Struct SshSig

pub struct SshSig { /* private fields */ }

Available on crate feature alloc only.

sshsig provides a general-purpose signature format based on SSH keys and wire formats.

These signatures can be produced using ssh-keygen -Y sign. They’re encoded as PEM and begin with the following:

-----BEGIN SSH SIGNATURE-----

See PROTOCOL.sshsig for more information.

Usage

See PrivateKey::sign and PublicKey::verify for usage information.

Implementations

impl SshSig

pub const VERSION: u32 = 1u32

Supported version.

pub fn new( public_key: KeyData, namespace: impl Into<String>, hash_alg: HashAlg, signature: Signature, ) -> Result<Self>

Create a new signature with the given public key, namespace, hash algorithm, and signature.

pub fn from_pem(pem: impl AsRef<[u8]>) -> Result<Self>

Decode signature from PEM which begins with the following:

-----BEGIN SSH SIGNATURE-----

pub fn to_pem(&self, line_ending: LineEnding) -> Result<String>

Encode signature as PEM which begins with the following:

-----BEGIN SSH SIGNATURE-----

pub fn sign<S: SigningKey>( signing_key: &S, namespace: &str, hash_alg: HashAlg, msg: &[u8], ) -> Result<Self>

Sign the given message with the provided signing key.

See also: PrivateKey::sign.

pub fn signed_data( namespace: &str, hash_alg: HashAlg, msg: &[u8], ) -> Result<Vec<u8>>

Get the raw message over which the signature for a given message needs to be computed.

This is a low-level function intended for uses cases which can’t be expressed using SshSig::sign, such as if the SigningKey trait can’t be used for some reason.

Once a Signature has been computed over the returned byte vector, SshSig::new can be used to construct the final signature.

pub fn algorithm(&self) -> Algorithm

Get the signature algorithm.

pub fn version(&self) -> u32

Get version number for this signature.

Verifiers MUST reject signatures with versions greater than those they support.

pub fn public_key(&self) -> &KeyData

Get public key which corresponds to the signing key that produced this signature.

pub fn namespace(&self) -> &str

Get the namespace (i.e. domain identifier) for this signature.

The purpose of the namespace value is to specify a unambiguous interpretation domain for the signature, e.g. file signing. This prevents cross-protocol attacks caused by signatures intended for one intended domain being accepted in another. The namespace value MUST NOT be the empty string.

pub fn reserved(&self) -> &[u8]

Get reserved data associated with this signature. Typically empty.

The reserved value is present to encode future information (e.g. tags) into the signature. Implementations should ignore the reserved field if it is not empty.

pub fn hash_alg(&self) -> HashAlg

Get the hash algorithm used to produce this signature.

Data to be signed is first hashed with the specified hash_alg. This is done to limit the amount of data presented to the signature operation, which may be of concern if the signing key is held in limited or slow hardware or on a remote ssh-agent. The supported hash algorithms are “sha256” and “sha512”.

pub fn signature(&self) -> &Signature

Get the structured signature over the given message.

pub fn signature_bytes(&self) -> &[u8]

Get the bytes which comprise the serialized signature.

Trait Implementations

impl Clone for SshSig

fn clone(&self) -> SshSig

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SshSig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Decode for SshSig

type Error = Error

Type returned in the event of a decoding error.

fn decode(reader: &mut impl Reader) -> Result<Self>

Attempt to decode a value of this type using the provided Reader.

impl Encode for SshSig

fn encoded_len(&self) -> Result<usize>

Get the length of this type encoded in bytes, prior to Base64 encoding.

fn encode(&self, writer: &mut impl Writer) -> Result<()>

Encode this value using the provided Writer.

fn encoded_len_prefixed(&self) -> Result<usize, Error>

Return the length of this type after encoding when prepended with a uint32 length prefix.

fn encode_prefixed(&self, writer: &mut impl Writer) -> Result<(), Error>

Encode this value, first prepending a uint32 length prefix set to Encode::encoded_len.

impl FromStr for SshSig

type Err = Error

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<Self>

Parses a string s to return a value of this type.

impl PartialEq for SshSig

fn eq(&self, other: &SshSig) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PemLabel for SshSig

const PEM_LABEL: &'static str = "SSH SIGNATURE"

Expected PEM type label for a given document, e.g. "PRIVATE KEY"

fn validate_pem_label(actual: &str) -> Result<(), Error>

Validate that a given label matches the expected label.

impl ToString for SshSig

fn to_string(&self) -> String

Converts the given value to a String.

impl Eq for SshSig

impl StructuralPartialEq for SshSig