Expand description
SSH private key support.
Support for decoding SSH private keys (i.e. digital signature keys) from the OpenSSH file format:
https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD
§Decrypting encrypted private keys
When the encryption
feature of this crate is enabled, it’s possible to
decrypt keys which have been encrypted under a password:
use ssh_key::PrivateKey;
// WARNING: don't actually hardcode private keys in source code!!!
let encoded_key = r#"
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBKH96ujW
umB6/WnTNPjTeaAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAILM+rvN+ot98qgEN
796jTiQfZfG1KaT0PtFDJ/XFSqtiAAAAoFzvbvyFMhAiwBOXF0mhUUacPUCMZXivG2up2c
hEnAw1b6BLRPyWbY5cC2n9ggD4ivJ1zSts6sBgjyiXQAReyrP35myYvT/OIB/NpwZM/xIJ
N7MHSUzlkX4adBrga3f7GS4uv4ChOoxC4XsE5HsxtGsq1X8jzqLlZTmOcxkcEneYQexrUc
bQP0o+gL5aKK8cQgiIlXeDbRjqhc4+h4EF6lY=
-----END OPENSSH PRIVATE KEY-----
"#;
let encrypted_key = PrivateKey::from_openssh(encoded_key)?;
assert!(encrypted_key.is_encrypted());
// WARNING: don't hardcode passwords, and this one's bad anyway
let password = "hunter42";
let decrypted_key = encrypted_key.decrypt(password)?;
assert!(!decrypted_key.is_encrypted());
§Encrypting plaintext private keys
When the encryption
feature of this crate is enabled, it’s possible to
encrypt plaintext private keys under a provided password.
The example below also requires enabling this crate’s getrandom
feature.
use ssh_key::{Algorithm, PrivateKey, rand_core::OsRng};
// Generate a random key
let unencrypted_key = PrivateKey::random(&mut OsRng, Algorithm::Ed25519)?;
// WARNING: don't hardcode passwords, and this one's bad anyway
let password = "hunter42";
let encrypted_key = unencrypted_key.encrypt(&mut OsRng, password)?;
assert!(encrypted_key.is_encrypted());
§Generating random keys
This crate supports generation of random keys using algorithm-specific backends gated on cargo features.
The examples below require enabling this crate’s getrandom
feature as
well as the crate feature identified in backticks in the title of each
example.
use ssh_key::{Algorithm, PrivateKey, rand_core::OsRng};
let private_key = PrivateKey::random(&mut OsRng, Algorithm::Ed25519)?;
Structs§
- Digital Signature Algorithm (DSA) private/public keypair.
- Digital Signature Algorithm (DSA) private key.
- Elliptic Curve Digital Signature Algorithm (ECDSA) private key.
- Ed25519 private/public keypair.
- Ed25519 private key.
- SSH private key.
- RSA private/public keypair.
- RSA private key.
- Security Key (FIDO/U2F) ECDSA/NIST P-256 private key as specified in PROTOCOL.u2f.
- Security Key (FIDO/U2F) Ed25519 private key as specified in PROTOCOL.u2f.
Enums§
- Elliptic Curve Digital Signature Algorithm (ECDSA) private/public keypair.
- Private key data: digital signature key pairs.