Skip to main content

sshcerts/
lib.rs

1//!
2//! The 'sshcerts` crate provides types and methods for parsing
3//! OpenSSH keys, and parsing, verifying, and creating SSH certificates.
4//!
5//! The following OpenSSH key types are supported.
6//!
7//! - RSA
8//! - ECDSA
9//! - ED25519
10//!
11//! The following OpenSSH certificate types are supported.
12//!
13//! - ssh-rsa-cert-v01@openssh.com
14//! - ecdsa-sha2-nistp256-cert-v01@openssh.com
15//! - ecdsa-sha2-nistp384-cert-v01@openssh.com
16//! - ssh-ed25519-cert-v01@openssh.com
17//!
18//! ### Why no ecdsa-sha2-nistp521-cert-v01@openssh.com?
19//! That curve is not supported on a standard yubikey nor in `ring`. This
20//! means I cannot implement any signing or verification routines. If this
21//! changes, I will update this crate with support.
22//!
23//! The crate also provides functionality for provision key slots on
24//! Yubikeys to handle signing operations. This is provided in the
25//! optional `yubikey` submodule
26//!
27
28#![deny(
29    anonymous_parameters,
30    missing_debug_implementations,
31    missing_docs,
32    nonstandard_style,
33    rust_2018_idioms,
34    single_use_lifetimes,
35    trivial_casts,
36    trivial_numeric_casts,
37    unreachable_pub,
38    unused_extern_crates,
39    unused_qualifications,
40    warnings
41)]
42
43/// The `sshcerts` error enum
44pub mod error;
45
46type Result<T> = std::result::Result<T, error::Error>;
47
48pub use ssh::{CertType, Certificate, PrivateKey, PublicKey};
49
50/// Functions or structs for dealing with SSH Certificates.
51/// Parsing, and creating certs happens here.
52pub mod ssh;
53
54/// Utility functions for dealing with SSH certificates, signatures
55/// or conversions
56pub mod utils;
57
58/// Functions for dealing with Yubikey signing.
59/// Also contains an SSH submodule containing helper functions to generate
60/// SSH encoded versions of it's normal functions.
61#[cfg(any(feature = "yubikey-lite", feature = "yubikey-support"))]
62pub mod yubikey;
63
64/// Contains some helper functions for pulling SSH public keys from x509
65/// certificates and CSRs. Is enabled whenever yubikey_support is enabled
66/// because some functionality is currently shared.
67#[cfg(any(feature = "x509-support", feature = "yubikey-support"))]
68pub mod x509;
69
70/// For dealing with FIDO/U2F tokens such as generating new SSH keys
71#[cfg(any(feature = "fido-lite", feature = "fido-support"))]
72pub mod fido;