished to prompt
+	 * a user before overwriting a file, it should not compare the new name
+	 * with the previously retrieved list of names in the directory. Rather,
+	 * it should first try to create the new file by specifying
+	 * SSH_FXF_CREATE_NEW flag. Then, if this fails and returns
+	 * SSH_FX_FILE_ALREADY_EXISTS, it should prompt the user and then retry
+	 * the create specifying SSH_FXF_CREATE_TRUNCATE.
+	 * <p>
+	 * Unless otherwise specified, filenames are assumed to be case sensitive.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_CASE_INSENSITIVE = 0x00000008;
+
+	/**
+	 * The file should be included in backup / archive operations.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_ARCHIVE = 0x00000010;
+
+	/**
+	 * The file is stored on disk using file-system level transparent
+	 * encryption. This flag does not affect the file data on the wire
+	 * (for either READ or WRITE requests.)
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_ENCRYPTED = 0x00000020;
+
+	/**
+	 * The file is stored on disk using file-system level transparent
+	 * compression. This flag does not affect the file data on the wire.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_COMPRESSED = 0x00000040;
+
+	/**
+	 * The file is a sparse file; this means that file blocks that have
+	 * not been explicitly written are not stored on disk. For example, if
+	 * a client writes a buffer at 10 M from the beginning of the file,
+	 * the blocks between the previous EOF marker and the 10 M offset would
+	 * not consume physical disk space.
+	 * <p>
+	 * Some servers may store all files as sparse files, in which case
+	 * this bit will be unconditionally set. Other servers may not have
+	 * a mechanism for determining if the file is sparse, and so the file
+	 * MAY be stored sparse even if this flag is not set.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_SPARSE = 0x00000080;
+
+	/**
+	 * Opening the file without either the SSH_FXF_ACCESS_APPEND_DATA or
+	 * the SSH_FXF_ACCESS_APPEND_DATA_ATOMIC flag (see section 8.1.1.3
+	 * of the SFTP standard draft) MUST result in an
+	 * SSH_FX_INVALID_PARAMETER error.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_APPEND_ONLY = 0x00000100;
+
+	/**
+	 * The file cannot be deleted or renamed, no hard link can be created
+	 * to this file, and no data can be written to the file.
+	 * <p>
+	 * This bit implies a stronger level of protection than
+	 * SSH_FILEXFER_ATTR_FLAGS_READONLY, the file permission mask or ACLs.
+	 * Typically even the superuser cannot write to immutable files, and
+	 * only the superuser can set or remove the bit.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_IMMUTABLE = 0x00000200;
+
+	/**
+	 * When the file is modified, the changes are written synchronously
+	 * to the disk.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_SYNC = 0x00000400;
+
+	/**
+	 * The server MAY include this bit in a directory listing or realpath
+	 * response. It indicates there was a failure in the translation to UTF-8.
+	 * If this flag is included, the server SHOULD also include the
+	 * UNTRANSLATED_NAME attribute.
+	 */
+	public static final int SSH_FILEXFER_ATTR_FLAGS_TRANSLATION_ERR = 0x00000800;
+
+}
diff --git a/src/main/java/ch/ethz/ssh2/sftp/AttribFlags.java b/src/main/java/ch/ethz/ssh2/sftp/AttribFlags.java
new file mode 100644
index 0000000..b7871f6
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/sftp/AttribFlags.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.sftp;
+
+/**
+ * 
+ * Attribute Flags. The 'valid-attribute-flags' field in
+ * the SFTP ATTRS data type specifies which of the fields are actually present.
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ *
+ */
+public class AttribFlags
+{
+	/**
+	 * Indicates that the 'allocation-size' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_SIZE = 0x00000001;
+
+	/** Protocol version 6:
+	 * 0x00000002 was used in a previous version of this protocol.
+	 * It is now a reserved value and MUST NOT appear in the mask.
+	 * Some future version of this protocol may reuse this value.
+	 */
+	public static final int SSH_FILEXFER_ATTR_V3_UIDGID = 0x00000002;
+
+	/**
+	 * Indicates that the 'permissions' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_PERMISSIONS = 0x00000004;
+
+	/**
+	 * Indicates that the 'atime' and 'mtime' field are present
+	 * (protocol v3).
+	 */
+	public static final int SSH_FILEXFER_ATTR_V3_ACMODTIME = 0x00000008;
+
+	/**
+	 * Indicates that the 'atime' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_ACCESSTIME = 0x00000008;
+
+	/**
+	 * Indicates that the 'createtime' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_CREATETIME = 0x00000010;
+
+	/**
+	 * Indicates that the 'mtime' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_MODIFYTIME = 0x00000020;
+
+	/**
+	 * Indicates that the 'acl' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_ACL = 0x00000040;
+
+	/**
+	 * Indicates that the 'owner' and 'group' fields are present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_OWNERGROUP = 0x00000080;
+
+	/**
+	 * Indicates that additionally to the 'atime', 'createtime',
+	 * 'mtime' and 'ctime' fields (if present), there is also
+	 * 'atime-nseconds', 'createtime-nseconds',  'mtime-nseconds' 
+	 * and 'ctime-nseconds'.
+	 */
+	public static final int SSH_FILEXFER_ATTR_SUBSECOND_TIMES = 0x00000100;
+
+	/**
+	 * Indicates that the 'attrib-bits' and 'attrib-bits-valid'
+	 * fields are present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_BITS = 0x00000200;
+
+	/**
+	 * Indicates that the 'allocation-size' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_ALLOCATION_SIZE = 0x00000400;
+
+	/**
+	 * Indicates that the 'text-hint' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_TEXT_HINT = 0x00000800;
+
+	/**
+	 * Indicates that the 'mime-type' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_MIME_TYPE = 0x00001000;
+
+	/**
+	 * Indicates that the 'link-count' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_LINK_COUNT = 0x00002000;
+
+	/**
+	 * Indicates that the 'untranslated-name' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_UNTRANSLATED_NAME = 0x00004000;
+
+	/**
+	 * Indicates that the 'ctime' field is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_CTIME = 0x00008000;
+
+	/**
+	 * Indicates that the 'extended-count' field (and probablby some
+	 * 'extensions') is present.
+	 */
+	public static final int SSH_FILEXFER_ATTR_EXTENDED = 0x80000000;
+}
diff --git a/src/main/java/ch/ethz/ssh2/sftp/AttribPermissions.java b/src/main/java/ch/ethz/ssh2/sftp/AttribPermissions.java
new file mode 100644
index 0000000..34e8f09
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/sftp/AttribPermissions.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.sftp;
+
+/**
+ * 
+ * Permissions for the 'permissions' field in the SFTP ATTRS data type.
+ * <p>
+ * "<i>The 'permissions' field contains a bit mask specifying file permissions.
+ * These permissions correspond to the st_mode field of the stat structure
+ * defined by POSIX [IEEE.1003-1.1996].</i>"
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ *
+ */
+public class AttribPermissions
+{
+	/* Octal values! */
+
+	public static final int S_IRUSR = 0400;
+	public static final int S_IWUSR = 0200;
+	public static final int S_IXUSR = 0100;
+	public static final int S_IRGRP = 0040;
+	public static final int S_IWGRP = 0020;
+	public static final int S_IXGRP = 0010;
+	public static final int S_IROTH = 0004;
+	public static final int S_IWOTH = 0002;
+	public static final int S_IXOTH = 0001;
+	public static final int S_ISUID = 04000;
+	public static final int S_ISGID = 02000;
+	public static final int S_ISVTX = 01000;
+}
diff --git a/src/main/java/ch/ethz/ssh2/sftp/AttribTypes.java b/src/main/java/ch/ethz/ssh2/sftp/AttribTypes.java
new file mode 100644
index 0000000..1f788f2
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/sftp/AttribTypes.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.sftp;
+
+/**
+ * 
+ * Types for the 'type' field in the SFTP ATTRS data type.
+ * <p>
+ * "<i>On a POSIX system, these values would be derived from the mode field
+ * of the stat structure.  SPECIAL should be used for files that are of
+ * a known type which cannot be expressed in the protocol. UNKNOWN
+ * should be used if the type is not known.</i>"
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ *
+ */
+public class AttribTypes
+{
+	public static final int SSH_FILEXFER_TYPE_REGULAR = 1;
+	public static final int SSH_FILEXFER_TYPE_DIRECTORY = 2;
+	public static final int SSH_FILEXFER_TYPE_SYMLINK = 3;
+	public static final int SSH_FILEXFER_TYPE_SPECIAL = 4;
+	public static final int SSH_FILEXFER_TYPE_UNKNOWN = 5;
+	public static final int SSH_FILEXFER_TYPE_SOCKET = 6;
+	public static final int SSH_FILEXFER_TYPE_CHAR_DEVICE = 7;
+	public static final int SSH_FILEXFER_TYPE_BLOCK_DEVICE = 8;
+	public static final int SSH_FILEXFER_TYPE_FIFO = 9;
+}
diff --git a/src/main/java/ch/ethz/ssh2/sftp/ErrorCodes.java b/src/main/java/ch/ethz/ssh2/sftp/ErrorCodes.java
new file mode 100644
index 0000000..3dc89a0
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/sftp/ErrorCodes.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.sftp;
+
+/**
+ *
+ * SFTP Error Codes
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ *
+ */
+public class ErrorCodes
+{
+	public static final int SSH_FX_OK = 0;
+	public static final int SSH_FX_EOF = 1;
+	public static final int SSH_FX_NO_SUCH_FILE = 2;
+	public static final int SSH_FX_PERMISSION_DENIED = 3;
+	public static final int SSH_FX_FAILURE = 4;
+	public static final int SSH_FX_BAD_MESSAGE = 5;
+	public static final int SSH_FX_NO_CONNECTION = 6;
+	public static final int SSH_FX_CONNECTION_LOST = 7;
+	public static final int SSH_FX_OP_UNSUPPORTED = 8;
+	public static final int SSH_FX_INVALID_HANDLE = 9;
+	public static final int SSH_FX_NO_SUCH_PATH = 10;
+	public static final int SSH_FX_FILE_ALREADY_EXISTS = 11;
+	public static final int SSH_FX_WRITE_PROTECT = 12;
+	public static final int SSH_FX_NO_MEDIA = 13;
+	public static final int SSH_FX_NO_SPACE_ON_FILESYSTEM = 14;
+	public static final int SSH_FX_QUOTA_EXCEEDED = 15;
+	public static final int SSH_FX_UNKNOWN_PRINCIPAL = 16;
+	public static final int SSH_FX_LOCK_CONFLICT = 17;
+	public static final int SSH_FX_DIR_NOT_EMPTY = 18;
+	public static final int SSH_FX_NOT_A_DIRECTORY = 19;
+	public static final int SSH_FX_INVALID_FILENAME = 20;
+	public static final int SSH_FX_LINK_LOOP = 21;
+	public static final int SSH_FX_CANNOT_DELETE = 22;
+	public static final int SSH_FX_INVALID_PARAMETER = 23;
+	public static final int SSH_FX_FILE_IS_A_DIRECTORY = 24;
+	public static final int SSH_FX_BYTE_RANGE_LOCK_CONFLICT = 25;
+	public static final int SSH_FX_BYTE_RANGE_LOCK_REFUSED = 26;
+	public static final int SSH_FX_DELETE_PENDING = 27;
+	public static final int SSH_FX_FILE_CORRUPT = 28;
+	public static final int SSH_FX_OWNER_INVALID = 29;
+	public static final int SSH_FX_GROUP_INVALID = 30;
+	public static final int SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK = 31;
+
+	private static final String[][] messages = {
+
+			{ "SSH_FX_OK", "Indicates successful completion of the operation." },
+			{ "SSH_FX_EOF",
+					"An attempt to read past the end-of-file was made; or, there are no more directory entries to return." },
+			{ "SSH_FX_NO_SUCH_FILE", "A reference was made to a file which does not exist." },
+			{ "SSH_FX_PERMISSION_DENIED", "The user does not have sufficient permissions to perform the operation." },
+			{ "SSH_FX_FAILURE", "An error occurred, but no specific error code exists to describe the failure." },
+			{ "SSH_FX_BAD_MESSAGE", "A badly formatted packet or other SFTP protocol incompatibility was detected." },
+			{ "SSH_FX_NO_CONNECTION", "There is no connection to the server." },
+			{ "SSH_FX_CONNECTION_LOST", "The connection to the server was lost." },
+			{ "SSH_FX_OP_UNSUPPORTED",
+					"An attempted operation could not be completed by the server because the server does not support the operation." },
+			{ "SSH_FX_INVALID_HANDLE", "The handle value was invalid." },
+			{ "SSH_FX_NO_SUCH_PATH", "The file path does not exist or is invalid." },
+			{ "SSH_FX_FILE_ALREADY_EXISTS", "The file already exists." },
+			{ "SSH_FX_WRITE_PROTECT", "The file is on read-only media, or the media is write protected." },
+			{ "SSH_FX_NO_MEDIA",
+					"The requested operation cannot be completed because there is no media available in the drive." },
+			{ "SSH_FX_NO_SPACE_ON_FILESYSTEM",
+					"The requested operation cannot be completed because there is insufficient free space on the filesystem." },
+			{ "SSH_FX_QUOTA_EXCEEDED",
+					"The operation cannot be completed because it would exceed the user's storage quota." },
+			{
+					"SSH_FX_UNKNOWN_PRINCIPAL",
+					"A principal referenced by the request (either the 'owner', 'group', or 'who' field of an ACL), was unknown. The error specific data contains the problematic names." },
+			{ "SSH_FX_LOCK_CONFLICT", "The file could not be opened because it is locked by another process." },
+			{ "SSH_FX_DIR_NOT_EMPTY", "The directory is not empty." },
+			{ "SSH_FX_NOT_A_DIRECTORY", "The specified file is not a directory." },
+			{ "SSH_FX_INVALID_FILENAME", "The filename is not valid." },
+			{ "SSH_FX_LINK_LOOP",
+					"Too many symbolic links encountered or, an SSH_FXF_NOFOLLOW open encountered a symbolic link as the final component." },
+			{ "SSH_FX_CANNOT_DELETE",
+					"The file cannot be deleted. One possible reason is that the advisory READONLY attribute-bit is set." },
+			{ "SSH_FX_INVALID_PARAMETER",
+					"One of the parameters was out of range, or the parameters specified cannot be used together." },
+			{ "SSH_FX_FILE_IS_A_DIRECTORY",
+					"The specified file was a directory in a context where a directory cannot be used." },
+			{ "SSH_FX_BYTE_RANGE_LOCK_CONFLICT",
+					" A read or write operation failed because another process's mandatory byte-range lock overlaps with the request." },
+			{ "SSH_FX_BYTE_RANGE_LOCK_REFUSED", "A request for a byte range lock was refused." },
+			{ "SSH_FX_DELETE_PENDING", "An operation was attempted on a file for which a delete operation is pending." },
+			{ "SSH_FX_FILE_CORRUPT", "The file is corrupt; an filesystem integrity check should be run." },
+			{ "SSH_FX_OWNER_INVALID", "The principal specified can not be assigned as an owner of a file." },
+			{ "SSH_FX_GROUP_INVALID", "The principal specified can not be assigned as the primary group of a file." },
+			{ "SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK",
+					"The requested operation could not be completed because the	specifed byte range lock has not been granted." },
+
+	};
+
+	public static final String[] getDescription(int errorCode)
+	{
+		if ((errorCode < 0) || (errorCode >= messages.length))
+			return null;
+
+		return messages[errorCode];
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/sftp/OpenFlags.java b/src/main/java/ch/ethz/ssh2/sftp/OpenFlags.java
new file mode 100644
index 0000000..6b806b3
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/sftp/OpenFlags.java
@@ -0,0 +1,226 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.sftp;
+
+/**
+ *
+ * SFTP Open Flags.
+ * 
+ * The following table is provided to assist in mapping POSIX semantics
+ * to equivalent SFTP file open parameters:
+ * <p>
+ * TODO: This comment should be moved to the open method.
+ * <p>
+ * <ul>
+ * <li>O_RDONLY
+ * <ul><li>desired-access = READ_DATA | READ_ATTRIBUTES</li></ul>
+ * </li>
+ * </ul>
+ * <ul>
+ * <li>O_WRONLY
+ * <ul><li>desired-access = WRITE_DATA | WRITE_ATTRIBUTES</li></ul>
+ * </li>
+ * </ul>
+ * <ul>
+ * <li>O_RDWR
+ * <ul><li>desired-access = READ_DATA | READ_ATTRIBUTES | WRITE_DATA | WRITE_ATTRIBUTES</li></ul>
+ * </li>
+ * </ul>
+ * <ul>
+ * <li>O_APPEND
+ * <ul>
+ * <li>desired-access = WRITE_DATA | WRITE_ATTRIBUTES | APPEND_DATA</li>
+ * <li>flags = SSH_FXF_ACCESS_APPEND_DATA and or SSH_FXF_ACCESS_APPEND_DATA_ATOMIC</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * <ul>
+ * <li>O_CREAT
+ * <ul>
+ * <li>flags = SSH_FXF_OPEN_OR_CREATE</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * <ul>
+ * <li>O_TRUNC
+ * <ul>
+ * <li>flags = SSH_FXF_TRUNCATE_EXISTING</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * <ul>
+ * <li>O_TRUNC|O_CREATE
+ * <ul>
+ * <li>flags = SSH_FXF_CREATE_TRUNCATE</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class OpenFlags
+{
+	/**
+	 * Disposition is a 3 bit field that controls how the file is opened.
+	 * The server MUST support these bits (possible enumaration values:
+	 * SSH_FXF_CREATE_NEW, SSH_FXF_CREATE_TRUNCATE, SSH_FXF_OPEN_EXISTING,
+	 * SSH_FXF_OPEN_OR_CREATE or SSH_FXF_TRUNCATE_EXISTING).
+	 */
+	public static final int SSH_FXF_ACCESS_DISPOSITION = 0x00000007;
+
+	/**
+	 * A new file is created; if the file already exists, the server
+	 * MUST return status SSH_FX_FILE_ALREADY_EXISTS.
+	 */
+	public static final int SSH_FXF_CREATE_NEW = 0x00000000;
+
+	/**
+	 * A new file is created; if the file already exists, it is opened
+	 * and truncated.
+	 */
+	public static final int SSH_FXF_CREATE_TRUNCATE = 0x00000001;
+
+	/**
+	 * An existing file is opened.  If the file does not exist, the
+	 * server MUST return SSH_FX_NO_SUCH_FILE. If a directory in the
+	 * path does not exist, the server SHOULD return
+	 * SSH_FX_NO_SUCH_PATH. It is also acceptable if the server
+	 * returns SSH_FX_NO_SUCH_FILE in this case.
+	 */
+	public static final int SSH_FXF_OPEN_EXISTING = 0x00000002;
+
+	/**
+	 * If the file exists, it is opened. If the file does not exist,
+	 * it is created.
+	 */
+	public static final int SSH_FXF_OPEN_OR_CREATE = 0x00000003;
+
+	/**
+	 * An existing file is opened and truncated. If the file does not
+	 * exist, the server MUST return the same error codes as defined
+	 * for SSH_FXF_OPEN_EXISTING.
+	 */
+	public static final int SSH_FXF_TRUNCATE_EXISTING = 0x00000004;
+
+	/**
+	 * Data is always written at the end of the file. The offset field
+	 * of the SSH_FXP_WRITE requests are ignored.
+	 * <p>
+	 * Data is not required to be appended atomically. This means that
+	 * if multiple writers attempt to append data simultaneously, data
+	 * from the first may be lost. However, data MAY be appended
+	 * atomically.
+	 */
+	public static final int SSH_FXF_ACCESS_APPEND_DATA = 0x00000008;
+
+	/**
+	 * Data is always written at the end of the file. The offset field
+	 * of the SSH_FXP_WRITE requests are ignored.
+	 * <p>
+	 * Data MUST be written atomically so that there is no chance that
+	 * multiple appenders can collide and result in data being lost.
+	 * <p>
+	 * If both append flags are specified, the server SHOULD use atomic
+	 * append if it is available, but SHOULD use non-atomic appends
+	 * otherwise. The server SHOULD NOT fail the request in this case.
+	 */
+	public static final int SSH_FXF_ACCESS_APPEND_DATA_ATOMIC = 0x00000010;
+
+	/**
+	 * Indicates that the server should treat the file as text and
+	 * convert it to the canonical newline convention in use.
+	 * (See Determining Server Newline Convention in section 5.3 in the
+	 * SFTP standard draft).
+	 * <p>
+	 * When a file is opened with this flag, the offset field in the read
+	 * and write functions is ignored.
+	 * <p>
+	 * Servers MUST process multiple, parallel reads and writes correctly
+	 * in this mode.  Naturally, it is permissible for them to do this by
+	 * serializing the requests.
+	 * <p>
+	 * Clients SHOULD use the SSH_FXF_ACCESS_APPEND_DATA flag to append
+	 * data to a text file rather then using write with a calculated offset.
+	 */
+	public static final int SSH_FXF_ACCESS_TEXT_MODE = 0x00000020;
+
+	/**
+	 * The server MUST guarantee that no other handle has been opened
+	 * with ACE4_READ_DATA access, and that no other handle will be
+	 * opened with ACE4_READ_DATA access until the client closes the
+	 * handle. (This MUST apply both to other clients and to other
+	 * processes on the server.)
+	 * <p>
+	 * If there is a conflicting lock the server MUST return
+	 * SSH_FX_LOCK_CONFLICT.  If the server cannot make the locking
+	 * guarantee, it MUST return SSH_FX_OP_UNSUPPORTED.
+	 * <p>
+	 * Other handles MAY be opened for ACE4_WRITE_DATA or any other
+	 * combination of accesses, as long as ACE4_READ_DATA is not included
+	 * in the mask.
+	 */
+	public static final int SSH_FXF_ACCESS_BLOCK_READ = 0x00000040;
+
+	/**
+	 * The server MUST guarantee that no other handle has been opened
+	 * with ACE4_WRITE_DATA or ACE4_APPEND_DATA access, and that no other
+	 * handle will be opened with ACE4_WRITE_DATA or ACE4_APPEND_DATA
+	 * access until the client closes the handle. (This MUST apply both
+	 * to other clients and to other processes on the server.)
+	 * <p>
+	 * If there is a conflicting lock the server MUST return
+	 * SSH_FX_LOCK_CONFLICT. If the server cannot make the locking
+	 * guarantee, it MUST return SSH_FX_OP_UNSUPPORTED.
+	 * <p>
+	 * Other handles MAY be opened for ACE4_READ_DATA or any other
+	 * combination of accesses, as long as neither ACE4_WRITE_DATA nor
+	 * ACE4_APPEND_DATA are included in the mask.
+	 */
+	public static final int SSH_FXF_ACCESS_BLOCK_WRITE = 0x00000080;
+
+	/**
+	 * The server MUST guarantee that no other handle has been opened
+	 * with ACE4_DELETE access, opened with the
+	 * SSH_FXF_ACCESS_DELETE_ON_CLOSE flag set, and that no other handle
+	 * will be opened with ACE4_DELETE access or with the
+	 * SSH_FXF_ACCESS_DELETE_ON_CLOSE flag set, and that the file itself
+	 * is not deleted in any other way until the client closes the handle.
+	 * <p>
+	 * If there is a conflicting lock the server MUST return
+	 * SSH_FX_LOCK_CONFLICT.  If the server cannot make the locking
+	 * guarantee, it MUST return SSH_FX_OP_UNSUPPORTED.
+	 */
+	public static final int SSH_FXF_ACCESS_BLOCK_DELETE = 0x00000100;
+
+	/**
+	 * If this bit is set, the above BLOCK modes are advisory. In advisory
+	 * mode, only other accesses that specify a BLOCK mode need be
+	 * considered when determining whether the BLOCK can be granted,
+	 * and the server need not prevent I/O operations that violate the
+	 * block mode.
+	 * <p>
+	 * The server MAY perform mandatory locking even if the BLOCK_ADVISORY
+	 * bit is set.
+	 */
+	public static final int SSH_FXF_ACCESS_BLOCK_ADVISORY = 0x00000200;
+
+	/**
+	 * If the final component of the path is a symlink, then the open
+	 * MUST fail, and the error SSH_FX_LINK_LOOP MUST be returned.
+	 */
+	public static final int SSH_FXF_ACCESS_NOFOLLOW = 0x00000400;
+
+	/**
+	 * The file should be deleted when the last handle to it is closed.
+	 * (The last handle may not be an sftp-handle.)  This MAY be emulated
+	 * by a server if the OS doesn't support it by deleting the file when
+	 * this handle is closed.
+	 * <p>
+	 * It is implementation specific whether the directory entry is
+	 * removed immediately or when the handle is closed.
+	 */
+	public static final int SSH_FXF_ACCESS_DELETE_ON_CLOSE = 0x00000800;
+}
diff --git a/src/main/java/ch/ethz/ssh2/sftp/Packet.java b/src/main/java/ch/ethz/ssh2/sftp/Packet.java
new file mode 100644
index 0000000..ee2bb23
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/sftp/Packet.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.sftp;
+
+/**
+ *
+ * SFTP Paket Types
+ *
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ *
+ */
+public class Packet
+{
+	public static final int SSH_FXP_INIT = 1;
+	public static final int SSH_FXP_VERSION = 2;
+	public static final int SSH_FXP_OPEN = 3;
+	public static final int SSH_FXP_CLOSE = 4;
+	public static final int SSH_FXP_READ = 5;
+	public static final int SSH_FXP_WRITE = 6;
+	public static final int SSH_FXP_LSTAT = 7;
+	public static final int SSH_FXP_FSTAT = 8;
+	public static final int SSH_FXP_SETSTAT = 9;
+	public static final int SSH_FXP_FSETSTAT = 10;
+	public static final int SSH_FXP_OPENDIR = 11;
+	public static final int SSH_FXP_READDIR = 12;
+	public static final int SSH_FXP_REMOVE = 13;
+	public static final int SSH_FXP_MKDIR = 14;
+	public static final int SSH_FXP_RMDIR = 15;
+	public static final int SSH_FXP_REALPATH = 16;
+	public static final int SSH_FXP_STAT = 17;
+	public static final int SSH_FXP_RENAME = 18;
+	public static final int SSH_FXP_READLINK = 19;
+	public static final int SSH_FXP_SYMLINK = 20;
+	
+	public static final int SSH_FXP_STATUS = 101;
+	public static final int SSH_FXP_HANDLE = 102;
+	public static final int SSH_FXP_DATA = 103;
+	public static final int SSH_FXP_NAME = 104;
+	public static final int SSH_FXP_ATTRS = 105;
+	
+	public static final int SSH_FXP_EXTENDED = 200;
+	public static final int SSH_FXP_EXTENDED_REPLY = 201;
+
+	public static String forName(int type) {
+		switch(type) {
+			case SSH_FXP_INIT:
+				return "SSH_FXP_INIT";
+			case SSH_FXP_VERSION:
+				return "SSH_FXP_VERSION";
+			case SSH_FXP_OPEN:
+				return "SSH_FXP_OPEN";
+			case SSH_FXP_CLOSE:
+				return "SSH_FXP_CLOSE";
+			case SSH_FXP_READ:
+				return "SSH_FXP_READ";
+			case SSH_FXP_WRITE:
+				return "SSH_FXP_WRITE";
+			case SSH_FXP_LSTAT:
+				return "SSH_FXP_LSTAT";
+			case SSH_FXP_FSTAT:
+				return "SSH_FXP_FSTAT";
+			case SSH_FXP_SETSTAT:
+				return "SSH_FXP_SETSTAT";
+			case SSH_FXP_FSETSTAT:
+				return "SSH_FXP_FSETSTAT";
+			case SSH_FXP_OPENDIR:
+				return "SSH_FXP_OPENDIR";
+			case SSH_FXP_READDIR:
+				return "SSH_FXP_READDIR";
+			case SSH_FXP_REMOVE:
+				return "SSH_FXP_REMOVE";
+			case SSH_FXP_MKDIR:
+				return "SSH_FXP_MKDIR";
+			case SSH_FXP_RMDIR:
+				return "SSH_FXP_RMDIR";
+			case SSH_FXP_REALPATH:
+				return "SSH_FXP_REALPATH";
+			case SSH_FXP_STAT:
+				return "SSH_FXP_STAT";
+			case SSH_FXP_RENAME:
+				return "SSH_FXP_RENAME";
+			case SSH_FXP_READLINK:
+				return "SSH_FXP_READLINK";
+			case SSH_FXP_SYMLINK:
+				return "SSH_FXP_SYMLINK";
+			case SSH_FXP_STATUS:
+				return "SSH_FXP_STATUS";
+			case SSH_FXP_HANDLE:
+				return "SSH_FXP_HANDLE";
+			case SSH_FXP_DATA:
+				return "SSH_FXP_DATA";
+			case SSH_FXP_NAME:
+				return "SSH_FXP_NAME";
+			case SSH_FXP_ATTRS:
+				return "SSH_FXP_ATTRS";
+			case SSH_FXP_EXTENDED:
+				return "SSH_FXP_EXTENDED";
+			case SSH_FXP_EXTENDED_REPLY:
+				return "SSH_FXP_EXTENDED_REPLY";
+		}
+		return null;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/signature/DSAPrivateKey.java b/src/main/java/ch/ethz/ssh2/signature/DSAPrivateKey.java
new file mode 100644
index 0000000..270961d
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/signature/DSAPrivateKey.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.signature;
+
+import java.math.BigInteger;
+
+/**
+ * DSAPrivateKey.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class DSAPrivateKey
+{
+	private BigInteger p;
+	private BigInteger q;
+	private BigInteger g;
+	private BigInteger x;
+	private BigInteger y;
+
+	public DSAPrivateKey(BigInteger p, BigInteger q, BigInteger g,
+			BigInteger y, BigInteger x)
+	{
+		this.p = p;
+		this.q = q;
+		this.g = g;
+		this.y = y;
+		this.x = x;
+	}
+
+	public BigInteger getP()
+	{
+		return p;
+	}
+
+	public BigInteger getQ()
+	{
+		return q;
+	}
+	
+	public BigInteger getG()
+	{
+		return g;
+	}
+
+	public BigInteger getY()
+	{
+		return y;
+	}
+	
+	public BigInteger getX()
+	{
+		return x;
+	}
+	
+	public DSAPublicKey getPublicKey()
+	{
+		return new DSAPublicKey(p, q, g, y);
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/signature/DSAPublicKey.java b/src/main/java/ch/ethz/ssh2/signature/DSAPublicKey.java
new file mode 100644
index 0000000..ec0a06c
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/signature/DSAPublicKey.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.signature;
+
+import java.math.BigInteger;
+
+/**
+ * DSAPublicKey.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class DSAPublicKey
+{
+	private BigInteger p;
+	private BigInteger q;
+	private BigInteger g;
+	private BigInteger y;
+
+	public DSAPublicKey(BigInteger p, BigInteger q, BigInteger g, BigInteger y)
+	{
+		this.p = p;
+		this.q = q;
+		this.g = g;
+		this.y = y;
+	}
+
+	public BigInteger getP()
+	{
+		return p;
+	}
+
+	public BigInteger getQ()
+	{
+		return q;
+	}
+
+	public BigInteger getG()
+	{
+		return g;
+	}
+
+	public BigInteger getY()
+	{
+		return y;
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/signature/DSASHA1Verify.java b/src/main/java/ch/ethz/ssh2/signature/DSASHA1Verify.java
new file mode 100644
index 0000000..81e0257
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/signature/DSASHA1Verify.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.signature;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
+import ch.ethz.ssh2.crypto.digest.SHA1;
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.packets.TypesReader;
+import ch.ethz.ssh2.packets.TypesWriter;
+
+/**
+ * DSASHA1Verify.
+ * 
+ * @author Christian Plattner
+ * @version $Id: DSASHA1Verify.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class DSASHA1Verify
+{
+	private static final Logger log = Logger.getLogger(DSASHA1Verify.class);
+
+	public static DSAPublicKey decodeSSHDSAPublicKey(byte[] key) throws IOException
+	{
+		TypesReader tr = new TypesReader(key);
+
+		String key_format = tr.readString();
+
+		if (key_format.equals("ssh-dss") == false)
+			throw new IllegalArgumentException("This is not a ssh-dss public key!");
+
+		BigInteger p = tr.readMPINT();
+		BigInteger q = tr.readMPINT();
+		BigInteger g = tr.readMPINT();
+		BigInteger y = tr.readMPINT();
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in DSA public key!");
+
+		return new DSAPublicKey(p, q, g, y);
+	}
+
+	public static byte[] encodeSSHDSAPublicKey(DSAPublicKey pk) throws IOException
+	{
+		TypesWriter tw = new TypesWriter();
+
+		tw.writeString("ssh-dss");
+		tw.writeMPInt(pk.getP());
+		tw.writeMPInt(pk.getQ());
+		tw.writeMPInt(pk.getG());
+		tw.writeMPInt(pk.getY());
+
+		return tw.getBytes();
+	}
+
+	public static byte[] encodeSSHDSASignature(DSASignature ds)
+	{
+		TypesWriter tw = new TypesWriter();
+
+		tw.writeString("ssh-dss");
+
+		byte[] r = ds.getR().toByteArray();
+		byte[] s = ds.getS().toByteArray();
+
+		byte[] a40 = new byte[40];
+
+		/* Patch (unsigned) r and s into the target array. */
+
+		int r_copylen = (r.length < 20) ? r.length : 20;
+		int s_copylen = (s.length < 20) ? s.length : 20;
+
+		System.arraycopy(r, r.length - r_copylen, a40, 20 - r_copylen, r_copylen);
+		System.arraycopy(s, s.length - s_copylen, a40, 40 - s_copylen, s_copylen);
+
+		tw.writeString(a40, 0, 40);
+
+		return tw.getBytes();
+	}
+
+	public static DSASignature decodeSSHDSASignature(byte[] sig) throws IOException
+	{
+		byte[] rsArray;
+
+		if (sig.length == 40)
+		{
+			rsArray = sig;
+		}
+		else
+		{
+			TypesReader tr = new TypesReader(sig);
+
+			String sig_format = tr.readString();
+
+			if (sig_format.equals("ssh-dss") == false)
+				throw new IOException("Peer sent wrong signature format");
+
+			rsArray = tr.readByteString();
+
+			if (rsArray.length != 40)
+				throw new IOException("Peer sent corrupt signature");
+
+			if (tr.remain() != 0)
+				throw new IOException("Padding in DSA signature!");
+		}
+
+		/* Remember, s and r are unsigned ints. */
+
+		byte[] tmp = new byte[20];
+
+		System.arraycopy(rsArray, 0, tmp, 0, 20);
+		BigInteger r = new BigInteger(1, tmp);
+
+		System.arraycopy(rsArray, 20, tmp, 0, 20);
+		BigInteger s = new BigInteger(1, tmp);
+
+		if (log.isDebugEnabled())
+		{
+			log.debug("decoded ssh-dss signature: first bytes r(" + ((rsArray[0]) & 0xff) + "), s("
+					+ ((rsArray[20]) & 0xff) + ")");
+		}
+
+		return new DSASignature(r, s);
+	}
+
+	public static boolean verifySignature(byte[] message, DSASignature ds, DSAPublicKey dpk) throws IOException
+	{
+		/* Inspired by Bouncycastle's DSASigner class */
+
+		SHA1 md = new SHA1();
+		md.update(message);
+		byte[] sha_message = new byte[md.getDigestLength()];
+		md.digest(sha_message);
+
+		BigInteger m = new BigInteger(1, sha_message);
+
+		BigInteger r = ds.getR();
+		BigInteger s = ds.getS();
+
+		BigInteger g = dpk.getG();
+		BigInteger p = dpk.getP();
+		BigInteger q = dpk.getQ();
+		BigInteger y = dpk.getY();
+
+		BigInteger zero = BigInteger.ZERO;
+
+		if (log.isDebugEnabled())
+		{
+			log.debug("ssh-dss signature: m: " + m.toString(16));
+			log.debug("ssh-dss signature: r: " + r.toString(16));
+			log.debug("ssh-dss signature: s: " + s.toString(16));
+			log.debug("ssh-dss signature: g: " + g.toString(16));
+			log.debug("ssh-dss signature: p: " + p.toString(16));
+			log.debug("ssh-dss signature: q: " + q.toString(16));
+			log.debug("ssh-dss signature: y: " + y.toString(16));
+		}
+
+		if (zero.compareTo(r) >= 0 || q.compareTo(r) <= 0)
+		{
+			log.warning("ssh-dss signature: zero.compareTo(r) >= 0 || q.compareTo(r) <= 0");
+			return false;
+		}
+
+		if (zero.compareTo(s) >= 0 || q.compareTo(s) <= 0)
+		{
+			log.warning("ssh-dss signature: zero.compareTo(s) >= 0 || q.compareTo(s) <= 0");
+			return false;
+		}
+
+		BigInteger w = s.modInverse(q);
+
+		BigInteger u1 = m.multiply(w).mod(q);
+		BigInteger u2 = r.multiply(w).mod(q);
+
+		u1 = g.modPow(u1, p);
+		u2 = y.modPow(u2, p);
+
+		BigInteger v = u1.multiply(u2).mod(p).mod(q);
+
+		return v.equals(r);
+	}
+
+	public static DSASignature generateSignature(byte[] message, DSAPrivateKey pk, SecureRandom rnd)
+	{
+		SHA1 md = new SHA1();
+		md.update(message);
+		byte[] sha_message = new byte[md.getDigestLength()];
+		md.digest(sha_message);
+
+		BigInteger m = new BigInteger(1, sha_message);
+		BigInteger k;
+		int qBitLength = pk.getQ().bitLength();
+
+		do
+		{
+			k = new BigInteger(qBitLength, rnd);
+		}
+		while (k.compareTo(pk.getQ()) >= 0);
+
+		BigInteger r = pk.getG().modPow(k, pk.getP()).mod(pk.getQ());
+
+		k = k.modInverse(pk.getQ()).multiply(m.add((pk).getX().multiply(r)));
+
+		BigInteger s = k.mod(pk.getQ());
+
+		return new DSASignature(r, s);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/signature/DSASignature.java b/src/main/java/ch/ethz/ssh2/signature/DSASignature.java
new file mode 100644
index 0000000..65492f3
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/signature/DSASignature.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.signature;
+
+import java.math.BigInteger;
+
+/**
+ * DSASignature.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class DSASignature
+{
+	private BigInteger r;
+	private BigInteger s;
+
+	public DSASignature(BigInteger r, BigInteger s)
+	{
+		this.r = r;
+		this.s = s;
+	}
+
+	public BigInteger getR()
+	{
+		return r;
+	}
+
+	public BigInteger getS()
+	{
+		return s;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/signature/RSAPrivateKey.java b/src/main/java/ch/ethz/ssh2/signature/RSAPrivateKey.java
new file mode 100644
index 0000000..bbf1bcd
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/signature/RSAPrivateKey.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.signature;
+
+import java.math.BigInteger;
+
+/**
+ * RSAPrivateKey.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class RSAPrivateKey
+{
+	private BigInteger d;
+	private BigInteger e;
+	private BigInteger n;
+
+	public RSAPrivateKey(BigInteger d, BigInteger e, BigInteger n)
+	{
+		this.d = d;
+		this.e = e;
+		this.n = n;
+	}
+
+	public BigInteger getD()
+	{
+		return d;
+	}
+	
+	public BigInteger getE()
+	{
+		return e;
+	}
+
+	public BigInteger getN()
+	{
+		return n;
+	}
+	
+	public RSAPublicKey getPublicKey()
+	{
+		return new RSAPublicKey(e, n);
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/signature/RSAPublicKey.java b/src/main/java/ch/ethz/ssh2/signature/RSAPublicKey.java
new file mode 100644
index 0000000..1058ffc
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/signature/RSAPublicKey.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.signature;
+
+import java.math.BigInteger;
+
+/**
+ * RSAPublicKey.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class RSAPublicKey
+{
+	BigInteger e;
+	BigInteger n;
+
+	public RSAPublicKey(BigInteger e, BigInteger n)
+	{
+		this.e = e;
+		this.n = n;
+	}
+
+	public BigInteger getE()
+	{
+		return e;
+	}
+
+	public BigInteger getN()
+	{
+		return n;
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/signature/RSASHA1Verify.java b/src/main/java/ch/ethz/ssh2/signature/RSASHA1Verify.java
new file mode 100644
index 0000000..584cdf2
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/signature/RSASHA1Verify.java
@@ -0,0 +1,287 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.signature;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import ch.ethz.ssh2.crypto.SimpleDERReader;
+import ch.ethz.ssh2.crypto.digest.SHA1;
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.packets.TypesReader;
+import ch.ethz.ssh2.packets.TypesWriter;
+
+/**
+ * RSASHA1Verify.
+ * 
+ * @author Christian Plattner
+ * @version $Id: RSASHA1Verify.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class RSASHA1Verify
+{
+	private static final Logger log = Logger.getLogger(RSASHA1Verify.class);
+
+	public static RSAPublicKey decodeSSHRSAPublicKey(byte[] key) throws IOException
+	{
+		TypesReader tr = new TypesReader(key);
+
+		String key_format = tr.readString();
+
+		if (key_format.equals("ssh-rsa") == false)
+			throw new IllegalArgumentException("This is not a ssh-rsa public key");
+
+		BigInteger e = tr.readMPINT();
+		BigInteger n = tr.readMPINT();
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in RSA public key!");
+
+		return new RSAPublicKey(e, n);
+	}
+
+	public static byte[] encodeSSHRSAPublicKey(RSAPublicKey pk) throws IOException
+	{
+		TypesWriter tw = new TypesWriter();
+
+		tw.writeString("ssh-rsa");
+		tw.writeMPInt(pk.getE());
+		tw.writeMPInt(pk.getN());
+
+		return tw.getBytes();
+	}
+
+	public static RSASignature decodeSSHRSASignature(byte[] sig) throws IOException
+	{
+		TypesReader tr = new TypesReader(sig);
+
+		String sig_format = tr.readString();
+
+		if (sig_format.equals("ssh-rsa") == false)
+			throw new IOException("Peer sent wrong signature format");
+
+		/* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
+		 * containing s (which is an integer, without lengths or padding, unsigned and in
+		 * network byte order)." See also below.
+		 */
+
+		byte[] s = tr.readByteString();
+
+		if (s.length == 0)
+			throw new IOException("Error in RSA signature, S is empty.");
+
+		if (log.isDebugEnabled())
+		{
+			log.debug("Decoding ssh-rsa signature string (length: " + s.length + ")");
+		}
+
+		if (tr.remain() != 0)
+			throw new IOException("Padding in RSA signature!");
+
+		return new RSASignature(new BigInteger(1, s));
+	}
+
+	public static byte[] encodeSSHRSASignature(RSASignature sig) throws IOException
+	{
+		TypesWriter tw = new TypesWriter();
+
+		tw.writeString("ssh-rsa");
+
+		/* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
+		 * containing s (which is an integer, without lengths or padding, unsigned and in
+		 * network byte order)."
+		 */
+
+		byte[] s = sig.getS().toByteArray();
+
+		/* Remove first zero sign byte, if present */
+
+		if ((s.length > 1) && (s[0] == 0x00))
+			tw.writeString(s, 1, s.length - 1);
+		else
+			tw.writeString(s, 0, s.length);
+
+		return tw.getBytes();
+	}
+
+	public static RSASignature generateSignature(byte[] message, RSAPrivateKey pk) throws IOException
+	{
+		SHA1 md = new SHA1();
+		md.update(message);
+		byte[] sha_message = new byte[md.getDigestLength()];
+		md.digest(sha_message);
+
+		byte[] der_header = new byte[] { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,
+				0x04, 0x14 };
+
+		int rsa_block_len = (pk.getN().bitLength() + 7) / 8;
+
+		int num_pad = rsa_block_len - (2 + der_header.length + sha_message.length) - 1;
+
+		if (num_pad < 8)
+			throw new IOException("Cannot sign with RSA, message too long");
+
+		byte[] sig = new byte[der_header.length + sha_message.length + 2 + num_pad];
+
+		sig[0] = 0x01;
+
+		for (int i = 0; i < num_pad; i++)
+		{
+			sig[i + 1] = (byte) 0xff;
+		}
+
+		sig[num_pad + 1] = 0x00;
+
+		System.arraycopy(der_header, 0, sig, 2 + num_pad, der_header.length);
+		System.arraycopy(sha_message, 0, sig, 2 + num_pad + der_header.length, sha_message.length);
+
+		BigInteger m = new BigInteger(1, sig);
+
+		BigInteger s = m.modPow(pk.getD(), pk.getN());
+
+		return new RSASignature(s);
+	}
+
+	public static boolean verifySignature(byte[] message, RSASignature ds, RSAPublicKey dpk) throws IOException
+	{
+		SHA1 md = new SHA1();
+		md.update(message);
+		byte[] sha_message = new byte[md.getDigestLength()];
+		md.digest(sha_message);
+
+		BigInteger n = dpk.getN();
+		BigInteger e = dpk.getE();
+		BigInteger s = ds.getS();
+
+		if (n.compareTo(s) <= 0)
+		{
+			log.warning("ssh-rsa signature: n.compareTo(s) <= 0");
+			return false;
+		}
+
+		int rsa_block_len = (n.bitLength() + 7) / 8;
+
+		/* And now the show begins */
+
+		if (rsa_block_len < 1)
+		{
+			log.warning("ssh-rsa signature: rsa_block_len < 1");
+			return false;
+		}
+
+		byte[] v = s.modPow(e, n).toByteArray();
+
+		int startpos = 0;
+
+		if ((v.length > 0) && (v[0] == 0x00))
+			startpos++;
+
+		if ((v.length - startpos) != (rsa_block_len - 1))
+		{
+			log.warning("ssh-rsa signature: (v.length - startpos) != (rsa_block_len - 1)");
+			return false;
+		}
+
+		if (v[startpos] != 0x01)
+		{
+			log.warning("ssh-rsa signature: v[startpos] != 0x01");
+			return false;
+		}
+
+		int pos = startpos + 1;
+
+		while (true)
+		{
+			if (pos >= v.length)
+			{
+				log.warning("ssh-rsa signature: pos >= v.length");
+				return false;
+			}
+			if (v[pos] == 0x00)
+				break;
+			if (v[pos] != (byte) 0xff)
+			{
+				log.warning("ssh-rsa signature: v[pos] != (byte) 0xff");
+				return false;
+			}
+			pos++;
+		}
+
+		int num_pad = pos - (startpos + 1);
+
+		if (num_pad < 8)
+		{
+			log.warning("ssh-rsa signature: num_pad < 8");
+			return false;
+		}
+
+		pos++;
+
+		if (pos >= v.length)
+		{
+			log.warning("ssh-rsa signature: pos >= v.length");
+			return false;
+		}
+
+		SimpleDERReader dr = new SimpleDERReader(v, pos, v.length - pos);
+
+		byte[] seq = dr.readSequenceAsByteArray();
+
+		if (dr.available() != 0)
+		{
+			log.warning("ssh-rsa signature: dr.available() != 0");
+			return false;
+		}
+
+		dr.resetInput(seq);
+
+		/* Read digestAlgorithm */
+
+		byte digestAlgorithm[] = dr.readSequenceAsByteArray();
+
+		/* Inspired by RFC 3347, however, ignoring the comment regarding old BER based implementations */
+
+		if ((digestAlgorithm.length < 8) || (digestAlgorithm.length > 9))
+		{
+			log.warning("ssh-rsa signature: (digestAlgorithm.length < 8) || (digestAlgorithm.length > 9)");
+			return false;
+		}
+
+		byte[] digestAlgorithm_sha1 = new byte[] { 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00 };
+
+		for (int i = 0; i < digestAlgorithm.length; i++)
+		{
+			if (digestAlgorithm[i] != digestAlgorithm_sha1[i])
+			{
+				log.warning("ssh-rsa signature: digestAlgorithm[i] != digestAlgorithm_sha1[i]");
+				return false;
+			}
+		}
+
+		byte[] digest = dr.readOctetString();
+
+		if (dr.available() != 0)
+		{
+			log.warning("ssh-rsa signature: dr.available() != 0 (II)");
+			return false;
+		}
+			
+		if (digest.length != sha_message.length)
+		{
+			log.warning("ssh-rsa signature: digest.length != sha_message.length");
+			return false;
+		}
+
+		for (int i = 0; i < sha_message.length; i++)
+		{
+			if (sha_message[i] != digest[i])
+			{
+				log.warning("ssh-rsa signature: sha_message[i] != digest[i]");
+				return false;
+			}
+		}
+
+		return true;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/signature/RSASignature.java b/src/main/java/ch/ethz/ssh2/signature/RSASignature.java
new file mode 100644
index 0000000..ca101df
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/signature/RSASignature.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.signature;
+
+import java.math.BigInteger;
+
+
+/**
+ * RSASignature.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+
+public class RSASignature
+{
+	BigInteger s;
+
+	public BigInteger getS()
+	{
+		return s;
+	}
+
+	public RSASignature(BigInteger s)
+	{
+		this.s = s;
+	}
+}
\ No newline at end of file
diff --git a/src/main/java/ch/ethz/ssh2/transport/ClientServerHello.java b/src/main/java/ch/ethz/ssh2/transport/ClientServerHello.java
new file mode 100644
index 0000000..186eb0a
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/transport/ClientServerHello.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.transport;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import ch.ethz.ssh2.util.StringEncoder;
+
+/**
+ * ClientServerHello.
+ * 
+ * @author Christian Plattner
+ * @version $Id: ClientServerHello.java 33 2011-05-28 21:59:37Z dkocher@sudo.ch $
+ */
+public class ClientServerHello
+{
+	String server_line;
+	String client_line;
+
+	String server_versioncomment;
+
+	public static int readLineRN(InputStream is, byte[] buffer) throws IOException
+	{
+		int pos = 0;
+		boolean need10 = false;
+		int len = 0;
+		while (true)
+		{
+			int c = is.read();
+			if (c == -1)
+				throw new IOException("Premature connection close");
+
+			buffer[pos++] = (byte) c;
+
+			if (c == 13)
+			{
+				need10 = true;
+				continue;
+			}
+
+			if (c == 10)
+				break;
+
+			if (need10 == true)
+				throw new IOException("Malformed line sent by the server, the line does not end correctly.");
+
+			len++;
+			if (pos >= buffer.length)
+				throw new IOException("The server sent a too long line.");
+		}
+
+		return len;
+	}
+
+	public ClientServerHello(String identification, InputStream bi, OutputStream bo) throws IOException
+	{
+		client_line = "SSH-2.0-" + identification;
+
+		bo.write(StringEncoder.GetBytes(client_line + "\r\n"));
+		bo.flush();
+
+		byte[] serverVersion = new byte[512];
+
+		for (int i = 0; i < 50; i++)
+		{
+			int len = readLineRN(bi, serverVersion);
+
+			server_line = StringEncoder.GetString(serverVersion, 0, len);
+
+			if (server_line.startsWith("SSH-"))
+				break;
+		}
+
+		if (server_line.startsWith("SSH-") == false)
+			throw new IOException(
+					"Malformed server identification string. There was no line starting with 'SSH-' amongst the first 50 lines.");
+
+		if (server_line.startsWith("SSH-1.99-"))
+			server_versioncomment = server_line.substring(9);
+		else if (server_line.startsWith("SSH-2.0-"))
+			server_versioncomment = server_line.substring(8);
+		else
+			throw new IOException("Server uses incompatible protocol, it is not SSH-2 compatible.");
+	}
+
+	/**
+	 * @return Returns the client_versioncomment.
+	 */
+	public byte[] getClientString()
+	{
+		return StringEncoder.GetBytes(client_line);
+	}
+
+	/**
+	 * @return Returns the server_versioncomment.
+	 */
+	public byte[] getServerString()
+	{
+		return StringEncoder.GetBytes(server_line);
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/transport/KexManager.java b/src/main/java/ch/ethz/ssh2/transport/KexManager.java
new file mode 100644
index 0000000..6630b9b
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/transport/KexManager.java
@@ -0,0 +1,642 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.transport;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+
+import ch.ethz.ssh2.ConnectionInfo;
+import ch.ethz.ssh2.DHGexParameters;
+import ch.ethz.ssh2.ServerHostKeyVerifier;
+import ch.ethz.ssh2.crypto.CryptoWishList;
+import ch.ethz.ssh2.crypto.KeyMaterial;
+import ch.ethz.ssh2.crypto.cipher.BlockCipher;
+import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
+import ch.ethz.ssh2.crypto.dh.DhExchange;
+import ch.ethz.ssh2.crypto.dh.DhGroupExchange;
+import ch.ethz.ssh2.crypto.digest.MAC;
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.packets.PacketKexDHInit;
+import ch.ethz.ssh2.packets.PacketKexDHReply;
+import ch.ethz.ssh2.packets.PacketKexDhGexGroup;
+import ch.ethz.ssh2.packets.PacketKexDhGexInit;
+import ch.ethz.ssh2.packets.PacketKexDhGexReply;
+import ch.ethz.ssh2.packets.PacketKexDhGexRequest;
+import ch.ethz.ssh2.packets.PacketKexDhGexRequestOld;
+import ch.ethz.ssh2.packets.PacketKexInit;
+import ch.ethz.ssh2.packets.PacketNewKeys;
+import ch.ethz.ssh2.packets.Packets;
+import ch.ethz.ssh2.signature.DSAPublicKey;
+import ch.ethz.ssh2.signature.DSASHA1Verify;
+import ch.ethz.ssh2.signature.DSASignature;
+import ch.ethz.ssh2.signature.RSAPublicKey;
+import ch.ethz.ssh2.signature.RSASHA1Verify;
+import ch.ethz.ssh2.signature.RSASignature;
+
+/**
+ * KexManager.
+ * 
+ * @author Christian Plattner
+ * @version $Id: KexManager.java 45 2011-07-01 15:09:41Z dkocher@sudo.ch $
+ */
+public class KexManager
+{
+	private static final Logger log = Logger.getLogger(KexManager.class);
+
+	KexState kxs;
+	int kexCount = 0;
+	KeyMaterial km;
+	byte[] sessionId;
+	ClientServerHello csh;
+
+	final Object accessLock = new Object();
+	ConnectionInfo lastConnInfo = null;
+
+	boolean connectionClosed = false;
+
+	boolean ignore_next_kex_packet = false;
+
+	final TransportManager tm;
+
+	CryptoWishList nextKEXcryptoWishList;
+	DHGexParameters nextKEXdhgexParameters;
+
+	ServerHostKeyVerifier verifier;
+	final String hostname;
+	final int port;
+	final SecureRandom rnd;
+
+	public KexManager(TransportManager tm, ClientServerHello csh, CryptoWishList initialCwl, String hostname, int port,
+			ServerHostKeyVerifier keyVerifier, SecureRandom rnd)
+	{
+		this.tm = tm;
+		this.csh = csh;
+		this.nextKEXcryptoWishList = initialCwl;
+		this.nextKEXdhgexParameters = new DHGexParameters();
+		this.hostname = hostname;
+		this.port = port;
+		this.verifier = keyVerifier;
+		this.rnd = rnd;
+	}
+
+	public ConnectionInfo getOrWaitForConnectionInfo(int minKexCount) throws IOException
+	{
+		boolean wasInterrupted = false;
+
+		try
+		{
+			synchronized (accessLock)
+			{
+				while (true)
+				{
+					if ((lastConnInfo != null) && (lastConnInfo.keyExchangeCounter >= minKexCount))
+						return lastConnInfo;
+
+					if (connectionClosed)
+						throw (IOException) new IOException("Key exchange was not finished, connection is closed.")
+								.initCause(tm.getReasonClosedCause());
+
+					try
+					{
+						accessLock.wait();
+					}
+					catch (InterruptedException e)
+					{
+						wasInterrupted = true;
+					}
+				}
+			}
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+	}
+
+	private String getFirstMatch(String[] client, String[] server) throws NegotiateException
+	{
+		if (client == null || server == null)
+			throw new IllegalArgumentException();
+
+		if (client.length == 0)
+			return null;
+
+		for (int i = 0; i < client.length; i++)
+		{
+			for (int j = 0; j < server.length; j++)
+			{
+				if (client[i].equals(server[j]))
+					return client[i];
+			}
+		}
+		throw new NegotiateException();
+	}
+
+	private boolean compareFirstOfNameList(String[] a, String[] b)
+	{
+		if (a == null || b == null)
+			throw new IllegalArgumentException();
+
+		if ((a.length == 0) && (b.length == 0))
+			return true;
+
+		if ((a.length == 0) || (b.length == 0))
+			return false;
+
+		return (a[0].equals(b[0]));
+	}
+
+	private boolean isGuessOK(KexParameters cpar, KexParameters spar)
+	{
+		if (cpar == null || spar == null)
+			throw new IllegalArgumentException();
+
+		if (compareFirstOfNameList(cpar.kex_algorithms, spar.kex_algorithms) == false)
+		{
+			return false;
+		}
+
+		if (compareFirstOfNameList(cpar.server_host_key_algorithms, spar.server_host_key_algorithms) == false)
+		{
+			return false;
+		}
+
+		/*
+		 * We do NOT check here if the other algorithms can be agreed on, this
+		 * is just a check if kex_algorithms and server_host_key_algorithms were
+		 * guessed right!
+		 */
+
+		return true;
+	}
+
+	private NegotiatedParameters mergeKexParameters(KexParameters client, KexParameters server)
+	{
+		NegotiatedParameters np = new NegotiatedParameters();
+
+		try
+		{
+			np.kex_algo = getFirstMatch(client.kex_algorithms, server.kex_algorithms);
+
+			log.info("kex_algo=" + np.kex_algo);
+
+			np.server_host_key_algo = getFirstMatch(client.server_host_key_algorithms,
+					server.server_host_key_algorithms);
+
+			log.info("server_host_key_algo=" + np.server_host_key_algo);
+
+			np.enc_algo_client_to_server = getFirstMatch(client.encryption_algorithms_client_to_server,
+					server.encryption_algorithms_client_to_server);
+			np.enc_algo_server_to_client = getFirstMatch(client.encryption_algorithms_server_to_client,
+					server.encryption_algorithms_server_to_client);
+
+			log.info("enc_algo_client_to_server=" + np.enc_algo_client_to_server);
+			log.info("enc_algo_server_to_client=" + np.enc_algo_server_to_client);
+
+			np.mac_algo_client_to_server = getFirstMatch(client.mac_algorithms_client_to_server,
+					server.mac_algorithms_client_to_server);
+			np.mac_algo_server_to_client = getFirstMatch(client.mac_algorithms_server_to_client,
+					server.mac_algorithms_server_to_client);
+
+			log.info("mac_algo_client_to_server=" + np.mac_algo_client_to_server);
+			log.info("mac_algo_server_to_client=" + np.mac_algo_server_to_client);
+
+			np.comp_algo_client_to_server = getFirstMatch(client.compression_algorithms_client_to_server,
+					server.compression_algorithms_client_to_server);
+			np.comp_algo_server_to_client = getFirstMatch(client.compression_algorithms_server_to_client,
+					server.compression_algorithms_server_to_client);
+
+			log.info("comp_algo_client_to_server=" + np.comp_algo_client_to_server);
+			log.info("comp_algo_server_to_client=" + np.comp_algo_server_to_client);
+
+		}
+		catch (NegotiateException e)
+		{
+			return null;
+		}
+
+		try
+		{
+			np.lang_client_to_server = getFirstMatch(client.languages_client_to_server,
+					server.languages_client_to_server);
+		}
+		catch (NegotiateException e1)
+		{
+			np.lang_client_to_server = null;
+		}
+
+		try
+		{
+			np.lang_server_to_client = getFirstMatch(client.languages_server_to_client,
+					server.languages_server_to_client);
+		}
+		catch (NegotiateException e2)
+		{
+			np.lang_server_to_client = null;
+		}
+
+		if (isGuessOK(client, server))
+			np.guessOK = true;
+
+		return np;
+	}
+
+	public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex) throws IOException
+	{
+		nextKEXcryptoWishList = cwl;
+		nextKEXdhgexParameters = dhgex;
+
+		if (kxs == null)
+		{
+			kxs = new KexState();
+
+			kxs.dhgexParameters = nextKEXdhgexParameters;
+			PacketKexInit kp = new PacketKexInit(nextKEXcryptoWishList, rnd);
+			kxs.localKEX = kp;
+			tm.sendKexMessage(kp.getPayload());
+		}
+	}
+
+	private boolean establishKeyMaterial()
+	{
+		try
+		{
+			int mac_cs_key_len = MAC.getKeyLen(kxs.np.mac_algo_client_to_server);
+			int enc_cs_key_len = BlockCipherFactory.getKeySize(kxs.np.enc_algo_client_to_server);
+			int enc_cs_block_len = BlockCipherFactory.getBlockSize(kxs.np.enc_algo_client_to_server);
+
+			int mac_sc_key_len = MAC.getKeyLen(kxs.np.mac_algo_server_to_client);
+			int enc_sc_key_len = BlockCipherFactory.getKeySize(kxs.np.enc_algo_server_to_client);
+			int enc_sc_block_len = BlockCipherFactory.getBlockSize(kxs.np.enc_algo_server_to_client);
+
+			km = KeyMaterial.create("SHA1", kxs.H, kxs.K, sessionId, enc_cs_key_len, enc_cs_block_len, mac_cs_key_len,
+					enc_sc_key_len, enc_sc_block_len, mac_sc_key_len);
+		}
+		catch (IllegalArgumentException e)
+		{
+			return false;
+		}
+		return true;
+	}
+
+	private void finishKex() throws IOException
+	{
+		if (sessionId == null)
+			sessionId = kxs.H;
+
+		establishKeyMaterial();
+
+		/* Tell the other side that we start using the new material */
+
+		PacketNewKeys ign = new PacketNewKeys();
+		tm.sendKexMessage(ign.getPayload());
+
+		BlockCipher cbc;
+		MAC mac;
+
+		try
+		{
+			cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_client_to_server, true, km.enc_key_client_to_server,
+					km.initial_iv_client_to_server);
+
+			mac = new MAC(kxs.np.mac_algo_client_to_server, km.integrity_key_client_to_server);
+
+		}
+		catch (IllegalArgumentException e1)
+		{
+			throw new IOException("Fatal error during MAC startup!");
+		}
+
+		tm.changeSendCipher(cbc, mac);
+		tm.kexFinished();
+	}
+
+	public static String[] getDefaultServerHostkeyAlgorithmList()
+	{
+		return new String[] { "ssh-rsa", "ssh-dss" };
+	}
+
+	public static void checkServerHostkeyAlgorithmsList(String[] algos)
+	{
+		for (int i = 0; i < algos.length; i++)
+		{
+			if (("ssh-rsa".equals(algos[i]) == false) && ("ssh-dss".equals(algos[i]) == false))
+				throw new IllegalArgumentException("Unknown server host key algorithm '" + algos[i] + "'");
+		}
+	}
+
+	public static String[] getDefaultKexAlgorithmList()
+	{
+		return new String[] { "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1",
+				"diffie-hellman-group1-sha1" };
+	}
+
+	public static void checkKexAlgorithmList(String[] algos)
+	{
+		for (int i = 0; i < algos.length; i++)
+		{
+			if ("diffie-hellman-group-exchange-sha1".equals(algos[i]))
+				continue;
+
+			if ("diffie-hellman-group14-sha1".equals(algos[i]))
+				continue;
+
+			if ("diffie-hellman-group1-sha1".equals(algos[i]))
+				continue;
+
+			throw new IllegalArgumentException("Unknown kex algorithm '" + algos[i] + "'");
+		}
+	}
+
+	private boolean verifySignature(byte[] sig, byte[] hostkey) throws IOException
+	{
+		if (kxs.np.server_host_key_algo.equals("ssh-rsa"))
+		{
+			RSASignature rs = RSASHA1Verify.decodeSSHRSASignature(sig);
+			RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey);
+
+			log.debug("Verifying ssh-rsa signature");
+
+			return RSASHA1Verify.verifySignature(kxs.H, rs, rpk);
+		}
+
+		if (kxs.np.server_host_key_algo.equals("ssh-dss"))
+		{
+			DSASignature ds = DSASHA1Verify.decodeSSHDSASignature(sig);
+			DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey);
+
+			log.debug("Verifying ssh-dss signature");
+
+			return DSASHA1Verify.verifySignature(kxs.H, ds, dpk);
+		}
+
+		throw new IOException("Unknown server host key algorithm '" + kxs.np.server_host_key_algo + "'");
+	}
+
+	public synchronized void handleMessage(byte[] msg, int msglen) throws IOException
+	{
+		PacketKexInit kip;
+
+		if (msg == null)
+		{
+			synchronized (accessLock)
+			{
+				connectionClosed = true;
+				accessLock.notifyAll();
+				return;
+			}
+		}
+
+		if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT))
+			throw new IOException("Unexpected KEX message (type " + msg[0] + ")");
+
+		if (ignore_next_kex_packet)
+		{
+			ignore_next_kex_packet = false;
+			return;
+		}
+
+		if (msg[0] == Packets.SSH_MSG_KEXINIT)
+		{
+			if ((kxs != null) && (kxs.state != 0))
+				throw new IOException("Unexpected SSH_MSG_KEXINIT message during on-going kex exchange!");
+
+			if (kxs == null)
+			{
+				/*
+				 * Ah, OK, peer wants to do KEX. Let's be nice and play
+				 * together.
+				 */
+				kxs = new KexState();
+				kxs.dhgexParameters = nextKEXdhgexParameters;
+				kip = new PacketKexInit(nextKEXcryptoWishList, rnd);
+				kxs.localKEX = kip;
+				tm.sendKexMessage(kip.getPayload());
+			}
+
+			kip = new PacketKexInit(msg, 0, msglen);
+			kxs.remoteKEX = kip;
+
+			kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters());
+
+			if (kxs.np == null)
+				throw new IOException("Cannot negotiate, proposals do not match.");
+
+			if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false))
+			{
+				/*
+				 * Guess was wrong, we need to ignore the next kex packet.
+				 */
+
+				ignore_next_kex_packet = true;
+			}
+
+			if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1"))
+			{
+				if (kxs.dhgexParameters.getMin_group_len() == 0)
+				{
+					PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters);
+					tm.sendKexMessage(dhgexreq.getPayload());
+
+				}
+				else
+				{
+					PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters);
+					tm.sendKexMessage(dhgexreq.getPayload());
+				}
+				kxs.state = 1;
+				return;
+			}
+
+			if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
+					|| kxs.np.kex_algo.equals("diffie-hellman-group14-sha1"))
+			{
+				kxs.dhx = new DhExchange();
+
+				if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1"))
+					kxs.dhx.init(1, rnd);
+				else
+					kxs.dhx.init(14, rnd);
+
+				PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE());
+				tm.sendKexMessage(kp.getPayload());
+				kxs.state = 1;
+				return;
+			}
+
+			throw new IllegalStateException("Unkown KEX method!");
+		}
+
+		if (msg[0] == Packets.SSH_MSG_NEWKEYS)
+		{
+			if (km == null)
+				throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
+
+			BlockCipher cbc;
+			MAC mac;
+
+			try
+			{
+				cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_server_to_client, false,
+						km.enc_key_server_to_client, km.initial_iv_server_to_client);
+
+				mac = new MAC(kxs.np.mac_algo_server_to_client, km.integrity_key_server_to_client);
+
+			}
+			catch (IllegalArgumentException e1)
+			{
+				throw new IOException("Fatal error during MAC startup!");
+			}
+
+			tm.changeRecvCipher(cbc, mac);
+
+			ConnectionInfo sci = new ConnectionInfo();
+
+			kexCount++;
+
+			sci.keyExchangeAlgorithm = kxs.np.kex_algo;
+			sci.keyExchangeCounter = kexCount;
+			sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server;
+			sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client;
+			sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server;
+			sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client;
+			sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo;
+			sci.serverHostKey = kxs.hostkey;
+
+			synchronized (accessLock)
+			{
+				lastConnInfo = sci;
+				accessLock.notifyAll();
+			}
+
+			kxs = null;
+			return;
+		}
+
+		if ((kxs == null) || (kxs.state == 0))
+			throw new IOException("Unexpected Kex submessage!");
+
+		if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1"))
+		{
+			if (kxs.state == 1)
+			{
+				PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg, 0, msglen);
+				kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG());
+				kxs.dhgx.init(rnd);
+				PacketKexDhGexInit dhgexinit = new PacketKexDhGexInit(kxs.dhgx.getE());
+				tm.sendKexMessage(dhgexinit.getPayload());
+				kxs.state = 2;
+				return;
+			}
+
+			if (kxs.state == 2)
+			{
+				PacketKexDhGexReply dhgexrpl = new PacketKexDhGexReply(msg, 0, msglen);
+
+				kxs.hostkey = dhgexrpl.getHostKey();
+
+				if (verifier != null)
+				{
+					boolean vres = false;
+
+					try
+					{
+						vres = verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.hostkey);
+					}
+					catch (Exception e)
+					{
+						throw (IOException) new IOException(
+								"The server hostkey was not accepted by the verifier callback.").initCause(e);
+					}
+
+					if (vres == false)
+						throw new IOException("The server hostkey was not accepted by the verifier callback");
+				}
+
+				kxs.dhgx.setF(dhgexrpl.getF());
+
+				try
+				{
+					kxs.H = kxs.dhgx.calculateH(csh.getClientString(), csh.getServerString(),
+							kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(),
+							kxs.dhgexParameters);
+				}
+				catch (IllegalArgumentException e)
+				{
+					throw (IOException) new IOException("KEX error.").initCause(e);
+				}
+
+				boolean res = verifySignature(dhgexrpl.getSignature(), kxs.hostkey);
+
+				if (res == false)
+					throw new IOException("Hostkey signature sent by remote is wrong!");
+
+				kxs.K = kxs.dhgx.getK();
+
+				finishKex();
+				kxs.state = -1;
+				return;
+			}
+
+			throw new IllegalStateException("Illegal State in KEX Exchange!");
+		}
+
+		if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
+				|| kxs.np.kex_algo.equals("diffie-hellman-group14-sha1"))
+		{
+			if (kxs.state == 1)
+			{
+
+				PacketKexDHReply dhr = new PacketKexDHReply(msg, 0, msglen);
+
+				kxs.hostkey = dhr.getHostKey();
+
+				if (verifier != null)
+				{
+					boolean vres = false;
+
+					try
+					{
+						vres = verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.hostkey);
+					}
+					catch (Exception e)
+					{
+						throw (IOException) new IOException(
+								"The server hostkey was not accepted by the verifier callback.").initCause(e);
+					}
+
+					if (vres == false)
+						throw new IOException("The server hostkey was not accepted by the verifier callback");
+				}
+
+				kxs.dhx.setF(dhr.getF());
+
+				try
+				{
+					kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), kxs.localKEX.getPayload(),
+							kxs.remoteKEX.getPayload(), dhr.getHostKey());
+				}
+				catch (IllegalArgumentException e)
+				{
+					throw (IOException) new IOException("KEX error.").initCause(e);
+				}
+
+				boolean res = verifySignature(dhr.getSignature(), kxs.hostkey);
+
+				if (res == false)
+					throw new IOException("Hostkey signature sent by remote is wrong!");
+
+				kxs.K = kxs.dhx.getK();
+
+				finishKex();
+				kxs.state = -1;
+				return;
+			}
+		}
+
+		throw new IllegalStateException("Unkown KEX method! (" + kxs.np.kex_algo + ")");
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/transport/KexParameters.java b/src/main/java/ch/ethz/ssh2/transport/KexParameters.java
new file mode 100644
index 0000000..15a3046
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/transport/KexParameters.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.transport;
+
+/**
+ * KexParameters.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class KexParameters
+{
+	public byte[] cookie;
+	public String[] kex_algorithms;
+	public String[] server_host_key_algorithms;
+	public String[] encryption_algorithms_client_to_server;
+	public String[] encryption_algorithms_server_to_client;
+	public String[] mac_algorithms_client_to_server;
+	public String[] mac_algorithms_server_to_client;
+	public String[] compression_algorithms_client_to_server;
+	public String[] compression_algorithms_server_to_client;
+	public String[] languages_client_to_server;
+	public String[] languages_server_to_client;
+	public boolean first_kex_packet_follows;
+	public int reserved_field1;
+}
diff --git a/src/main/java/ch/ethz/ssh2/transport/KexState.java b/src/main/java/ch/ethz/ssh2/transport/KexState.java
new file mode 100644
index 0000000..520b066
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/transport/KexState.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.transport;
+
+import ch.ethz.ssh2.DHGexParameters;
+import ch.ethz.ssh2.crypto.dh.DhExchange;
+import ch.ethz.ssh2.crypto.dh.DhGroupExchange;
+import java.math.BigInteger;
+import ch.ethz.ssh2.packets.PacketKexInit;
+
+/**
+ * KexState.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class KexState
+{
+	public PacketKexInit localKEX;
+	public PacketKexInit remoteKEX;
+	public NegotiatedParameters np;
+	public int state = 0;
+
+	public BigInteger K;
+	public byte[] H;
+	
+	public byte[] hostkey;
+	
+	public DhExchange dhx;
+	public DhGroupExchange dhgx;
+	public DHGexParameters dhgexParameters;
+}
diff --git a/src/main/java/ch/ethz/ssh2/transport/MessageHandler.java b/src/main/java/ch/ethz/ssh2/transport/MessageHandler.java
new file mode 100644
index 0000000..928ad4b
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/transport/MessageHandler.java
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.transport;
+
+import java.io.IOException;
+
+/**
+ * MessageHandler.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public interface MessageHandler
+{
+	public void handleMessage(byte[] msg, int msglen) throws IOException;
+}
diff --git a/src/main/java/ch/ethz/ssh2/transport/NegotiateException.java b/src/main/java/ch/ethz/ssh2/transport/NegotiateException.java
new file mode 100644
index 0000000..63a44c1
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/transport/NegotiateException.java
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.transport;
+
+/**
+ * NegotiateException.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class NegotiateException extends Exception
+{
+	private static final long serialVersionUID = 3689910669428143157L;
+}
diff --git a/src/main/java/ch/ethz/ssh2/transport/NegotiatedParameters.java b/src/main/java/ch/ethz/ssh2/transport/NegotiatedParameters.java
new file mode 100644
index 0000000..b66b25a
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/transport/NegotiatedParameters.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.transport;
+
+/**
+ * NegotiatedParameters.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class NegotiatedParameters
+{
+	public boolean guessOK;
+	public String kex_algo;
+	public String server_host_key_algo;
+	public String enc_algo_client_to_server;
+	public String enc_algo_server_to_client;
+	public String mac_algo_client_to_server;
+	public String mac_algo_server_to_client;
+	public String comp_algo_client_to_server;
+	public String comp_algo_server_to_client;
+	public String lang_client_to_server;
+	public String lang_server_to_client;
+}
diff --git a/src/main/java/ch/ethz/ssh2/transport/TransportConnection.java b/src/main/java/ch/ethz/ssh2/transport/TransportConnection.java
new file mode 100644
index 0000000..0c1667c
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/transport/TransportConnection.java
@@ -0,0 +1,286 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.transport;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.SecureRandom;
+
+import ch.ethz.ssh2.crypto.cipher.BlockCipher;
+import ch.ethz.ssh2.crypto.cipher.CipherInputStream;
+import ch.ethz.ssh2.crypto.cipher.CipherOutputStream;
+import ch.ethz.ssh2.crypto.cipher.NullCipher;
+import ch.ethz.ssh2.crypto.digest.MAC;
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.packets.Packets;
+
+/**
+ * TransportConnection.
+ *
+ * @author Christian Plattner
+ * @version $Id: TransportConnection.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class TransportConnection
+{
+	private static final Logger log = Logger.getLogger(TransportConnection.class);
+
+	int send_seq_number = 0;
+
+	int recv_seq_number = 0;
+
+	CipherInputStream cis;
+
+	CipherOutputStream cos;
+
+	boolean useRandomPadding = false;
+
+	/* Depends on current MAC and CIPHER */
+
+	MAC send_mac;
+
+	byte[] send_mac_buffer;
+
+	int send_padd_blocksize = 8;
+
+	MAC recv_mac;
+
+	byte[] recv_mac_buffer;
+
+	byte[] recv_mac_buffer_cmp;
+
+	int recv_padd_blocksize = 8;
+
+	/* won't change */
+
+	final byte[] send_padding_buffer = new byte[256];
+
+	final byte[] send_packet_header_buffer = new byte[5];
+
+	final byte[] recv_padding_buffer = new byte[256];
+
+	final byte[] recv_packet_header_buffer = new byte[5];
+
+	boolean recv_packet_header_present = false;
+
+	ClientServerHello csh;
+
+	final SecureRandom rnd;
+
+	public TransportConnection(InputStream is, OutputStream os, SecureRandom rnd)
+	{
+		this.cis = new CipherInputStream(new NullCipher(), is);
+		this.cos = new CipherOutputStream(new NullCipher(), os);
+		this.rnd = rnd;
+	}
+
+	public void changeRecvCipher(BlockCipher bc, MAC mac)
+	{
+		cis.changeCipher(bc);
+		recv_mac = mac;
+		recv_mac_buffer = (mac != null) ? new byte[mac.size()] : null;
+		recv_mac_buffer_cmp = (mac != null) ? new byte[mac.size()] : null;
+		recv_padd_blocksize = bc.getBlockSize();
+		if (recv_padd_blocksize < 8)
+			recv_padd_blocksize = 8;
+	}
+
+	public void changeSendCipher(BlockCipher bc, MAC mac)
+	{
+		if ((bc instanceof NullCipher) == false)
+		{
+			/* Only use zero byte padding for the first few packets */
+			useRandomPadding = true;
+			/* Once we start encrypting, there is no way back */
+		}
+
+		cos.changeCipher(bc);
+		send_mac = mac;
+		send_mac_buffer = (mac != null) ? new byte[mac.size()] : null;
+		send_padd_blocksize = bc.getBlockSize();
+		if (send_padd_blocksize < 8)
+			send_padd_blocksize = 8;
+	}
+
+	public void sendMessage(byte[] message) throws IOException
+	{
+		sendMessage(message, 0, message.length, 0);
+	}
+
+	public void sendMessage(byte[] message, int off, int len) throws IOException
+	{
+		sendMessage(message, off, len, 0);
+	}
+
+	public int getPacketOverheadEstimate()
+	{
+		// return an estimate for the paket overhead (for send operations)
+		return 5 + 4 + (send_padd_blocksize - 1) + send_mac_buffer.length;
+	}
+
+	public void sendMessage(byte[] message, int off, int len, int padd) throws IOException
+	{
+		if (padd < 4)
+			padd = 4;
+		else if (padd > 64)
+			padd = 64;
+
+		int packet_len = 5 + len + padd; /* Minimum allowed padding is 4 */
+
+		int slack = packet_len % send_padd_blocksize;
+
+		if (slack != 0)
+		{
+			packet_len += (send_padd_blocksize - slack);
+		}
+
+		if (packet_len < 16)
+			packet_len = 16;
+
+		int padd_len = packet_len - (5 + len);
+
+		if (useRandomPadding)
+		{
+			for (int i = 0; i < padd_len; i = i + 4)
+			{
+				/*
+				 * don't waste calls to rnd.nextInt() (by using only 8bit of the
+				 * output). just believe me: even though we may write here up to 3
+				 * bytes which won't be used, there is no "buffer overflow" (i.e.,
+				 * arrayindexoutofbounds). the padding buffer is big enough =) (256
+				 * bytes, and that is bigger than any current cipher block size + 64).
+				 */
+
+				int r = rnd.nextInt();
+				send_padding_buffer[i] = (byte) r;
+				send_padding_buffer[i + 1] = (byte) (r >> 8);
+				send_padding_buffer[i + 2] = (byte) (r >> 16);
+				send_padding_buffer[i + 3] = (byte) (r >> 24);
+			}
+		}
+		else
+		{
+			/* use zero padding for unencrypted traffic */
+			for (int i = 0; i < padd_len; i++)
+				send_padding_buffer[i] = 0;
+			/* Actually this code is paranoid: we never filled any
+			 * bytes into the padding buffer so far, therefore it should
+			 * consist of zeros only.
+			 */
+		}
+
+		send_packet_header_buffer[0] = (byte) ((packet_len - 4) >> 24);
+		send_packet_header_buffer[1] = (byte) ((packet_len - 4) >> 16);
+		send_packet_header_buffer[2] = (byte) ((packet_len - 4) >> 8);
+		send_packet_header_buffer[3] = (byte) ((packet_len - 4));
+		send_packet_header_buffer[4] = (byte) padd_len;
+
+		cos.write(send_packet_header_buffer, 0, 5);
+		cos.write(message, off, len);
+		cos.write(send_padding_buffer, 0, padd_len);
+
+		if (send_mac != null)
+		{
+			send_mac.initMac(send_seq_number);
+			send_mac.update(send_packet_header_buffer, 0, 5);
+			send_mac.update(message, off, len);
+			send_mac.update(send_padding_buffer, 0, padd_len);
+
+			send_mac.getMac(send_mac_buffer, 0);
+			cos.writePlain(send_mac_buffer, 0, send_mac_buffer.length);
+		}
+
+		cos.flush();
+
+		if (log.isDebugEnabled())
+		{
+			log.debug("Sent " + Packets.getMessageName(message[off] & 0xff) + " " + len + " bytes payload");
+		}
+
+		send_seq_number++;
+	}
+
+	public int peekNextMessageLength() throws IOException
+	{
+		if (recv_packet_header_present == false)
+		{
+			cis.read(recv_packet_header_buffer, 0, 5);
+			recv_packet_header_present = true;
+		}
+
+		int packet_length = ((recv_packet_header_buffer[0] & 0xff) << 24)
+				| ((recv_packet_header_buffer[1] & 0xff) << 16) | ((recv_packet_header_buffer[2] & 0xff) << 8)
+				| ((recv_packet_header_buffer[3] & 0xff));
+
+		int padding_length = recv_packet_header_buffer[4] & 0xff;
+
+		if (packet_length > 35000 || packet_length < 12)
+			throw new IOException("Illegal packet size! (" + packet_length + ")");
+
+		int payload_length = packet_length - padding_length - 1;
+
+		if (payload_length < 0)
+			throw new IOException("Illegal padding_length in packet from remote (" + padding_length + ")");
+
+		return payload_length;
+	}
+
+	public int receiveMessage(byte buffer[], int off, int len) throws IOException
+	{
+		if (recv_packet_header_present == false)
+		{
+			cis.read(recv_packet_header_buffer, 0, 5);
+		}
+		else
+			recv_packet_header_present = false;
+
+		int packet_length = ((recv_packet_header_buffer[0] & 0xff) << 24)
+				| ((recv_packet_header_buffer[1] & 0xff) << 16) | ((recv_packet_header_buffer[2] & 0xff) << 8)
+				| ((recv_packet_header_buffer[3] & 0xff));
+
+		int padding_length = recv_packet_header_buffer[4] & 0xff;
+
+		if (packet_length > 35000 || packet_length < 12)
+			throw new IOException("Illegal packet size! (" + packet_length + ")");
+
+		int payload_length = packet_length - padding_length - 1;
+
+		if (payload_length < 0)
+			throw new IOException("Illegal padding_length in packet from remote (" + padding_length + ")");
+
+		if (payload_length >= len)
+			throw new IOException("Receive buffer too small (" + len + ", need " + payload_length + ")");
+
+		cis.read(buffer, off, payload_length);
+		cis.read(recv_padding_buffer, 0, padding_length);
+
+		if (recv_mac != null)
+		{
+			cis.readPlain(recv_mac_buffer, 0, recv_mac_buffer.length);
+
+			recv_mac.initMac(recv_seq_number);
+			recv_mac.update(recv_packet_header_buffer, 0, 5);
+			recv_mac.update(buffer, off, payload_length);
+			recv_mac.update(recv_padding_buffer, 0, padding_length);
+			recv_mac.getMac(recv_mac_buffer_cmp, 0);
+
+			for (int i = 0; i < recv_mac_buffer.length; i++)
+			{
+				if (recv_mac_buffer[i] != recv_mac_buffer_cmp[i])
+					throw new IOException("Remote sent corrupt MAC.");
+			}
+		}
+
+		recv_seq_number++;
+
+		if (log.isDebugEnabled())
+		{
+			log.debug("Received " + Packets.getMessageName(buffer[off] & 0xff) + " " + payload_length
+					+ " bytes payload");
+		}
+
+		return payload_length;
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/transport/TransportManager.java b/src/main/java/ch/ethz/ssh2/transport/TransportManager.java
new file mode 100644
index 0000000..7e8726a
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/transport/TransportManager.java
@@ -0,0 +1,846 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+
+package ch.ethz.ssh2.transport;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.SocketTimeoutException;
+import java.net.UnknownHostException;
+import java.security.SecureRandom;
+import java.util.List;
+import java.util.Vector;
+
+import ch.ethz.ssh2.ConnectionInfo;
+import ch.ethz.ssh2.ConnectionMonitor;
+import ch.ethz.ssh2.DHGexParameters;
+import ch.ethz.ssh2.HTTPProxyData;
+import ch.ethz.ssh2.HTTPProxyException;
+import ch.ethz.ssh2.ProxyData;
+import ch.ethz.ssh2.ServerHostKeyVerifier;
+import ch.ethz.ssh2.crypto.Base64;
+import ch.ethz.ssh2.crypto.CryptoWishList;
+import ch.ethz.ssh2.crypto.cipher.BlockCipher;
+import ch.ethz.ssh2.crypto.digest.MAC;
+import ch.ethz.ssh2.log.Logger;
+import ch.ethz.ssh2.packets.PacketDisconnect;
+import ch.ethz.ssh2.packets.Packets;
+import ch.ethz.ssh2.packets.TypesReader;
+import ch.ethz.ssh2.util.StringEncoder;
+import ch.ethz.ssh2.util.Tokenizer;
+
+/*
+ * Yes, the "standard" is a big mess. On one side, the say that arbitary channel
+ * packets are allowed during kex exchange, on the other side we need to blindly
+ * ignore the next _packet_ if the KEX guess was wrong. Where do we know from that
+ * the next packet is not a channel data packet? Yes, we could check if it is in
+ * the KEX range. But the standard says nothing about this. The OpenSSH guys
+ * block local "normal" traffic during KEX. That's fine - however, they assume
+ * that the other side is doing the same. During re-key, if they receive traffic
+ * other than KEX, they become horribly irritated and kill the connection. Since
+ * we are very likely going to communicate with OpenSSH servers, we have to play
+ * the same game - even though we could do better.
+ * 
+ * btw: having stdout and stderr on the same channel, with a shared window, is
+ * also a VERY good idea... =(
+ */
+
+/**
+ * TransportManager.
+ *
+ * @author Christian Plattner
+ * @version $Id: TransportManager.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class TransportManager
+{
+	private static final Logger log = Logger.getLogger(TransportManager.class);
+
+	private static class HandlerEntry
+	{
+		MessageHandler mh;
+		int low;
+		int high;
+	}
+
+	private final List<byte[]> asynchronousQueue = new Vector<byte[]>();
+	private Thread asynchronousThread = null;
+
+	class AsynchronousWorker extends Thread
+	{
+		@Override
+		public void run()
+		{
+			while (true)
+			{
+				byte[] msg = null;
+
+				synchronized (asynchronousQueue)
+				{
+					if (asynchronousQueue.size() == 0)
+					{
+						/* After the queue is empty for about 2 seconds, stop this thread */
+
+						try
+						{
+							asynchronousQueue.wait(2000);
+						}
+						catch (InterruptedException ignore)
+						{
+						}
+
+						if (asynchronousQueue.size() == 0)
+						{
+							asynchronousThread = null;
+							return;
+						}
+					}
+
+					msg = asynchronousQueue.remove(0);
+				}
+
+				/* The following invocation may throw an IOException.
+				 * There is no point in handling it - it simply means
+				 * that the connection has a problem and we should stop
+				 * sending asynchronously messages. We do not need to signal that
+				 * we have exited (asynchronousThread = null): further
+				 * messages in the queue cannot be sent by this or any
+				 * other thread.
+				 * Other threads will sooner or later (when receiving or
+				 * sending the next message) get the same IOException and
+				 * get to the same conclusion.
+				 */
+
+				try
+				{
+					sendMessage(msg);
+				}
+				catch (IOException e)
+				{
+					return;
+				}
+			}
+		}
+	}
+
+	private String hostname;
+	private int port;
+	private final Socket sock = new Socket();
+
+	private final Object connectionSemaphore = new Object();
+
+	private boolean flagKexOngoing = false;
+	private boolean connectionClosed = false;
+
+	private Throwable reasonClosedCause = null;
+
+	private TransportConnection tc;
+	private KexManager km;
+
+	private final List<HandlerEntry> messageHandlers = new Vector<HandlerEntry>();
+
+	private Thread receiveThread;
+
+	private List<ConnectionMonitor> connectionMonitors = new Vector<ConnectionMonitor>();
+	private boolean monitorsWereInformed = false;
+
+	/**
+	 * There were reports that there are JDKs which use
+	 * the resolver even though one supplies a dotted IP
+	 * address in the Socket constructor. That is why we
+	 * try to generate the InetAdress "by hand".
+	 *
+	 * @param host
+	 * @return the InetAddress
+	 * @throws UnknownHostException
+	 */
+	private InetAddress createInetAddress(String host) throws UnknownHostException
+	{
+		/* Check if it is a dotted IP4 address */
+
+		InetAddress addr = parseIPv4Address(host);
+
+		if (addr != null)
+		{
+			return addr;
+		}
+
+		return InetAddress.getByName(host);
+	}
+
+	private InetAddress parseIPv4Address(String host) throws UnknownHostException
+	{
+		if (host == null)
+		{
+			return null;
+		}
+
+		String[] quad = Tokenizer.parseTokens(host, '.');
+
+		if ((quad == null) || (quad.length != 4))
+		{
+			return null;
+		}
+
+		byte[] addr = new byte[4];
+
+		for (int i = 0; i < 4; i++)
+		{
+			int part = 0;
+
+			if ((quad[i].length() == 0) || (quad[i].length() > 3))
+			{
+				return null;
+			}
+
+			for (int k = 0; k < quad[i].length(); k++)
+			{
+				char c = quad[i].charAt(k);
+
+				/* No, Character.isDigit is not the same */
+				if ((c < '0') || (c > '9'))
+				{
+					return null;
+				}
+
+				part = part * 10 + (c - '0');
+			}
+
+			if (part > 255) /* 300.1.2.3 is invalid =) */
+			{
+				return null;
+			}
+
+			addr[i] = (byte) part;
+		}
+
+		return InetAddress.getByAddress(host, addr);
+	}
+
+	public TransportManager(String host, int port) throws IOException
+	{
+		this.hostname = host;
+		this.port = port;
+	}
+
+	public int getPacketOverheadEstimate()
+	{
+		return tc.getPacketOverheadEstimate();
+	}
+
+	public void setTcpNoDelay(boolean state) throws IOException
+	{
+		sock.setTcpNoDelay(state);
+	}
+
+	public void setSoTimeout(int timeout) throws IOException
+	{
+		sock.setSoTimeout(timeout);
+	}
+
+	public ConnectionInfo getConnectionInfo(int kexNumber) throws IOException
+	{
+		return km.getOrWaitForConnectionInfo(kexNumber);
+	}
+
+	public Throwable getReasonClosedCause()
+	{
+		synchronized (connectionSemaphore)
+		{
+			return reasonClosedCause;
+		}
+	}
+
+	public byte[] getSessionIdentifier()
+	{
+		return km.sessionId;
+	}
+
+	public void close(Throwable cause, boolean useDisconnectPacket)
+	{
+		if (useDisconnectPacket == false)
+		{
+			/* OK, hard shutdown - do not aquire the semaphore,
+			 * perhaps somebody is inside (and waits until the remote
+			 * side is ready to accept new data). */
+
+			try
+			{
+				sock.close();
+			}
+			catch (IOException ignore)
+			{
+			}
+
+			/* OK, whoever tried to send data, should now agree that
+			 * there is no point in further waiting =)
+			 * It is safe now to aquire the semaphore.
+			 */
+		}
+
+		synchronized (connectionSemaphore)
+		{
+			if (connectionClosed == false)
+			{
+				if (useDisconnectPacket == true)
+				{
+					try
+					{
+						byte[] msg = new PacketDisconnect(Packets.SSH_DISCONNECT_BY_APPLICATION, cause.getMessage(), "")
+								.getPayload();
+						if (tc != null)
+						{
+							tc.sendMessage(msg);
+						}
+					}
+					catch (IOException ignore)
+					{
+					}
+
+					try
+					{
+						sock.close();
+					}
+					catch (IOException ignore)
+					{
+					}
+				}
+
+				connectionClosed = true;
+				reasonClosedCause = cause; /* may be null */
+			}
+			connectionSemaphore.notifyAll();
+		}
+
+		/* No check if we need to inform the monitors */
+
+		List<ConnectionMonitor> monitors = new Vector<ConnectionMonitor>();
+
+		synchronized (this)
+		{
+			/* Short term lock to protect "connectionMonitors"
+			 * and "monitorsWereInformed"
+			 * (they may be modified concurrently)
+			 */
+
+			if (monitorsWereInformed == false)
+			{
+				monitorsWereInformed = true;
+				monitors.addAll(connectionMonitors);
+			}
+		}
+
+		for (ConnectionMonitor cmon : monitors)
+		{
+			try
+			{
+				cmon.connectionLost(reasonClosedCause);
+			}
+			catch (Exception ignore)
+			{
+			}
+		}
+	}
+
+	private void establishConnection(ProxyData proxyData, int connectTimeout) throws IOException
+	{
+		/* See the comment for createInetAddress() */
+
+		if (proxyData == null)
+		{
+			InetAddress addr = createInetAddress(hostname);
+			sock.connect(new InetSocketAddress(addr, port), connectTimeout);
+			return;
+		}
+
+		if (proxyData instanceof HTTPProxyData)
+		{
+			HTTPProxyData pd = (HTTPProxyData) proxyData;
+
+			/* At the moment, we only support HTTP proxies */
+
+			InetAddress addr = createInetAddress(pd.proxyHost);
+			sock.connect(new InetSocketAddress(addr, pd.proxyPort), connectTimeout);
+
+			/* OK, now tell the proxy where we actually want to connect to */
+
+			StringBuilder sb = new StringBuilder();
+
+			sb.append("CONNECT ");
+			sb.append(hostname);
+			sb.append(':');
+			sb.append(port);
+			sb.append(" HTTP/1.0\r\n");
+
+			if ((pd.proxyUser != null) && (pd.proxyPass != null))
+			{
+				String credentials = pd.proxyUser + ":" + pd.proxyPass;
+				char[] encoded = Base64.encode(StringEncoder.GetBytes(credentials));
+				sb.append("Proxy-Authorization: Basic ");
+				sb.append(encoded);
+				sb.append("\r\n");
+			}
+
+			if (pd.requestHeaderLines != null)
+			{
+				for (int i = 0; i < pd.requestHeaderLines.length; i++)
+				{
+					if (pd.requestHeaderLines[i] != null)
+					{
+						sb.append(pd.requestHeaderLines[i]);
+						sb.append("\r\n");
+					}
+				}
+			}
+
+			sb.append("\r\n");
+
+			OutputStream out = sock.getOutputStream();
+
+			out.write(StringEncoder.GetBytes(sb.toString()));
+			out.flush();
+
+			/* Now parse the HTTP response */
+
+			byte[] buffer = new byte[1024];
+			InputStream in = sock.getInputStream();
+
+			int len = ClientServerHello.readLineRN(in, buffer);
+
+			String httpReponse = StringEncoder.GetString(buffer, 0, len);
+
+			if (httpReponse.startsWith("HTTP/") == false)
+			{
+				throw new IOException("The proxy did not send back a valid HTTP response.");
+			}
+
+			/* "HTTP/1.X XYZ X" => 14 characters minimum */
+
+			if ((httpReponse.length() < 14) || (httpReponse.charAt(8) != ' ') || (httpReponse.charAt(12) != ' '))
+			{
+				throw new IOException("The proxy did not send back a valid HTTP response.");
+			}
+
+			int errorCode = 0;
+
+			try
+			{
+				errorCode = Integer.parseInt(httpReponse.substring(9, 12));
+			}
+			catch (NumberFormatException ignore)
+			{
+				throw new IOException("The proxy did not send back a valid HTTP response.");
+			}
+
+			if ((errorCode < 0) || (errorCode > 999))
+			{
+				throw new IOException("The proxy did not send back a valid HTTP response.");
+			}
+
+			if (errorCode != 200)
+			{
+				throw new HTTPProxyException(httpReponse.substring(13), errorCode);
+			}
+
+			/* OK, read until empty line */
+
+			while (true)
+			{
+				len = ClientServerHello.readLineRN(in, buffer);
+				if (len == 0)
+				{
+					break;
+				}
+			}
+			return;
+		}
+
+		throw new IOException("Unsupported ProxyData");
+	}
+
+	public void initialize(String identification, CryptoWishList cwl, ServerHostKeyVerifier verifier,
+						   DHGexParameters dhgex, int connectTimeout, SecureRandom rnd, ProxyData proxyData)
+			throws IOException
+	{
+		/* First, establish the TCP connection to the SSH-2 server */
+
+		establishConnection(proxyData, connectTimeout);
+
+		/* Parse the server line and say hello - important: this information is later needed for the
+		 * key exchange (to stop man-in-the-middle attacks) - that is why we wrap it into an object
+		 * for later use.
+		 */
+
+		ClientServerHello csh = new ClientServerHello(identification, sock.getInputStream(), sock.getOutputStream());
+
+		tc = new TransportConnection(sock.getInputStream(), sock.getOutputStream(), rnd);
+
+		km = new KexManager(this, csh, cwl, hostname, port, verifier, rnd);
+		km.initiateKEX(cwl, dhgex);
+
+		receiveThread = new Thread(new Runnable()
+		{
+			public void run()
+			{
+				try
+				{
+					receiveLoop();
+				}
+				catch (IOException e)
+				{
+					close(e, false);
+
+					log.warning("Receive thread: error in receiveLoop: " + e.getMessage());
+				}
+
+				if (log.isDebugEnabled())
+				{
+					log.debug("Receive thread: back from receiveLoop");
+				}
+
+				/* Tell all handlers that it is time to say goodbye */
+
+				if (km != null)
+				{
+					try
+					{
+						km.handleMessage(null, 0);
+					}
+					catch (IOException ignored)
+					{
+					}
+				}
+
+				for (HandlerEntry he : messageHandlers)
+				{
+					try
+					{
+						he.mh.handleMessage(null, 0);
+					}
+					catch (Exception ignore)
+					{
+					}
+				}
+			}
+		});
+
+		receiveThread.setDaemon(true);
+		receiveThread.start();
+	}
+
+	public void registerMessageHandler(MessageHandler mh, int low, int high)
+	{
+		HandlerEntry he = new HandlerEntry();
+		he.mh = mh;
+		he.low = low;
+		he.high = high;
+
+		synchronized (messageHandlers)
+		{
+			messageHandlers.add(he);
+		}
+	}
+
+	public void removeMessageHandler(MessageHandler mh, int low, int high)
+	{
+		synchronized (messageHandlers)
+		{
+			for (int i = 0; i < messageHandlers.size(); i++)
+			{
+				HandlerEntry he = messageHandlers.get(i);
+				if ((he.mh == mh) && (he.low == low) && (he.high == high))
+				{
+					messageHandlers.remove(i);
+					break;
+				}
+			}
+		}
+	}
+
+	public void sendKexMessage(byte[] msg) throws IOException
+	{
+		synchronized (connectionSemaphore)
+		{
+			if (connectionClosed)
+			{
+				throw (IOException) new IOException("Sorry, this connection is closed.").initCause(reasonClosedCause);
+			}
+
+			flagKexOngoing = true;
+
+			try
+			{
+				tc.sendMessage(msg);
+			}
+			catch (IOException e)
+			{
+				close(e, false);
+				throw e;
+			}
+		}
+	}
+
+	public void kexFinished() throws IOException
+	{
+		synchronized (connectionSemaphore)
+		{
+			flagKexOngoing = false;
+			connectionSemaphore.notifyAll();
+		}
+	}
+
+	public void forceKeyExchange(CryptoWishList cwl, DHGexParameters dhgex) throws IOException
+	{
+		km.initiateKEX(cwl, dhgex);
+	}
+
+	public void changeRecvCipher(BlockCipher bc, MAC mac)
+	{
+		tc.changeRecvCipher(bc, mac);
+	}
+
+	public void changeSendCipher(BlockCipher bc, MAC mac)
+	{
+		tc.changeSendCipher(bc, mac);
+	}
+
+	public void sendAsynchronousMessage(byte[] msg) throws IOException
+	{
+		synchronized (asynchronousQueue)
+		{
+			asynchronousQueue.add(msg);
+
+			/* This limit should be flexible enough. We need this, otherwise the peer
+			 * can flood us with global requests (and other stuff where we have to reply
+			 * with an asynchronous message) and (if the server just sends data and does not
+			 * read what we send) this will probably put us in a low memory situation
+			 * (our send queue would grow and grow and...) */
+
+			if (asynchronousQueue.size() > 100)
+			{
+				throw new IOException("Error: the peer is not consuming our asynchronous replies.");
+			}
+
+			/* Check if we have an asynchronous sending thread */
+
+			if (asynchronousThread == null)
+			{
+				asynchronousThread = new AsynchronousWorker();
+				asynchronousThread.setDaemon(true);
+				asynchronousThread.start();
+
+				/* The thread will stop after 2 seconds of inactivity (i.e., empty queue) */
+			}
+		}
+	}
+
+	public void setConnectionMonitors(List<ConnectionMonitor> monitors)
+	{
+		synchronized (this)
+		{
+			connectionMonitors = new Vector<ConnectionMonitor>();
+			connectionMonitors.addAll(monitors);
+		}
+	}
+
+	/**
+	 * True if no response message expected.
+	 */
+	private boolean idle;
+
+	public void sendMessage(byte[] msg) throws IOException
+	{
+		if (Thread.currentThread() == receiveThread)
+		{
+			throw new IOException("Assertion error: sendMessage may never be invoked by the receiver thread!");
+		}
+
+		boolean wasInterrupted = false;
+
+		try
+		{
+			synchronized (connectionSemaphore)
+			{
+				while (true)
+				{
+					if (connectionClosed)
+					{
+						throw (IOException) new IOException("Sorry, this connection is closed.")
+								.initCause(reasonClosedCause);
+					}
+
+					if (flagKexOngoing == false)
+					{
+						break;
+					}
+
+					try
+					{
+						connectionSemaphore.wait();
+					}
+					catch (InterruptedException e)
+					{
+						wasInterrupted = true;
+					}
+				}
+
+				try
+				{
+					tc.sendMessage(msg);
+					idle = false;
+				}
+				catch (IOException e)
+				{
+					close(e, false);
+					throw e;
+				}
+			}
+		}
+		finally
+		{
+			if (wasInterrupted)
+				Thread.currentThread().interrupt();
+		}
+	}
+
+	public void receiveLoop() throws IOException
+	{
+		byte[] msg = new byte[35000];
+
+		while (true)
+		{
+			int msglen;
+			try
+			{
+				msglen = tc.receiveMessage(msg, 0, msg.length);
+			}
+			catch (SocketTimeoutException e)
+			{
+				// Timeout in read
+				if (idle)
+				{
+					log.debug("Ignoring socket timeout");
+					continue;
+				}
+				throw e;
+			}
+			idle = true;
+
+			int type = msg[0] & 0xff;
+
+			if (type == Packets.SSH_MSG_IGNORE)
+			{
+				continue;
+			}
+
+			if (type == Packets.SSH_MSG_DEBUG)
+			{
+				if (log.isDebugEnabled())
+				{
+					TypesReader tr = new TypesReader(msg, 0, msglen);
+					tr.readByte();
+					tr.readBoolean();
+					StringBuilder debugMessageBuffer = new StringBuilder();
+					debugMessageBuffer.append(tr.readString("UTF-8"));
+
+					for (int i = 0; i < debugMessageBuffer.length(); i++)
+					{
+						char c = debugMessageBuffer.charAt(i);
+
+						if ((c >= 32) && (c <= 126))
+						{
+							continue;
+						}
+						debugMessageBuffer.setCharAt(i, '\uFFFD');
+					}
+
+					log.debug("DEBUG Message from remote: '" + debugMessageBuffer.toString() + "'");
+				}
+				continue;
+			}
+
+			if (type == Packets.SSH_MSG_UNIMPLEMENTED)
+			{
+				throw new IOException("Peer sent UNIMPLEMENTED message, that should not happen.");
+			}
+
+			if (type == Packets.SSH_MSG_DISCONNECT)
+			{
+				TypesReader tr = new TypesReader(msg, 0, msglen);
+				tr.readByte();
+				int reason_code = tr.readUINT32();
+				StringBuilder reasonBuffer = new StringBuilder();
+				reasonBuffer.append(tr.readString("UTF-8"));
+
+				/*
+				 * Do not get fooled by servers that send abnormal long error
+				 * messages
+				 */
+
+				if (reasonBuffer.length() > 255)
+				{
+					reasonBuffer.setLength(255);
+					reasonBuffer.setCharAt(254, '.');
+					reasonBuffer.setCharAt(253, '.');
+					reasonBuffer.setCharAt(252, '.');
+				}
+
+				/*
+				 * Also, check that the server did not send characters that may
+				 * screw up the receiver -> restrict to reasonable US-ASCII
+				 * subset -> "printable characters" (ASCII 32 - 126). Replace
+				 * all others with 0xFFFD (UNICODE replacement character).
+				 */
+
+				for (int i = 0; i < reasonBuffer.length(); i++)
+				{
+					char c = reasonBuffer.charAt(i);
+
+					if ((c >= 32) && (c <= 126))
+					{
+						continue;
+					}
+					reasonBuffer.setCharAt(i, '\uFFFD');
+				}
+
+				throw new IOException("Peer sent DISCONNECT message (reason code " + reason_code + "): "
+						+ reasonBuffer.toString());
+			}
+
+			/*
+			 * Is it a KEX Packet?
+			 */
+
+			if ((type == Packets.SSH_MSG_KEXINIT) || (type == Packets.SSH_MSG_NEWKEYS)
+					|| ((type >= 30) && (type <= 49)))
+			{
+				km.handleMessage(msg, msglen);
+				continue;
+			}
+
+			MessageHandler mh = null;
+
+			for (int i = 0; i < messageHandlers.size(); i++)
+			{
+				HandlerEntry he = messageHandlers.get(i);
+				if ((he.low <= type) && (type <= he.high))
+				{
+					mh = he.mh;
+					break;
+				}
+			}
+
+			if (mh == null)
+			{
+				throw new IOException("Unexpected SSH message (type " + type + ")");
+			}
+
+			mh.handleMessage(msg, msglen);
+		}
+	}
+}
diff --git a/src/main/java/ch/ethz/ssh2/util/StringEncoder.java b/src/main/java/ch/ethz/ssh2/util/StringEncoder.java
new file mode 100644
index 0000000..2dd9394
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/util/StringEncoder.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner.
+ * All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.util;
+
+import java.io.UnsupportedEncodingException;
+
+/**
+ * @author Christian Plattner
+ * @version $Id: StringEncoder.java 43 2011-06-21 18:34:06Z dkocher@sudo.ch $
+ */
+public class StringEncoder
+{
+	public static byte[] GetBytes(String data)
+	{
+        try {
+            return data.getBytes("UTF-8");
+        }
+        catch(UnsupportedEncodingException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+	public static String GetString(byte[] data)
+	{
+		return GetString(data, 0, data.length);
+	}
+
+	public static String GetString(byte[] data, int off, int len)
+	{
+        try {
+            return new String(data, off, len, "UTF-8");
+        }
+        catch(UnsupportedEncodingException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
diff --git a/src/main/java/ch/ethz/ssh2/util/TimeoutService.java b/src/main/java/ch/ethz/ssh2/util/TimeoutService.java
new file mode 100644
index 0000000..0bc9b5e
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/util/TimeoutService.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+
+package ch.ethz.ssh2.util;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.LinkedList;
+
+import ch.ethz.ssh2.log.Logger;
+
+/**
+ * TimeoutService (beta). Here you can register a timeout.
+ * <p>
+ * Implemented having large scale programs in mind: if you open many concurrent SSH connections
+ * that rely on timeouts, then there will be only one timeout thread. Once all timeouts
+ * have expired/are cancelled, the thread will (sooner or later) exit.
+ * Only after new timeouts arrive a new thread (singleton) will be instantiated.
+ * 
+ * @author Christian Plattner
+ * @version $Id: TimeoutService.java 41 2011-06-02 10:36:41Z dkocher@sudo.ch $
+ */
+public class TimeoutService
+{
+	private static final Logger log = Logger.getLogger(TimeoutService.class);
+
+	public static class TimeoutToken
+	{
+		private long runTime;
+		private Runnable handler;
+
+		private TimeoutToken(long runTime, Runnable handler)
+		{
+			this.runTime = runTime;
+			this.handler = handler;
+		}
+	}
+
+	private static class TimeoutThread extends Thread
+	{
+		@Override
+		public void run()
+		{
+			synchronized (todolist)
+			{
+				while (true)
+				{
+					if (todolist.size() == 0)
+					{
+						timeoutThread = null;
+						return;
+					}
+
+					long now = System.currentTimeMillis();
+
+					TimeoutToken tt = (TimeoutToken) todolist.getFirst();
+
+					if (tt.runTime > now)
+					{
+						/* Not ready yet, sleep a little bit */
+
+						try
+						{
+							todolist.wait(tt.runTime - now);
+						}
+						catch (InterruptedException ignored)
+						{
+						}
+
+						/* We cannot simply go on, since it could be that the token
+						 * was removed (cancelled) or another one has been inserted in
+						 * the meantime.
+						 */
+
+						continue;
+					}
+
+					todolist.removeFirst();
+
+					try
+					{
+						tt.handler.run();
+					}
+					catch (Exception e)
+					{
+						StringWriter sw = new StringWriter();
+						e.printStackTrace(new PrintWriter(sw));
+						log.warning("Exeception in Timeout handler:" + e.getMessage() + "(" + sw.toString() + ")");
+					}
+				}
+			}
+		}
+	}
+
+	/* The list object is also used for locking purposes */
+	private static final LinkedList<TimeoutToken> todolist = new LinkedList<TimeoutService.TimeoutToken>();
+
+	private static Thread timeoutThread = null;
+
+	/**
+	 * It is assumed that the passed handler will not execute for a long time.
+	 * 
+	 * @param runTime
+	 * @param handler
+	 * @return a TimeoutToken that can be used to cancel the timeout.
+	 */
+	public static TimeoutToken addTimeoutHandler(long runTime, Runnable handler)
+	{
+		TimeoutToken token = new TimeoutToken(runTime, handler);
+
+		synchronized (todolist)
+		{
+			todolist.add(token);
+
+			Collections.sort(todolist, new Comparator<TimeoutToken>()
+			{
+				public int compare(TimeoutToken o1, TimeoutToken o2)
+				{
+					if (o1.runTime > o2.runTime)
+						return 1;
+					if (o1.runTime == o2.runTime)
+						return 0;
+					return -1;
+				}
+			});
+
+			if (timeoutThread != null)
+				timeoutThread.interrupt();
+			else
+			{
+				timeoutThread = new TimeoutThread();
+				timeoutThread.setDaemon(true);
+				timeoutThread.start();
+			}
+		}
+
+		return token;
+	}
+
+	public static void cancelTimeoutHandler(TimeoutToken token)
+	{
+		synchronized (todolist)
+		{
+			todolist.remove(token);
+
+			if (timeoutThread != null)
+				timeoutThread.interrupt();
+		}
+	}
+
+}
diff --git a/src/main/java/ch/ethz/ssh2/util/Tokenizer.java b/src/main/java/ch/ethz/ssh2/util/Tokenizer.java
new file mode 100644
index 0000000..6665254
--- /dev/null
+++ b/src/main/java/ch/ethz/ssh2/util/Tokenizer.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+ * Please refer to the LICENSE.txt for licensing details.
+ */
+package ch.ethz.ssh2.util;
+
+/**
+ * Tokenizer. Why? Because StringTokenizer is not available in J2ME.
+ * 
+ * @author Christian Plattner
+ * @version 2.50, 03/15/10
+ */
+public class Tokenizer
+{
+	/**
+	 * Exists because StringTokenizer is not available in J2ME.
+	 * Returns an array with at least 1 entry.
+	 * 
+	 * @param source must be non-null
+	 * @param delimiter
+	 * @return an array of Strings
+	 */
+	public static String[] parseTokens(String source, char delimiter)
+	{
+		int numtoken = 1;
+
+		for (int i = 0; i < source.length(); i++)
+		{
+			if (source.charAt(i) == delimiter)
+				numtoken++;
+		}
+
+		String list[] = new String[numtoken];
+		int nextfield = 0;
+
+		for (int i = 0; i < numtoken; i++)
+		{
+			if (nextfield >= source.length())
+			{
+				list[i] = "";
+			}
+			else
+			{
+				int idx = source.indexOf(delimiter, nextfield);
+				if (idx == -1)
+					idx = source.length();
+				list[i] = source.substring(nextfield, idx);
+				nextfield = idx + 1;
+			}
+		}
+
+		return list;
+	}
+}
-- 
cgit v1.2.3


From 69da8ad84e9f5c49b90e7f44eef67553623afd80 Mon Sep 17 00:00:00 2001
From: Ying Wang <wangying@google.com>
Date: Fri, 13 Jan 2012 10:21:36 -0800
Subject: Build ganymed-ssh2 against the SDK.

So it can be built in an unbudled branch.

Change-Id: Iab227ab90e0b8deb8b822533e4638f20e7bbd84a
---
 Android.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Android.mk b/Android.mk
index 439bf71..2235483 100644
--- a/Android.mk
+++ b/Android.mk
@@ -22,6 +22,8 @@ LOCAL_SRC_FILES := $(call all-java-files-under,src)
 
 LOCAL_MODULE_TAGS := optional
 
+LOCAL_SDK_VERSION := 4
+
 LOCAL_MODULE:= ganymed-ssh2
 
 include $(BUILD_STATIC_JAVA_LIBRARY)
-- 
cgit v1.2.3