Module sshsig 

SSHSIG (OpenSSH file-signature) sign/verify.

Implements the wire format documented in PROTOCOL.sshsig: a PEM-armored blob bracketed by -----BEGIN SSH SIGNATURE----- / -----END SSH SIGNATURE----- carrying an algorithm, namespace, and the signed digest.

This is the same format git consumes when gpg.format = ssh, and what ssh-keygen -Y sign / ssh-keygen -Y verify emit and accept.

Examples

use std::io::Cursor;
use gitway_lib::keygen::{generate, KeyType};
use gitway_lib::sshsig::{sign, check_novalidate};
use ssh_key::HashAlg;

let key = generate(KeyType::Ed25519, None, "me@host").unwrap();
let mut msg = Cursor::new(b"hello world");
let armored = sign(&mut msg, &key, "git", HashAlg::Sha512).unwrap();

let mut verify_msg = Cursor::new(b"hello world");
check_novalidate(&mut verify_msg, &armored, "git").unwrap();

Structs

Verified

Result of a successful verify call.

Functions

check_novalidate

Verifies the cryptographic signature and namespace, but not the signer identity. This matches ssh-keygen -Y check-novalidate.

find_principals

Returns the principals in allowed that are authorized to sign with the public key embedded in armored_sig under namespace.

sign

Signs the bytes read from data using key under namespace, returning the PEM-armored signature string ready to write to stdout or a file.

verify

Verifies that armored_sig is a valid SSHSIG over the bytes read from data, in namespace, and that allowed authorizes signer_identity to sign with the embedded public key.