Crate sshcerts[−][src]

The ’sshcerts` crate provides types and methods for parsing OpenSSH keys, and parsing, verifying, and creating SSH certificates.

The following OpenSSH key types are supported.

RSA
ECDSA
ED25519

The following OpenSSH certificate types are supported.

ssh-rsa-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ssh-ed25519-cert-v01@openssh.com

Why no ecdsa-sha2-nistp521-cert-v01@openssh.com?

That curve is not supported on a standard yubikey nor in ring. This means I cannot implement any signing or verification routines. If this changes, I will update this crate with support.

The crate also provides functionality for provision key slots on Yubikeys to handle signing operations. This is provided in the optional yubikey submodule

Modules

error	The `sshcerts` error enum
ssh	Functions or structs for dealing with SSH Certificates. Parsing, and creating certs happens here. This module is a heavily modified version of the `sshkeys` crate that adds certificate verification, and many other things to support that. The original licence for the code is in the source code provided
utils	Utility functions for dealing with SSH certificates, signatures or conversions

Structs

Certificate	A type which represents an OpenSSH certificate key. Please refer to [PROTOCOL.certkeys] for more details about OpenSSH certificates. [PROTOCOL.certkeys]: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
PrivateKey	A type which represents an OpenSSH public key.
PublicKey	A type which represents an OpenSSH public key.

Crate sshcerts⎘[−][src]

Why no ecdsa-sha2-nistp521-cert-v01@openssh.com?

Modules

Structs

Crate sshcerts[−][src]