agessh

package

v1.0.0-rc.3 Latest Latest Go to latest Published: Jun 15, 2021 License: BSD-3-Clause Imports: 14 Imported by: 29

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package agessh provides age.Identity and age.Recipient implementations of types "ssh-rsa" and "ssh-ed25519", which allow reusing existing SSH keys for encryption with age-encryption.org/v1.

These recipient types should only be used for compatibility with existing keys, and native X25519 keys should be preferred otherwise.

Note that these recipient types are not anonymous: the encrypted message will include a short 32-bit ID of the public key.

Index ¶

func ParseIdentity(pemBytes []byte) (age.Identity, error)
func ParseRecipient(s string) (age.Recipient, error)
type Ed25519Identity
- func NewEd25519Identity(key ed25519.PrivateKey) (*Ed25519Identity, error)
- func (i *Ed25519Identity) Recipient() age.Recipient
- func (i *Ed25519Identity) Unwrap(stanzas []*age.Stanza) ([]byte, error)
type Ed25519Recipient
- func NewEd25519Recipient(pk ssh.PublicKey) (*Ed25519Recipient, error)
- func (r *Ed25519Recipient) Wrap(fileKey []byte) ([]*age.Stanza, error)
type EncryptedSSHIdentity
- func NewEncryptedSSHIdentity(pubKey ssh.PublicKey, pemBytes []byte, passphrase func() ([]byte, error)) (*EncryptedSSHIdentity, error)
- func (i *EncryptedSSHIdentity) Recipient() age.Recipient
- func (i *EncryptedSSHIdentity) Unwrap(stanzas []*age.Stanza) (fileKey []byte, err error)
type RSAIdentity
- func NewRSAIdentity(key *rsa.PrivateKey) (*RSAIdentity, error)
- func (i *RSAIdentity) Recipient() age.Recipient
- func (i *RSAIdentity) Unwrap(stanzas []*age.Stanza) ([]byte, error)
type RSARecipient
- func NewRSARecipient(pk ssh.PublicKey) (*RSARecipient, error)
- func (r *RSARecipient) Wrap(fileKey []byte) ([]*age.Stanza, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ParseIdentity ¶

func ParseIdentity(pemBytes []byte) (age.Identity, error)

func ParseRecipient ¶

func ParseRecipient(s string) (age.Recipient, error)

Types ¶

type Ed25519Identity ¶

type Ed25519Identity struct {
	// contains filtered or unexported fields
}

func NewEd25519Identity ¶

func NewEd25519Identity(key ed25519.PrivateKey) (*Ed25519Identity, error)

func (*Ed25519Identity) Recipient ¶

func (i *Ed25519Identity) Recipient() age.Recipient

func (*Ed25519Identity) Unwrap ¶

func (i *Ed25519Identity) Unwrap(stanzas []*age.Stanza) ([]byte, error)

type Ed25519Recipient ¶

type Ed25519Recipient struct {
	// contains filtered or unexported fields
}

func NewEd25519Recipient ¶

func NewEd25519Recipient(pk ssh.PublicKey) (*Ed25519Recipient, error)

func (*Ed25519Recipient) Wrap ¶

func (r *Ed25519Recipient) Wrap(fileKey []byte) ([]*age.Stanza, error)

type EncryptedSSHIdentity ¶

type EncryptedSSHIdentity struct {
	// contains filtered or unexported fields
}

EncryptedSSHIdentity is an age.Identity implementation based on a passphrase encrypted SSH private key.

It requests the passphrase only if the public key matches a recipient stanza. If the application knows it will always have to decrypt the private key, it would be simpler to use ssh.ParseRawPrivateKeyWithPassphrase directly and pass the result to NewEd25519Identity or NewRSAIdentity.

func NewEncryptedSSHIdentity ¶

func NewEncryptedSSHIdentity(pubKey ssh.PublicKey, pemBytes []byte, passphrase func() ([]byte, error)) (*EncryptedSSHIdentity, error)

NewEncryptedSSHIdentity returns a new EncryptedSSHIdentity.

pubKey must be the public key associated with the encrypted private key, and it must have type "ssh-ed25519" or "ssh-rsa". For OpenSSH encrypted files it can be extracted from an ssh.PassphraseMissingError, otherwise it can often be found in ".pub" files.

pemBytes must be a valid input to ssh.ParseRawPrivateKeyWithPassphrase. passphrase is a callback that will be invoked by Unwrap when the passphrase is necessary.

func (*EncryptedSSHIdentity) Recipient ¶

func (i *EncryptedSSHIdentity) Recipient() age.Recipient

func (*EncryptedSSHIdentity) Unwrap ¶

func (i *EncryptedSSHIdentity) Unwrap(stanzas []*age.Stanza) (fileKey []byte, err error)

Unwrap implements age.Identity. If the private key is still encrypted, and any of the stanzas match the public key, it will request the passphrase. The decrypted private key will be cached after the first successful invocation.

type RSAIdentity ¶

type RSAIdentity struct {
	// contains filtered or unexported fields
}

func NewRSAIdentity ¶

func NewRSAIdentity(key *rsa.PrivateKey) (*RSAIdentity, error)

func (*RSAIdentity) Recipient ¶

func (i *RSAIdentity) Recipient() age.Recipient

func (*RSAIdentity) Unwrap ¶

func (i *RSAIdentity) Unwrap(stanzas []*age.Stanza) ([]byte, error)

type RSARecipient ¶

type RSARecipient struct {
	// contains filtered or unexported fields
}

func NewRSARecipient ¶

func NewRSARecipient(pk ssh.PublicKey) (*RSARecipient, error)

func (*RSARecipient) Wrap ¶

func (r *RSARecipient) Wrap(fileKey []byte) ([]*age.Stanza, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL