PublicKey

ssh_key::public

Struct PublicKey 

Source 
pub struct PublicKey { /* private fields */ }
Expand description

SSH public key.

§OpenSSH encoding

The OpenSSH encoding of an SSH public key looks like following:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILM+rvN+ot98qgEN796jTiQfZfG1KaT0PtFDJ/XFSqti user@example.com

It consists of the following three parts:

  1. Algorithm identifier (in this example ssh-ed25519)
  2. Key data encoded as Base64
  3. Comment (optional): arbitrary label describing a key. Usually an email address

The PublicKey::from_openssh and PublicKey::to_openssh methods can be used to decode/encode public keys, or alternatively, the FromStr and ToString impls.

§serde support

When the serde feature of this crate is enabled, this type receives impls of Deserialize and Serialize.

The serialization uses a binary encoding with binary formats like bincode and CBOR, and the OpenSSH string serialization when used with human-readable formats like JSON and TOML.

Note that since the comment is an artifact on the string serialization of a public key, it will be implicitly dropped when encoding as a binary format. To ensure it’s always preserved even when using binary formats, you will first need to convert the PublicKey to a string using e.g. PublicKey::to_openssh.

Implementations§

Source§

impl PublicKey

Source

pub fn new(key_data: KeyData, comment: impl Into<Comment>) -> Self

Available on crate feature alloc only.

Create a new public key with the given comment.

On no_std platforms, use PublicKey::from(key_data) instead.

Source

pub fn from_openssh(public_key: &str) -> Result<Self>

Parse an OpenSSH-formatted public key.

OpenSSH-formatted public keys look like the following:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILM+rvN+ot98qgEN796jTiQfZfG1KaT0PtFDJ/XFSqti foo@bar.com
Source

pub fn from_bytes(bytes: &[u8]) -> Result<Self>

Parse a raw binary SSH public key.

Source

pub fn encode_openssh<'o>(&self, out: &'o mut [u8]) -> Result<&'o str>

Encode OpenSSH-formatted public key.

Source

pub fn to_openssh(&self) -> Result<String>

Available on crate feature alloc only.

Encode an OpenSSH-formatted public key, allocating a String for the result.

Source

pub fn to_bytes(&self) -> Result<Vec<u8>>

Available on crate feature alloc only.

Serialize SSH public key as raw bytes.

Source

pub fn verify( &self, namespace: &str, msg: &[u8], signature: &SshSig, ) -> Result<()>

Available on crate feature alloc only.

Verify the SshSig signature is valid the given message using this public key.

These signatures can be produced using ssh-keygen -Y sign. They’re encoded as PEM and begin with the following:

-----BEGIN SSH SIGNATURE-----

See PROTOCOL.sshsig for more information.

§Notes

This method loads the entire message has to be loaded into memory for verification. If loading the entire message into memory is a problem consider computing a Digest of the data first, and using PublicKey::verify_prehash.

§Usage

See also: PrivateKey::sign.

use ssh_key::{PublicKey, SshSig};

// Message to be verified.
let message = b"testing";

// Example domain/namespace used for the message.
let namespace = "example";

// Public key which computed the signature.
let encoded_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILM+rvN+ot98qgEN796jTiQfZfG1KaT0PtFDJ/XFSqti user@example.com";

// Example signature to be verified.
let signature_str = r#"
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgsz6u836i33yqAQ3v3qNOJB9l8b
UppPQ+0UMn9cVKq2IAAAAHZXhhbXBsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQy
NTUxOQAAAEBPEav+tMGNnox4MuzM7rlHyVBajCn8B0kAyiOWwPKprNsG3i6X+voz/WCSik
/FowYwqhgCABUJSvRX3AERVBUP
-----END SSH SIGNATURE-----
"#;

let public_key = encoded_public_key.parse::<PublicKey>()?;
let signature = signature_str.parse::<SshSig>()?;
public_key.verify(namespace, message, &signature)?;
Source

pub fn verify_digest<D: AssociatedHashAlg + Digest>( &self, namespace: &str, digest: D, signature: &SshSig, ) -> Result<()>

Available on crate feature alloc only.

Verify the SshSig signature is valid the given message Digest using this public key.

See PublicKey::verify for more information.

Source

pub fn verify_prehash( &self, namespace: &str, prehash: &[u8], signature: &SshSig, ) -> Result<()>

Available on crate feature alloc only.

Verify the SshSig signature matches the given prehashed message digest using this public key.

See PublicKey::verify for more information.

Source

pub fn read_openssh(reader: &mut impl Read) -> Result<Self>

Available on crate feature std only.

Read public key from an OpenSSH-formatted source.

Source

pub fn read_openssh_file(path: impl AsRef<Path>) -> Result<Self>

Available on crate feature std only.

Read public key from an OpenSSH-formatted file.

Source

pub fn write_openssh(&self, writer: &mut impl Write) -> Result<()>

Available on crate feature std only.

Write public key as an OpenSSH-formatted file.

Source

pub fn write_openssh_file(&self, path: impl AsRef<Path>) -> Result<()>

Available on crate feature std only.

Write public key as an OpenSSH-formatted file.

Source

pub fn algorithm(&self) -> Algorithm

Get the digital signature Algorithm used by this key.

Source

pub fn comment(&self) -> &Comment

Available on crate feature alloc only.

Comment on the key (e.g. email address).

Source

pub fn key_data(&self) -> &KeyData

Public key data.

Source

pub fn fingerprint(&self, hash_alg: HashAlg) -> Fingerprint

Compute key fingerprint.

Use Default::default() to use the default hash function (SHA-256).

Source

pub fn set_comment(&mut self, comment: impl Into<Comment>)

Available on crate feature alloc only.

Set the comment on the key.

Trait Implementations§

Source§

impl Clone for PublicKey

Source§

fn clone(&self) -> PublicKey

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PublicKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for PublicKey

Available on crate features alloc and serde only.
Source§

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl From<&PrivateKey> for PublicKey

Source§

fn from(private_key: &PrivateKey) -> PublicKey

Converts to this type from the input type.
Source§

impl From<&PublicKey> for KeyData

Source§

fn from(public_key: &PublicKey) -> KeyData

Converts to this type from the input type.
Source§

impl From<DsaPublicKey> for PublicKey

Available on crate feature alloc only.
Source§

fn from(public_key: DsaPublicKey) -> PublicKey

Converts to this type from the input type.
Source§

impl From<EcdsaPublicKey> for PublicKey

Available on crate feature ecdsa only.
Source§

fn from(public_key: EcdsaPublicKey) -> PublicKey

Converts to this type from the input type.
Source§

impl From<Ed25519PublicKey> for PublicKey

Source§

fn from(public_key: Ed25519PublicKey) -> PublicKey

Converts to this type from the input type.
Source§

impl From<Entry> for PublicKey

Source§

fn from(entry: Entry) -> PublicKey

Converts to this type from the input type.
Source§

impl From<Entry> for PublicKey

Available on crate feature alloc only.
Source§

fn from(entry: Entry) -> PublicKey

Converts to this type from the input type.
Source§

impl From<KeyData> for PublicKey

Source§

fn from(key_data: KeyData) -> PublicKey

Converts to this type from the input type.
Source§

impl From<PrivateKey> for PublicKey

Source§

fn from(private_key: PrivateKey) -> PublicKey

Converts to this type from the input type.
Source§

impl From<PublicKey> for Entry

Source§

fn from(public_key: PublicKey) -> Entry

Converts to this type from the input type.
Source§

impl From<PublicKey> for KeyData

Source§

fn from(public_key: PublicKey) -> KeyData

Converts to this type from the input type.
Source§

impl From<RsaPublicKey> for PublicKey

Available on crate feature alloc only.
Source§

fn from(public_key: RsaPublicKey) -> PublicKey

Converts to this type from the input type.
Source§

impl From<SkEcdsaSha2NistP256> for PublicKey

Available on crate feature ecdsa only.
Source§

fn from(public_key: SkEcdsaSha2NistP256) -> PublicKey

Converts to this type from the input type.
Source§

impl From<SkEd25519> for PublicKey

Source§

fn from(public_key: SkEd25519) -> PublicKey

Converts to this type from the input type.
Source§

impl FromStr for PublicKey

Source§

type Err = Error

The associated error which can be returned from parsing.
Source§

fn from_str(s: &str) -> Result<Self>

Parses a string s to return a value of this type. Read more
Source§

impl Hash for PublicKey

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl Ord for PublicKey

Source§

fn cmp(&self, other: &PublicKey) -> Ordering

This method returns an Ordering between self and other. Read more
1.21.0 · Source§

fn max(self, other: Self) -> Self
where Self: Sized,

Compares and returns the maximum of two values. Read more
1.21.0 · Source§

fn min(self, other: Self) -> Self
where Self: Sized,

Compares and returns the minimum of two values. Read more
1.50.0 · Source§

fn clamp(self, min: Self, max: Self) -> Self
where Self: Sized,

Restrict a value to a certain interval. Read more
Source§

impl PartialEq for PublicKey

Source§

fn eq(&self, other: &PublicKey) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl PartialOrd for PublicKey

Source§

fn partial_cmp(&self, other: &PublicKey) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl Serialize for PublicKey

Available on crate features alloc and serde only.
Source§

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl ToString for PublicKey

Available on crate feature alloc only.
Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl Verifier<Signature> for PublicKey

Available on crate feature alloc only.
Source§

fn verify(&self, message: &[u8], signature: &Signature) -> Result<()>

Use Self to verify that the provided signature for a given message bytestring is authentic. Read more
Source§

impl Eq for PublicKey

Source§

impl StructuralPartialEq for PublicKey

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,