ssh-x25519

command module

v0.0.0-...-8835153 Latest Latest Go to latest Published: Oct 29, 2021 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/arachsys/ssh-x25519

Links

Open Source Insights

README ¶

ssh-x22519
==========

The twisted Edwards curve used for Ed25519 signatures is birationally
equivalent to the Montgomery curve used for X25519. In Ed25519, the secret
scalar is half of the private key's SHA512 hash, whereas X25519 uses the
private key directly as a scalar. It is therefore straightforward to map
ssh-ed25519 keys into X25519 keys preserving keypair correspondence.

This tool is a simple command-line wrapper around the high-quality Go crypto
libraries to perform this conversion.

If ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub are matching ssh-ed25519
private and public keyfiles, the outputs of

  ssh-x25519 ~/.ssh/id_ed25519

and

  ssh-x25519 ~/.ssh/id_ed25519.pub

are matching 32-byte X25519 private and public keys respectively. Private
keys are cofactor multiples and invariant under RFC 7748 scalar clamping,
so are interoperable with both clamped and non-clamped key exchange.

When the supplied keyfile is encrypted, ssh-x25519 will prompt for the
passphrase in the usual way before attempting to extract the private key.


Rationale
---------

OpenSSH keys are ubiquitous for login authentication and use sensible modern
cryptography in their ssh-ed25519 incarnation. Recent OpenSSH also supports
data signatures with 'ssh-keygen -Y sign' and 'ssh-keygen -Y verify'. These
have now been adopted by git to sign commits as an alternative to OpenPGP,
which is showing its age in complexity and cryptographic eccentricity.

As their role expands to more general-purpose identification, it will become
increasingly convenient to use OpenSSH identities in contexts such as file
encryption or triple-DH exchange to establish a forward-secure session,
with simple, easy-to-audit X25519 libraries.

The ssh-x25519 tool was written in Go rather than C to take advantage of its
unusually comprehensive and well-maintained crypto libraries. These already
support parsing, extracting and transforming ssh-ed25519 keys, so only
minimal wrapper code is needed to provide a complete command-line interface.


Building and installing
-----------------------

To build the ssh-x25519 binary, run 'go build' in the source tree. To
install, copy it into a directory on your path. ssh-x25519 should compile
and run on any platform with Go 1.17 or later.

Please report any problems or bugs to Chris Webb <chris@arachsys.com>.


Copying
-------

ssh-x25519 was written by Chris Webb <chris@arachsys.com> and is distributed
as Free Software under the terms of the MIT license in COPYING.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

ssh-x25519.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL