Expand description
SSH private key support.
Support for decoding SSH private keys (i.e. digital signature keys) from the OpenSSH file format:
https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD
§Decrypting encrypted private keys
When the encryption feature of this crate is enabled, it’s possible to
decrypt keys which have been encrypted under a password:
use ssh_key::PrivateKey;
// WARNING: don't actually hardcode private keys in source code!!!
let encoded_key = r#"
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBKH96ujW
umB6/WnTNPjTeaAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAILM+rvN+ot98qgEN
796jTiQfZfG1KaT0PtFDJ/XFSqtiAAAAoFzvbvyFMhAiwBOXF0mhUUacPUCMZXivG2up2c
hEnAw1b6BLRPyWbY5cC2n9ggD4ivJ1zSts6sBgjyiXQAReyrP35myYvT/OIB/NpwZM/xIJ
N7MHSUzlkX4adBrga3f7GS4uv4ChOoxC4XsE5HsxtGsq1X8jzqLlZTmOcxkcEneYQexrUc
bQP0o+gL5aKK8cQgiIlXeDbRjqhc4+h4EF6lY=
-----END OPENSSH PRIVATE KEY-----
"#;
let encrypted_key = PrivateKey::from_openssh(encoded_key)?;
assert!(encrypted_key.is_encrypted());
// WARNING: don't hardcode passwords, and this one's bad anyway
let password = "hunter42";
let decrypted_key = encrypted_key.decrypt(password)?;
assert!(!decrypted_key.is_encrypted());§Encrypting plaintext private keys
When the encryption feature of this crate is enabled, it’s possible to
encrypt plaintext private keys under a provided password.
The example below also requires enabling this crate’s getrandom feature.
use ssh_key::{Algorithm, PrivateKey, rand_core::OsRng};
// Generate a random key
let unencrypted_key = PrivateKey::random(&mut OsRng, Algorithm::Ed25519)?;
// WARNING: don't hardcode passwords, and this one's bad anyway
let password = "hunter42";
let encrypted_key = unencrypted_key.encrypt(&mut OsRng, password)?;
assert!(encrypted_key.is_encrypted());§Generating random keys
This crate supports generation of random keys using algorithm-specific backends gated on cargo features.
The examples below require enabling this crate’s getrandom feature as
well as the crate feature identified in backticks in the title of each
example.
use ssh_key::{Algorithm, PrivateKey, rand_core::OsRng};
let private_key = PrivateKey::random(&mut OsRng, Algorithm::Ed25519)?;Re-exports§
pub use crate::SshSig;alloc
Structs§
- DsaKeypair
allocDigital Signature Algorithm (DSA) private/public keypair. - DsaPrivate
Key allocDigital Signature Algorithm (DSA) private key. - Ecdsa
Private Key ecdsaElliptic Curve Digital Signature Algorithm (ECDSA) private key. - Ed25519 private/public keypair.
- Ed25519 private key.
- Opaque
Keypair allocAn opaque keypair. - Opaque
Keypair Bytes allocThe underlying representation of anOpaqueKeypair. - An opaque private key.
- SSH private key.
- RsaKeypair
allocRSA private/public keypair. - RsaPrivate
Key allocRSA private key. - SkEcdsa
Sha2 Nist P256 allocandecdsaSecurity Key (FIDO/U2F) ECDSA/NIST P-256 private key as specified in PROTOCOL.u2f. - SkEd25519
allocSecurity Key (FIDO/U2F) Ed25519 private key as specified in PROTOCOL.u2f.
Enums§
- Ecdsa
Keypair ecdsaElliptic Curve Digital Signature Algorithm (ECDSA) private/public keypair. - Private key data: digital signature key pairs.