RustCrypto: SSH Keys and Certificates
About
Pure Rust implementation of SSH key file format decoders/encoders as described in RFC4251 and RFC4253 as well as OpenSSH's PROTOCOL.key format specification.
Additionally provides support for SSH signatures as described in
PROTOCOL.sshsig, OpenSSH certificates as specified in PROTOCOL.certkeys
including certificate validation and certificate authority (CA) support,
FIDO/U2F keys as specified in PROTOCOL.u2f (and certificates thereof), and
also the authorized_keys
and known_hosts
file formats.
Supports a minimal profile which works on heapless no_std
targets. See
"Supported algorithms" table below for which key formats work on heapless
targets and which algorithms require alloc
.
When the ed25519
, p256
, and/or rsa
features of this crate are enabled,
provides key generation and certificate signing/verification support for that
respective SSH key algorithm.
Features
- Constant-time Base64 decoder/encoder using
base64ct
/pem-rfc7468
crates - OpenSSH-compatible decoder/encoders for the following formats:
- OpenSSH public keys
- OpenSSH private keys (i.e.
BEGIN OPENSSH PRIVATE KEY
) - OpenSSH certificates
- OpenSSH signatures (a.k.a. "sshsig")
- OpenSSH certificate support
- OpenSSH certificate validation
- OpenSSH certificate authority (CA) support i.e. cert builder/signer
- Private key encryption/decryption (
bcrypt-pbkdf
+aes256-ctr
only) - Private key generation support: DSA, Ed25519, ECDSA (P-256/P-384/P-521), and RSA
- FIDO/U2F key support (
sk-*
) as specified in PROTOCOL.u2f - Fingerprint support
- "randomart" fingerprint visualizations
-
no_std
support including support for "heapless" (no-alloc
) targets - Parsing
authorized_keys
files - Parsing
known_hosts
files -
serde
support -
zeroize
support for private keys
TODO
- FIDO/U2F signature support
- Legacy (pre-OpenSSH) SSH key format support
- PKCS#1 SSH private keys (i.e. RSA-only)
- PKCS#8 SSH private keys
- RFC4716 SSH public keys
- SEC1 SSH public keys
Supported Signature Algorithms
Name | Decode | Encode | Cert | Keygen | Sign | Verify | Feature | no_std |
---|---|---|---|---|---|---|---|---|
ecdsa‑sha2‑nistp256 |
✅ | ✅ | ✅ | ✅️ | ✅️ | ✅️ | p256 |
heapless |
ecdsa‑sha2‑nistp384 |
✅ | ✅ | ✅ | ✅️ | ✅️ | ✅️ | p384 |
heapless |
ecdsa‑sha2‑nistp521 |
✅ | ✅ | ✅ | ✅️️ | ✅️ ️ | ✅️️ | p521 |
heapless |
ssh‑dsa |
✅ | ✅ | ✅ | ✅ | ✅️ | ✅️ | dsa |
alloc ️ |
ssh‑ed25519 |
✅ | ✅ | ✅ | ✅️ | ✅️ | ✅ | ed25519 |
heapless |
ssh‑rsa |
✅ | ✅ | ✅ | ✅️ | ✅️ | ✅ | rsa |
alloc |
sk‑ecdsa‑sha2‑nistp256@openssh.com |
✅ | ✅ | ✅ | ⛔ | ⛔️ | ✅️ | ⛔ | alloc |
sk‑ssh‑ed25519@openssh.com |
✅ | ✅ | ✅ | ⛔ | ⛔️ | ✅️️ | ed25519 |
alloc |
By default no SSH signature algorithms are enabled and you will get an
Error::AlgorithmUnsupported
error if you try to use them.
Enable the crypto
feature or the "Feature" for specific algorithms in the
chart above (e.g. p256
, rsa
) in order to use cryptographic functionality.
The "Feature" column lists the name of ssh-key
crate features which can
be enabled to provide full support for the "Keygen", "Sign", and "Verify"
functionality for a particular SSH key algorithm.
Minimum Supported Rust Version
This crate requires Rust 1.65 at a minimum.
We may change the MSRV in the future, but it will be accompanied by a minor version bump.
License
Licensed under either of:
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.