cryptography icon indicating copy to clipboard operation
cryptography copied to clipboard

Published 20 hours ago verified publisher icon pyca

Support SSH certificates

Open mjpieters opened this issue 4 years ago • 1 comments

Please add support for exposing all information contained in SSH certificates, as well as generating new keys.

Currently, the SSL public key loader does load, but then discard certificate information.

Can that information please be made available? Ideally, if you have the private key that was used to sign the public key, the ability to verify the signature would be invaluable.

And going in the other direction, please add support for generating such keys. That would require that you can create a SSH certificate object on which you can set a serial (arbitrary uint64), type (user or host), key id, principals, valid dates, critical options and extensions. Signing then only has to generate a nonce and signature to write back to disk.

mjpieters avatar Oct 22 '21 18:10 mjpieters

Golang has a nice implementation too by the way, in case you don't want to read OpenSSH code: https://pkg.go.dev/golang.org/x/crypto/ssh#Certificate

MarkusTeufelberger avatar Nov 01 '21 00:11 MarkusTeufelberger

Tracking:

  • [x] Vectors (#7984)
  • [x] Parser (#7960)
  • [x] Builder
  • [x] Deprecate DSA in existing code

There will also be some refactor PRs as we go, including #7982 and #7983.

reaperhulk avatar Jan 05 '23 09:01 reaperhulk

And we're done 😄

reaperhulk avatar Jan 15 '23 01:01 reaperhulk