Crate sshcerts[][src]

The ’sshcerts` crate provides types and methods for parsing OpenSSH keys, and parsing, verifying, and creating SSH certificates.

The following OpenSSH key types are supported.

  • RSA
  • ED25519

The following OpenSSH certificate types are supported.


Why no

That curve is not supported on a standard yubikey nor in ring. This means I cannot implement any signing or verification routines. If this changes, I will update this crate with support.

The crate also provides functionality for provision key slots on Yubikeys to handle signing operations. This is provided in the optional yubikey submodule



The sshcerts error enum


Functions or structs for dealing with SSH Certificates. Parsing, and creating certs happens here. This module is a heavily modified version of the sshkeys crate that adds certificate verification, and many other things to support that. The original licence for the code is in the source code provided


Utility functions for dealing with SSH certificates, signatures or conversions



A type which represents an OpenSSH certificate key. Please refer to [PROTOCOL.certkeys] for more details about OpenSSH certificates. [PROTOCOL.certkeys]:


A type which represents an OpenSSH public key.


A type which represents an OpenSSH public key.