Crates.io | ssh-key |
lib.rs | ssh-key |
version | 0.6.7 |
source | src |
created_at | 2021-11-18 18:11:23.400176 |
updated_at | 2024-10-15 20:25:42.275296 |
description | Pure Rust implementation of SSH key file format decoders/encoders as described in RFC4251/RFC4253 and OpenSSH key formats, as well as "sshsig" signatures and certificates (including certificate validation and certificate authority support), with further support for the `authorized_keys` and `known_hosts` file formats. |
homepage | |
repository | https://github.com/RustCrypto/SSH/tree/master/ssh-key |
max_upload_size | |
id | 484090 |
size | 463,170 |
Pure Rust implementation of SSH key file format decoders/encoders as described in RFC4251 and RFC4253 as well as OpenSSH's PROTOCOL.key format specification.
Additionally provides support for SSH signatures as described in
PROTOCOL.sshsig, OpenSSH certificates as specified in PROTOCOL.certkeys
including certificate validation and certificate authority (CA) support,
FIDO/U2F keys as specified in PROTOCOL.u2f (and certificates thereof), and
also the authorized_keys
and known_hosts
file formats.
Supports a minimal profile which works on heapless no_std
targets. See
"Supported algorithms" table below for which key formats work on heapless
targets and which algorithms require alloc
.
When the ed25519
, p256
, and/or rsa
features of this crate are enabled,
provides key generation and certificate signing/verification support for that
respective SSH key algorithm.
base64ct
/pem-rfc7468
cratesBEGIN OPENSSH PRIVATE KEY
)bcrypt-pbkdf
+ aes256-ctr
only)sk-*
) as specified in PROTOCOL.u2fno_std
support including support for "heapless" (no-alloc
) targetsauthorized_keys
filesknown_hosts
filesserde
supportzeroize
support for private keysName | Decode | Encode | Cert | Keygen | Sign | Verify | Feature | no_std |
---|---|---|---|---|---|---|---|---|
ecdsa‑sha2‑nistp256 |
✅ | ✅ | ✅ | ✅️ | ✅️ | ✅️ | p256 |
heapless |
ecdsa‑sha2‑nistp384 |
✅ | ✅ | ✅ | ✅️ | ✅️ | ✅️ | p384 |
heapless |
ecdsa‑sha2‑nistp521 |
✅ | ✅ | ✅ | ✅️️ | ✅️ ️ | ✅️️ | p521 |
heapless |
ssh‑dsa |
✅ | ✅ | ✅ | ✅ | ✅️ | ✅️ | dsa |
alloc ️ |
ssh‑ed25519 |
✅ | ✅ | ✅ | ✅️ | ✅️ | ✅ | ed25519 |
heapless |
ssh‑rsa |
✅ | ✅ | ✅ | ✅️ | ✅️ | ✅ | rsa |
alloc |
sk‑ecdsa‑sha2‑nistp256@openssh.com |
✅ | ✅ | ✅ | ⛔ | ⛔️ | ✅️ | ⛔ | alloc |
sk‑ssh‑ed25519@openssh.com |
✅ | ✅ | ✅ | ⛔ | ⛔️ | ✅️️ | ed25519 |
alloc |
By default no SSH signature algorithms are enabled and you will get an
Error::AlgorithmUnsupported
error if you try to use them.
Enable the crypto
feature or the "Feature" for specific algorithms in the
chart above (e.g. p256
, rsa
) in order to use cryptographic functionality.
The "Feature" column lists the name of ssh-key
crate features which can
be enabled to provide full support for the "Keygen", "Sign", and "Verify"
functionality for a particular SSH key algorithm.
This crate requires Rust 1.65 at a minimum.
We may change the MSRV in the future, but it will be accompanied by a minor version bump.
Licensed under either of:
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.