Skip to main content

git_sshripped_ssh_agent_models/
lib.rs

1#![cfg_attr(feature = "fail-on-warnings", deny(warnings))]
2#![warn(clippy::all, clippy::pedantic, clippy::nursery, clippy::cargo)]
3#![allow(clippy::multiple_crate_versions)]
4
5/// An SSH-agent-wrapped repo key.
6///
7/// The key is encrypted using a symmetric key derived from an SSH agent
8/// signature over a random challenge. Only someone with access to the
9/// corresponding private key via the SSH agent can reproduce the signature
10/// and recover the repo key.
11#[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
12pub struct AgentWrappedKey {
13    /// Format version for forward compatibility.
14    pub version: u32,
15    /// SSH key fingerprint (e.g. `SHA256:...`) identifying the recipient.
16    pub fingerprint: String,
17    /// Base64-encoded 32-byte random challenge signed by the agent.
18    pub challenge: String,
19    /// Base64-encoded 12-byte nonce for `ChaCha20Poly1305`.
20    pub nonce: String,
21    /// Base64-encoded `ChaCha20Poly1305` ciphertext of the repo key.
22    pub encrypted_repo_key: String,
23}