ssh

package
v0.0.0-...-aa49ab7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2014 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

This package is a duplicate of 32844aa1ae54: https://code.google.com/p/go/source/browse/ssh/keys.go?repo=crypto

Index

Constants

View Source
const (
	CertAlgoRSAv01      = "ssh-rsa-cert-v01@openssh.com"
	CertAlgoDSAv01      = "ssh-dss-cert-v01@openssh.com"
	CertAlgoECDSA256v01 = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
	CertAlgoECDSA384v01 = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
	CertAlgoECDSA521v01 = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
)

These constants from [PROTOCOL.certkeys] represent the algorithm names for certificate types supported by this package.

View Source
const (
	UserCert = 1
	HostCert = 2
)

Certificate types are used to specify whether a certificate is for identification of a user or a host. Current identities are defined in [PROTOCOL.certkeys].

View Source
const (
	KeyAlgoRSA      = "ssh-rsa"
	KeyAlgoDSA      = "ssh-dss"
	KeyAlgoECDSA256 = "ecdsa-sha2-nistp256"
	KeyAlgoECDSA384 = "ecdsa-sha2-nistp384"
	KeyAlgoECDSA521 = "ecdsa-sha2-nistp521"
)

These constants represent the algorithm names for key types supported by this package.

Variables

This section is empty.

Functions

func MarshalAuthorizedKey

func MarshalAuthorizedKey(key PublicKey) []byte

MarshalAuthorizedKey returns a byte stream suitable for inclusion in an OpenSSH authorized_keys file following the format specified in the sshd(8) manual page.

func MarshalPublicKey

func MarshalPublicKey(key PublicKey) []byte

MarshalPublicKey serializes a supported key or certificate for use by the SSH wire protocol. It can be used for comparison with the pubkey argument of ServerConfig's PublicKeyCallback as well as for generating an authorized_keys or host_keys file.

Types

type CertTime

type CertTime uint64

CertTime represents an unsigned 64-bit time value in seconds starting from UNIX epoch. We use CertTime instead of time.Time in order to properly handle the "infinite" time value ^0, which would become negative when expressed as an int64.

func (CertTime) IsInfinite

func (ct CertTime) IsInfinite() bool

func (CertTime) Time

func (ct CertTime) Time() time.Time

type OpenSSHCertV01

type OpenSSHCertV01 struct {
	Nonce                   []byte
	Key                     PublicKey
	Serial                  uint64
	Type                    uint32
	KeyId                   string
	ValidPrincipals         []string
	ValidAfter, ValidBefore CertTime
	CriticalOptions         []tuple
	Extensions              []tuple
	Reserved                []byte
	SignatureKey            PublicKey
	Signature               *signature
}

An OpenSSHCertV01 represents an OpenSSH certificate as defined in [PROTOCOL.certkeys]?rev=1.8.

func (*OpenSSHCertV01) BytesForSigning

func (cert *OpenSSHCertV01) BytesForSigning() []byte

func (*OpenSSHCertV01) Marshal

func (cert *OpenSSHCertV01) Marshal() []byte

func (*OpenSSHCertV01) PrivateKeyAlgo

func (c *OpenSSHCertV01) PrivateKeyAlgo() string

func (*OpenSSHCertV01) PublicKeyAlgo

func (c *OpenSSHCertV01) PublicKeyAlgo() string

func (*OpenSSHCertV01) Verify

func (c *OpenSSHCertV01) Verify(data []byte, sig []byte) bool

type PublicKey

type PublicKey interface {
	// PrivateKeyAlgo returns the name of the encryption system.
	PrivateKeyAlgo() string

	// PublicKeyAlgo returns the algorithm for the public key,
	// which may be different from PrivateKeyAlgo for certificates.
	PublicKeyAlgo() string

	// Marshal returns the serialized key data in SSH wire format,
	// without the name prefix.  Callers should typically use
	// MarshalPublicKey().
	Marshal() []byte

	// Verify that sig is a signature on the given data using this
	// key. This function will hash the data appropriately first.
	Verify(data []byte, sigBlob []byte) bool
}

PublicKey is an abstraction of different types of public keys.

func NewPublicKey

func NewPublicKey(k interface{}) (PublicKey, error)

NewPublicKey takes a pointer to rsa, dsa or ecdsa PublicKey and returns a corresponding ssh PublicKey instance. EC keys should use P256, P384 or P521.

func ParseAuthorizedKey

func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, ok bool)

ParseAuthorizedKeys parses a public key from an authorized_keys file used in OpenSSH according to the sshd(8) manual page.

func ParsePublicKey

func ParsePublicKey(in []byte) (out PublicKey, rest []byte, ok bool)

ParsePublicKey parses an SSH public key formatted for use in the SSH wire protocol according to RFC 4253, section 6.6.

type Signer

type Signer interface {
	// PublicKey returns an associated PublicKey instance.
	PublicKey() PublicKey

	// Sign returns raw signature for the given data. This method
	// will apply the hash specified for the keytype to the data.
	Sign(rand io.Reader, data []byte) ([]byte, error)
}

A Signer is can create signatures that verify against a public key.

func NewSignerFromKey

func NewSignerFromKey(k interface{}) (Signer, error)

NewPrivateKey takes a pointer to rsa, dsa or ecdsa PrivateKey returns a corresponding Signer instance. EC keys should use P256, P384 or P521.

func ParsePrivateKey

func ParsePrivateKey(pemBytes []byte) (Signer, error)

ParsePublicKey parses a PEM encoded private key. It supports PKCS#1, RSA, DSA and ECDSA private keys.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL