Struct PublicKey

pub struct PublicKey { /* private fields */ }

SSH public key.

OpenSSH encoding

The OpenSSH encoding of an SSH public key looks like following:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILM+rvN+ot98qgEN796jTiQfZfG1KaT0PtFDJ/XFSqti user@example.com

It consists of the following three parts:

1. Algorithm identifier (in this example ssh-ed25519)
2. Key data encoded as Base64
3. Comment (optional): arbitrary label describing a key. Usually an email address

The PublicKey::from_openssh and PublicKey::to_openssh methods can be used to decode/encode public keys, or alternatively, the FromStr and ToString impls.

serde support

When the serde feature of this crate is enabled, this type receives impls of [Deserialize][serde::Deserialize] and [Serialize][serde::Serialize].

The serialization uses a binary encoding with binary formats like bincode and CBOR, and the OpenSSH string serialization when used with human-readable formats like JSON and TOML.

Note that since the comment is an artifact on the string serialization of a public key, it will be implicitly dropped when encoding as a binary format. To ensure it’s always preserved even when using binary formats, you will first need to convert the PublicKey to a string using e.g. PublicKey::to_openssh.

Implementations

impl PublicKey

pub fn new(key_data: KeyData, comment: impl Into<Comment>) -> PublicKey

Create a new public key with the given comment.

On no_std platforms, use PublicKey::from(key_data) instead.

pub fn from_openssh(public_key: &str) -> Result<PublicKey, Error>

Parse an OpenSSH-formatted public key.

OpenSSH-formatted public keys look like the following:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILM+rvN+ot98qgEN796jTiQfZfG1KaT0PtFDJ/XFSqti foo@bar.com

pub fn from_bytes(bytes: &[u8]) -> Result<PublicKey, Error>

Parse a raw binary SSH public key.

pub fn encode_openssh<'o>(&self, out: &'o mut [u8]) -> Result<&'o str, Error>

Encode OpenSSH-formatted public key.

pub fn to_openssh(&self) -> Result<String, Error>

Encode an OpenSSH-formatted public key, allocating a String for the result.

pub fn to_bytes(&self) -> Result<Vec<u8>, Error>

Serialize SSH public key as raw bytes.

pub fn verify( &self, namespace: &str, msg: &[u8], signature: &SshSig, ) -> Result<(), Error>

Verify the SshSig signature over the given message using this public key.

These signatures can be produced using ssh-keygen -Y sign. They’re encoded as PEM and begin with the following:

-----BEGIN SSH SIGNATURE-----

See PROTOCOL.sshsig for more information.

Usage

See also: [PrivateKey::sign].

use ssh_key::{PublicKey, SshSig};

// Message to be verified.
let message = b"testing";

// Example domain/namespace used for the message.
let namespace = "example";

// Public key which computed the signature.
let encoded_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILM+rvN+ot98qgEN796jTiQfZfG1KaT0PtFDJ/XFSqti user@example.com";

// Example signature to be verified.
let signature_str = r#"
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgsz6u836i33yqAQ3v3qNOJB9l8b
UppPQ+0UMn9cVKq2IAAAAHZXhhbXBsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQy
NTUxOQAAAEBPEav+tMGNnox4MuzM7rlHyVBajCn8B0kAyiOWwPKprNsG3i6X+voz/WCSik
/FowYwqhgCABUJSvRX3AERVBUP
-----END SSH SIGNATURE-----
"#;

let public_key = encoded_public_key.parse::<PublicKey>()?;
let signature = signature_str.parse::<SshSig>()?;
public_key.verify(namespace, message, &signature)?;

pub fn read_openssh_file(path: &Path) -> Result<PublicKey, Error>

Read public key from an OpenSSH-formatted file.

pub fn write_openssh_file(&self, path: &Path) -> Result<(), Error>

Write public key as an OpenSSH-formatted file.

pub fn algorithm(&self) -> Algorithm

Get the digital signature Algorithm used by this key.

pub fn comment(&self) -> &Comment

Comment on the key (e.g. email address).

pub fn key_data(&self) -> &KeyData

Public key data.

pub fn fingerprint(&self, hash_alg: HashAlg) -> Fingerprint

Compute key fingerprint.

Use Default::default() to use the default hash function (SHA-256).

pub fn set_comment(&mut self, comment: impl Into<Comment>)

Set the comment on the key.

Trait Implementations

impl Clone for PublicKey

fn clone(&self) -> PublicKey

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for PublicKey

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl From<&PrivateKey> for PublicKey

fn from(private_key: &PrivateKey) -> PublicKey

Converts to this type from the input type.

impl From<DsaPublicKey> for PublicKey

fn from(public_key: DsaPublicKey) -> PublicKey

Converts to this type from the input type.

impl From<Ed25519PublicKey> for PublicKey

fn from(public_key: Ed25519PublicKey) -> PublicKey

Converts to this type from the input type.

impl From<Entry> for PublicKey

fn from(entry: Entry) -> PublicKey

Converts to this type from the input type.

impl From<Entry> for PublicKey

fn from(entry: Entry) -> PublicKey

Converts to this type from the input type.

impl From<KeyData> for PublicKey

fn from(key_data: KeyData) -> PublicKey

Converts to this type from the input type.

impl From<PrivateKey> for PublicKey

fn from(private_key: PrivateKey) -> PublicKey

Converts to this type from the input type.

impl From<RsaPublicKey> for PublicKey

fn from(public_key: RsaPublicKey) -> PublicKey

Converts to this type from the input type.

impl From<SkEd25519> for PublicKey

fn from(public_key: SkEd25519) -> PublicKey

Converts to this type from the input type.

impl FromStr for PublicKey

type Err = Error

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<PublicKey, Error>

Parses a string s to return a value of this type.

impl Hash for PublicKey

fn hash<__H>(&self, state: &mut __H)

where __H: Hasher,

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl Ord for PublicKey

fn cmp(&self, other: &PublicKey) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized,

Restrict a value to a certain interval.

impl PartialEq for PublicKey

fn eq(&self, other: &PublicKey) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for PublicKey

fn partial_cmp(&self, other: &PublicKey) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl ToString for PublicKey

fn to_string(&self) -> String

Converts the given value to a String.

impl Verifier<Signature> for PublicKey

fn verify(&self, message: &[u8], signature: &Signature) -> Result<(), Error>

Use Self to verify that the provided signature for a given message bytestring is authentic.

impl Eq for PublicKey

impl StructuralPartialEq for PublicKey