Struct sshcerts::Certificate [−][src]
pub struct Certificate {Show 16 fields
pub key_type: KeyType,
pub nonce: Vec<u8>,
pub key: PublicKey,
pub serial: u64,
pub cert_type: CertType,
pub key_id: String,
pub principals: Vec<String>,
pub valid_after: u64,
pub valid_before: u64,
pub critical_options: HashMap<String, String>,
pub extensions: HashMap<String, String>,
pub reserved: Vec<u8>,
pub signature_key: PublicKey,
pub signature: Vec<u8>,
pub comment: Option<String>,
pub serialized: Vec<u8>,
}Expand description
A type which represents an OpenSSH certificate key. Please refer to [PROTOCOL.certkeys] for more details about OpenSSH certificates. [PROTOCOL.certkeys]: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
Fields
key_type: KeyTypeType of key.
nonce: Vec<u8>Cryptographic nonce.
key: PublicKeyPublic key part of the certificate.
serial: u64Serial number of certificate.
cert_type: CertTypeRepresents the type of the certificate.
key_id: StringKey identity.
principals: Vec<String>The list of valid principals for the certificate.
valid_after: u64Time after which certificate is considered as valid.
valid_before: u64Time before which certificate is considered as valid.
critical_options: HashMap<String, String>Critical options of the certificate. Generally used to control features which restrict access.
extensions: HashMap<String, String>Certificate extensions. Extensions are usually used to enable features that grant access.
reserved: Vec<u8>The reserved field is currently unused and is ignored in this version of the protocol.
signature_key: PublicKeySignature key contains the CA public key used to sign the certificate.
signature: Vec<u8>Signature of the certificate.
comment: Option<String>Associated comment, if any.
serialized: Vec<u8>The entire serialized certificate, used for exporting
Implementations
Reads an OpenSSH certificate from a given path.
Example
let cert = Certificate::from_path("/path/to/id_ed25519-cert.pub").unwrap();
println!("{}", cert);Reads an OpenSSH certificate from a given string.
Example
use sshcerts::Certificate;
let cert = Certificate::from_string(concat!(
"ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGZlEWgv+aRvfJZiREMOKR0PVSTEstkuSeOyRgx",
"wI1v2AAAAIAwPJZIwmYs+W7WHNPneMUIAkQnBVw1LP0yQdfh7lT/S/v7+/v7+/v4AAAABAAAADG9iZWxpc2tAdGVzdAAAAAsAAAAHb2JlbGlzawAAAAAAAAAA///",
"///////8AAAAiAAAADWZvcmNlLWNvbW1hbmQAAAANAAAACS9iaW4vdHJ1ZQAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQ",
"tZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADM",
"AAAALc3NoLWVkMjU1MTkAAAAgXRsP8RFzML3wJDAqm2ENwOrRAHez5QqtcEpyBvwvniYAAABTAAAAC3NzaC1lZDI1NTE5AAAAQMo0Akv0eyr269StM2zBd0Alzjx",
"XAC6krgBQex2O31at8r550oCIelfgj8YwZIaXG9DmleP525LcseJ16Z8e5Aw= obelisk@exclave.lan"
)).unwrap();
println!("{:?}", cert);Create a new empty SSH certificate. Values must then be filled in using the mutator methods below.
Example
let ssh_pubkey = PublicKey::from_string("ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOhHAGJtT9s6zPW4OdQMzGbXEyj0ntkESrE1IZBgaCUSh9fWK1gRz+UJOcCB1JTC/kF2EPlwkX6XEpQToZl51oo= obelisk@exclave.lan").unwrap();
let cert = Certificate::builder(&ssh_pubkey, CertType::User, &ssh_pubkey).unwrap()
.serial(0xFEFEFEFEFEFEFEFE)
.key_id("key_id")
.principal("obelisk")
.valid_after(0)
.valid_before(0xFFFFFFFFFFFFFFFF)
.set_critical_options(CriticalOptions::None)
.set_extensions(Extensions::Standard)
.sign(test_signer);
match cert {
Ok(cert) => println!("{}", cert),
Err(e) => println!("Encountered an error while creating certificate: {}", e),
}Set the principals of the certificate
Set the initial validity time of the certificate
Set the expiry of the certificate
Add a critical option to the certificate
Set the critical options of the certificate
Add a critical option to the certificate
Set the critical options of the certificate
Set the critical options of the certificate