sshkeys

package module

v1.4.0 Latest Latest Go to latest Published: Mar 3, 2025 License: Apache-2.0 Imports: 15 Imported by: 40

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ScaleFT/sshkeys

Links

Open Source Insights

README ¶

sshkeys

sshkeys provides utilities for parsing and marshalling cryptographic keys used for SSH, in both cleartext and encrypted formats.

ssh.ParseRawPrivateKey only supports parsing a subset of the formats sshkeys supports, does not support parsing encrypted private keys, and does not support marshalling.

Supported Formats

OpenSSH's PROTOCOL.key for RSA and ED25519 keys.
OpenSSH version >= 7.6 using aes256-ctr encryption
"Classic" PEM containing RSA (PKCS#1), DSA (OpenSSL), and ECDSA private keys.

Documentation ¶

Index ¶

Variables
func Marshal(pk interface{}, opts *MarshalOptions) ([]byte, error)
func ParseEncryptedPrivateKey(data []byte, passphrase []byte) (ssh.Signer, error)
func ParseEncryptedRawPrivateKey(data []byte, passphrase []byte) (interface{}, error)
type Format
type MarshalOptions

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrIncorrectPassword = x509.IncorrectPasswordError

ErrIncorrectPassword is returned when the supplied passphrase was not correct for an encrypted private key.

Functions ¶

func Marshal ¶

func Marshal(pk interface{}, opts *MarshalOptions) ([]byte, error)

Marshal converts a private key into an optionally encrypted format.

func ParseEncryptedPrivateKey ¶

func ParseEncryptedPrivateKey(data []byte, passphrase []byte) (ssh.Signer, error)

ParseEncryptedPrivateKey returns a Signer from an encrypted private key. It supports the same keys as ParseEncryptedRawPrivateKey.

func ParseEncryptedRawPrivateKey ¶

func ParseEncryptedRawPrivateKey(data []byte, passphrase []byte) (interface{}, error)

ParseEncryptedRawPrivateKey returns a private key from an encrypted private key. It supports RSA (PKCS#1 or OpenSSH), DSA (OpenSSL), and ECDSA private keys.

ErrIncorrectPassword will be returned if the supplied passphrase is wrong, but some formats like RSA in PKCS#1 detecting a wrong passphrase is difficult, and other parse errors may be returned.

Types ¶

type Format ¶

type Format int

Format of private key to use when Marshaling.

const (
	// FormatOpenSSHv1 encodes a private key using OpenSSH's PROTOCOL.key format: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
	FormatOpenSSHv1 Format = iota
	// FormatClassicPEM encodes private keys in PEM, with a key-specific encoding, as used by OpenSSH.
	FormatClassicPEM
)

type MarshalOptions ¶

type MarshalOptions struct {
	// Passphrase to encrypt private key with, if nil, the key will not be encrypted.
	Passphrase []byte
	// Format to encode the private key in.
	Format Format
}

MarshalOptions provides the Marshal function format and encryption options.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL