sshcerts 0.6.1

A library for parsing, verifying, and creating SSH Certificates
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

/// The SSH submodule contains functions relevant to SSH uses that are backed
/// by the Yubikey. This includes things like signing and SSH public key
/// export.
pub mod ssh;
/// Contains all the functions used for creating new keys, unlocking, and
/// managing the yubikey
pub mod management;

/// Errors when interacting with the Yubikey.
#[derive(Debug)]
pub enum Error {
    /// Generally this occurs when a slot is asked to return or process data
    /// when it has no certificate or private key.
    Unprovisioned,
    /// This occurs when the signature type requested does not match the key
    /// in the slot on the key
    WrongKeyType,
    /// This occurs when you try to use a feature that should technically work
    /// but is currently unimplemented or unsupported on the hardware connected.
    /// For example, RSA signing will currently throw this error.
    Unsupported,
    /// If you pass a management key into the provision function that does not
    /// deserialize from bytes, you will get this error.
    InvalidManagementKey,
    /// If you provide invalid bytes that cannot be converted from an x509 to
    /// a SSH key.
    ParsingError,
    /// The requested key could not be found connected to the system. It's
    /// possible it was removed while running.
    NoSuchYubikey,
    /// If the Yubikey throws an error we don't recognize, it's encapsulated
    /// and returned
    InternalYubiKeyError(String),
}

impl std::error::Error for Error {}

type Result<T> = std::result::Result<T, Error>;

// Re-export because it's used as a parameter in `sign_data`
pub use yubikey_piv::key::{AlgorithmId, RetiredSlotId, SlotId};

/// Structure to wrap a yubikey and abstract actions
pub struct Yubikey {
    yk: yubikey_piv::yubikey::YubiKey,
}

impl std::fmt::Debug for Yubikey {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        writeln!(f, "YubiKey: {}", self.yk.serial().to_string())
    }
}

impl From<yubikey_piv::error::Error> for Error {
    fn from(e: yubikey_piv::error::Error) -> Self {
        Error::InternalYubiKeyError(e.to_string())
    }
}

impl std::fmt::Display for Error {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match *self {
            Error::Unprovisioned => write!(f, "Slot is unprovisioned for signing"),
            Error::WrongKeyType => write!(f, "Wrong key type was provided for requested signing operation"),
            Error::Unsupported => write!(f, "This key is not supported the way you tried to use it"),
            Error::InvalidManagementKey => write!(f, "Could not use the management key as provided"),
            Error::ParsingError => write!(f, "Could not parse data"),
            Error::NoSuchYubikey => write!(f, "Could not find the requested Yubikey"),
            Error::InternalYubiKeyError(ref err) => write!(f, "Yubikey error: {}", err),
        }
    }
}