Crate sshcerts[−][src]
Expand description
The ’sshcerts` crate provides types and methods for parsing OpenSSH keys, and parsing, verifying, and creating SSH certificates.
The following OpenSSH key types are supported.
- RSA
- ECDSA
- ED25519
The following OpenSSH certificate types are supported.
- ssh-rsa-cert-v01@openssh.com
- ecdsa-sha2-nistp256-cert-v01@openssh.com
- ecdsa-sha2-nistp384-cert-v01@openssh.com
- ssh-ed25519-cert-v01@openssh.com
Why no ecdsa-sha2-nistp521-cert-v01@openssh.com?
That curve is not supported on a standard yubikey nor in ring
. This
means I cannot implement any signing or verification routines. If this
changes, I will update this crate with support.
The crate also provides functionality for provision key slots on
Yubikeys to handle signing operations. This is provided in the
optional yubikey
submodule
Modules
The sshcerts
error enum
Functions or structs for dealing with SSH Certificates.
Parsing, and creating certs happens here.
This module is a heavily modified version of the sshkeys
crate
that adds certificate verification, and many other things to
support that. The original licence for the code is in the source
code provided
Utility functions for dealing with SSH certificates, signatures or conversions
Structs
A type which represents an OpenSSH certificate key. Please refer to [PROTOCOL.certkeys] for more details about OpenSSH certificates. [PROTOCOL.certkeys]: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
A type which represents an OpenSSH public key.
A type which represents an OpenSSH public key.