Struct ssh_key::SshSig

source · 
pub struct SshSig { /* private fields */ }
Available on crate feature alloc only.
Expand description

sshsig provides a general-purpose signature format based on SSH keys and wire formats.

These signatures can be produced using ssh-keygen -Y sign. They’re encoded as PEM and begin with the following:

-----BEGIN SSH SIGNATURE-----

See PROTOCOL.sshsig for more information.

Implementations§

source§

impl SshSig

source

pub const VERSION: u32 = 1u32

Supported version.

source

pub fn new( public_key: KeyData, namespace: impl Into<String>, hash_alg: HashAlg, signature: Signature ) -> Result<Self>

Create a new signature with the given public key, namespace, hash algorithm, and signature.

source

pub fn from_pem(pem: impl AsRef<[u8]>) -> Result<Self>

Decode signature from PEM which begins with the following:

-----BEGIN SSH SIGNATURE-----
source

pub fn to_pem(&self, line_ending: LineEnding) -> Result<String>

Encode signature as PEM which begins with the following:

-----BEGIN SSH SIGNATURE-----
source

pub fn sign<S: SigningKey>( signing_key: &S, namespace: &str, hash_alg: HashAlg, msg: &[u8] ) -> Result<Self>

Sign the given message with the provided signing key.

source

pub fn signed_data( namespace: &str, hash_alg: HashAlg, msg: &[u8] ) -> Result<Vec<u8>>

Get the raw message over which the signature for a given message needs to be computed.

This is a low-level function intended for uses cases which can’t be expressed using SshSig::sign, such as if the SigningKey trait can’t be used for some reason.

Once a Signature has been computed over the returned byte vector, SshSig::new can be used to construct the final signature.

source

pub fn algorithm(&self) -> Algorithm

Get the signature algorithm.

source

pub fn version(&self) -> u32

Get version number for this signature.

Verifiers MUST reject signatures with versions greater than those they support.

source

pub fn public_key(&self) -> &KeyData

Get public key which corresponds to the signing key that produced this signature.

source

pub fn namespace(&self) -> &str

Get the namespace (i.e. domain identifier) for this signature.

The purpose of the namespace value is to specify a unambiguous interpretation domain for the signature, e.g. file signing. This prevents cross-protocol attacks caused by signatures intended for one intended domain being accepted in another. The namespace value MUST NOT be the empty string.

source

pub fn reserved(&self) -> &[u8]

Get reserved data associated with this signature. Typically empty.

The reserved value is present to encode future information (e.g. tags) into the signature. Implementations should ignore the reserved field if it is not empty.

source

pub fn hash_alg(&self) -> HashAlg

Get the hash algorithm used to produce this signature.

Data to be signed is first hashed with the specified hash_alg. This is done to limit the amount of data presented to the signature operation, which may be of concern if the signing key is held in limited or slow hardware or on a remote ssh-agent. The supported hash algorithms are “sha256” and “sha512”.

source

pub fn signature(&self) -> &Signature

Get the structured signature over the given message.

source

pub fn signature_bytes(&self) -> &[u8]

Get the bytes which comprise the serialized signature.

Trait Implementations§

source§

impl Clone for SshSig

source§

fn clone(&self) -> SshSig

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for SshSig

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Decode for SshSig

§

type Error = Error

Type returned in the event of a decoding error.
source§

fn decode(reader: &mut impl Reader) -> Result<Self>

Attempt to decode a value of this type using the provided Reader.
source§

impl Encode for SshSig

source§

fn encoded_len(&self) -> Result<usize>

Get the length of this type encoded in bytes, prior to Base64 encoding.
source§

fn encode(&self, writer: &mut impl Writer) -> Result<()>

Encode this value using the provided Writer.
source§

fn encoded_len_prefixed(&self) -> Result<usize, Error>

Return the length of this type after encoding when prepended with a uint32 length prefix.
source§

fn encode_prefixed(&self, writer: &mut impl Writer) -> Result<(), Error>

Encode this value, first prepending a uint32 length prefix set to Encode::encoded_len.
source§

impl FromStr for SshSig

§

type Err = Error

The associated error which can be returned from parsing.
source§

fn from_str(s: &str) -> Result<Self>

Parses a string s to return a value of this type. Read more
source§

impl PartialEq<SshSig> for SshSig

source§

fn eq(&self, other: &SshSig) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl PemLabel for SshSig

source§

const PEM_LABEL: &'static str = "SSH SIGNATURE"

Expected PEM type label for a given document, e.g. "PRIVATE KEY"
§

fn validate_pem_label(actual: &str) -> Result<(), Error>

Validate that a given label matches the expected label.
source§

impl ToString for SshSig

source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
source§

impl Eq for SshSig

source§

impl StructuralEq for SshSig

source§

impl StructuralPartialEq for SshSig

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> DecodePem for Twhere T: Decode + PemLabel,

source§

fn decode_pem(pem: impl AsRef<[u8]>) -> Result<T, <T as Decode>::Error>

Decode the provided PEM-encoded string, interpreting the Base64-encoded body of the document using the Decode trait.
source§

impl<T> EncodePem for Twhere T: Encode + PemLabel,

source§

fn encode_pem<'o>( &self, line_ending: LineEnding, out: &'o mut [u8] ) -> Result<&'o str, Error>

Encode this type using the Encode trait, writing the resulting PEM document into the provided out buffer.
source§

fn encode_pem_string(&self, line_ending: LineEnding) -> Result<String, Error>

Available on crate feature alloc only.
Encode this type using the Encode trait, writing the resulting PEM document to a returned String.
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for Twhere T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V