agessh

package

v1.0.0-beta4 Latest Latest Go to latest Published: Jun 28, 2020 License: BSD-3-Clause Imports: 14 Imported by: 29

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package agessh provides age.Identity and age.Recipient implementations of types "ssh-rsa" and "ssh-ed25519", which allow reusing existing SSH key files for encryption with age-encryption.org/v1.

These should only be used for compatibility with existing keys, and native X25519 keys should be preferred otherwise.

Index ¶

func ParseIdentity(pemBytes []byte) (age.Identity, error)
func ParseRecipient(s string) (age.Recipient, error)
type Ed25519Identity
- func NewEd25519Identity(key ed25519.PrivateKey) (*Ed25519Identity, error)
- func (*Ed25519Identity) Type() string
- func (i *Ed25519Identity) Unwrap(block *age.Stanza) ([]byte, error)
type Ed25519Recipient
- func NewEd25519Recipient(pk ssh.PublicKey) (*Ed25519Recipient, error)
- func (*Ed25519Recipient) Type() string
- func (r *Ed25519Recipient) Wrap(fileKey []byte) (*age.Stanza, error)
type EncryptedSSHIdentity
- func NewEncryptedSSHIdentity(pubKey ssh.PublicKey, pemBytes []byte, passphrase func() ([]byte, error)) (*EncryptedSSHIdentity, error)
type RSAIdentity
- func NewRSAIdentity(key *rsa.PrivateKey) (*RSAIdentity, error)
- func (*RSAIdentity) Type() string
- func (i *RSAIdentity) Unwrap(block *age.Stanza) ([]byte, error)
type RSARecipient
- func NewRSARecipient(pk ssh.PublicKey) (*RSARecipient, error)
- func (*RSARecipient) Type() string
- func (r *RSARecipient) Wrap(fileKey []byte) (*age.Stanza, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ParseIdentity ¶

func ParseIdentity(pemBytes []byte) (age.Identity, error)

func ParseRecipient ¶

func ParseRecipient(s string) (age.Recipient, error)

Types ¶

type Ed25519Identity ¶

type Ed25519Identity struct {
	// contains filtered or unexported fields
}

func NewEd25519Identity ¶

func NewEd25519Identity(key ed25519.PrivateKey) (*Ed25519Identity, error)

func (*Ed25519Identity) Type ¶

func (*Ed25519Identity) Type() string

func (*Ed25519Identity) Unwrap ¶

func (i *Ed25519Identity) Unwrap(block *age.Stanza) ([]byte, error)

type Ed25519Recipient ¶

type Ed25519Recipient struct {
	// contains filtered or unexported fields
}

func NewEd25519Recipient ¶

func NewEd25519Recipient(pk ssh.PublicKey) (*Ed25519Recipient, error)

func (*Ed25519Recipient) Type ¶

func (*Ed25519Recipient) Type() string

func (*Ed25519Recipient) Wrap ¶

func (r *Ed25519Recipient) Wrap(fileKey []byte) (*age.Stanza, error)

type EncryptedSSHIdentity ¶

type EncryptedSSHIdentity struct {
	// contains filtered or unexported fields
}

EncryptedSSHIdentity is an age.IdentityMatcher implementation based on a passphrase encrypted SSH private key.

It provides public key based matching and deferred decryption so the passphrase is only requested if necessary. If the application knows it will unconditionally have to decrypt the private key, it would be simpler to use ssh.ParseRawPrivateKeyWithPassphrase directly and pass the result to NewEd25519Identity or NewRSAIdentity.

func NewEncryptedSSHIdentity ¶

func NewEncryptedSSHIdentity(pubKey ssh.PublicKey, pemBytes []byte, passphrase func() ([]byte, error)) (*EncryptedSSHIdentity, error)

NewEncryptedSSHIdentity returns a new EncryptedSSHIdentity.

pubKey must be the public key associated with the encrypted private key, and it must have type "ssh-ed25519" or "ssh-rsa". For OpenSSH encrypted files it can be extracted from an ssh.PassphraseMissingError, otherwise in can often be found in ".pub" files.

pemBytes must be a valid input to ssh.ParseRawPrivateKeyWithPassphrase. passphrase is a callback that will be invoked by Unwrap when the passphrase is necessary.

func (*EncryptedSSHIdentity) Match ¶

func (i *EncryptedSSHIdentity) Match(block *age.Stanza) error

Match implements age.IdentityMatcher without decrypting the private key, to ensure the passphrase is only obtained if necessary.

func (*EncryptedSSHIdentity) Type ¶

func (i *EncryptedSSHIdentity) Type() string

Type returns the type of the underlying private key, "ssh-ed25519" or "ssh-rsa".

func (*EncryptedSSHIdentity) Unwrap ¶

func (i *EncryptedSSHIdentity) Unwrap(block *age.Stanza) (fileKey []byte, err error)

Unwrap implements age.Identity. If the private key is still encrypted, it will request the passphrase. The decrypted private key will be cached after the first successful invocation.

type RSAIdentity ¶

type RSAIdentity struct {
	// contains filtered or unexported fields
}

func NewRSAIdentity ¶

func NewRSAIdentity(key *rsa.PrivateKey) (*RSAIdentity, error)

func (*RSAIdentity) Type ¶

func (*RSAIdentity) Type() string

func (*RSAIdentity) Unwrap ¶

func (i *RSAIdentity) Unwrap(block *age.Stanza) ([]byte, error)

type RSARecipient ¶

type RSARecipient struct {
	// contains filtered or unexported fields
}

func NewRSARecipient ¶

func NewRSARecipient(pk ssh.PublicKey) (*RSARecipient, error)

func (*RSARecipient) Type ¶

func (*RSARecipient) Type() string

func (*RSARecipient) Wrap ¶

func (r *RSARecipient) Wrap(fileKey []byte) (*age.Stanza, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL