sshkeys

package

v0.2.0 Latest Latest Go to latest Published: Apr 17, 2023 License: BSD-3-Clause Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vanadium/core

Links

Open Source Insights

Documentation ¶

Overview ¶

Package sshkeys provides support for using ssh keys with the security/keys package, including private keys hosted within an ssh agent. In theory any ssh agent can be used, including those that use FIDO keys or other security enclaves (eg. Apple's T2) to store and sign keys.

Index ¶

Variables
func AgentSocketName(ctx context.Context) string
func ImportAgentHostedKeyBytes(keyBytes []byte) (publicKeyBytes, privateKeyBytes []byte, err error)
func MustRegister(r *keys.Registrar)
func Register(r *keys.Registrar) error
func WithAgentSocketName(ctx context.Context, socketName string) context.Context
type Client
- func NewClient() *Client
type HostedKey
- func NewHostedKey(key ssh.PublicKey, comment string, passphrase []byte) *HostedKey
- func NewHostedKeyFile(publicKeyFile string, passphrase []byte) (*HostedKey, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultSockNameFunc = func() string {
	return os.Getenv("SSH_AUTH_SOCK")
}

DefaultSockNameFunc can be overridden to return the address of a custom ssh agent to use instead of the one specified by SSH_AUTH_SOCK. This is primarily intended for tests.

Functions ¶

func AgentSocketName ¶

func AgentSocketName(ctx context.Context) string

AgentSocketName returns the socket name associated with the context or the return value of DefaultSockNameFunc() if there is no such socket name.

func ImportAgentHostedKeyBytes ¶

func ImportAgentHostedKeyBytes(keyBytes []byte) (publicKeyBytes, privateKeyBytes []byte, err error)

ImportAgentHostedPrivateKeyBytes returns the byte representation for an imported ssh public key and associated private key that is hosted in an ssh agent. The resulting private key representations is essentially a reference to the agent managed key.

func MustRegister ¶

func MustRegister(r *keys.Registrar)

MustRegister is like Register but panics on error.

func Register ¶

func Register(r *keys.Registrar) error

Register registers the required functions for handling ssh public and private key files as well ssh agent hosted private key files via the x/ref/security/keys package.

func WithAgentSocketName ¶

func WithAgentSocketName(ctx context.Context, socketName string) context.Context

WithAgentSocketName returns a context with the specified socket name. This is primarily intended for tests.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client represents an ssh agent client.

func NewClient ¶

func NewClient() *Client

NewClient returns a new instance of Client.

func (*Client) Close ¶

func (ac *Client) Close(ctx context.Context) error

Close implements signing.Service.

func (*Client) Lock ¶

func (ac *Client) Lock(ctx context.Context, passphrase []byte) error

Lock will lock the agent using the specified passphrase. Note that the passphrase is not zeroed on return.

func (*Client) Signer ¶

func (ac *Client) Signer(ctx context.Context, hostedKey *HostedKey) (sig security.Signer, err error)

Signer creates a new security.Signer for a private key that's hosted in the ssh agent.

func (*Client) Unlock ¶

func (ac *Client) Unlock(ctx context.Context, passphrase []byte) error

Unlock will unlock the agent using the specified passphrase.

type HostedKey ¶

type HostedKey struct {
	// contains filtered or unexported fields
}

HostededKey represents a private key hosted by an ssh agent.

func NewHostedKey ¶

func NewHostedKey(key ssh.PublicKey, comment string, passphrase []byte) *HostedKey

NewHostedKey creates a connection to the users ssh agent in order to use the private key corresponding to the supplied public for signing operations. The passphrase, if supplied, is used to unlock/lock the agent. Note that the passphrase for unlocking/locking the agent may also be obtained indirectly when the PEM encoding of the private key is parsed via keys.ParsePrivateKey for example. The passphrase is not zeroed.

func NewHostedKeyFile ¶

func NewHostedKeyFile(publicKeyFile string, passphrase []byte) (*HostedKey, error)

NewHostedKeyFile calls NewHostedKey with the contents of the specified file.

func (*HostedKey) Comment ¶

func (hk *HostedKey) Comment() string

Comment returns the comment associated with the original ssh public key.

func (*HostedKey) PublicKey ¶

func (hk *HostedKey) PublicKey() ssh.PublicKey

PublicKey returns the ssh.PublicKey associated with this sshagent hosted key.

func (*HostedKey) Signer ¶

func (hk *HostedKey) Signer(ctx context.Context) (security.Signer, error)

Signer returns a security.Signer that is hosted by an ssh agent. The returned signer will retain a copy of any passphrase in ctx and will zero that copy when it is itself garbage collected.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL