7c9505e35d
Memoize the public key so that we do not re-create it every time it is accessed
2023-08-03 21:01:22 -04:00
24e07071a1
Update comment to use bytes instead of bits.
2023-04-25 10:52:46 -04:00
9b29a3bc55
Handle diminished RSA signatures.
...
If an RSA signature length, in bytes, is less than the RSA modulus length, in bytes, prepend the signature with zeros.
OpenSSH supports diminished RSA signatures where "leading" zeros do not need to be explicitly encoded. This handles RSA signatures similarly to how OpenSSH handles them.
2023-04-24 13:06:24 -04:00
612f1ab34c
Change return type of PrivateKey::RSA.from_openssl
...
This PR updates the documentation comment to return an `OpenSSL::PKey::RSA` instance instead of `OpenSSL::PKey::DSA`
2023-03-29 17:22:54 -05:00
8dda472871
fix documentation typo
2023-03-26 06:58:52 -05:00
6fafd8c6dd
fix typos
2023-03-07 06:00:46 -06:00
bed8c96486
Use generate to construct key instead of mutating the PKEY instance for OpenSSL 3.0 compatibility
2023-01-05 18:18:51 -05:00
41e4e893dc
Prepare for 1.3.0 release
2022-01-21 10:40:12 -05:00
c78ca22f5b
Merge pull request #32 from github/update-ruby-tests
...
Support Ruby 3.1 and fix Q size to 160 bits
2022-01-05 12:24:54 -05:00
6e1bb8edfb
Fix DSA key generation to use a 160 Q bit value in Ruby 3.1 / OpenSSL 3.0.
2021-12-29 17:14:53 -05:00
5f3cbdfe45
Code review feedback.
...
* Move some things in to a more specific module for security keys.
* Comment on the security key defaults.
* Rework code so that flag checks are independent for security keys.
2021-12-29 11:58:57 -05:00
4233196772
Add support for SSHSIG with certificates
2021-12-19 15:50:58 -05:00
07d2424db4
Test various security key options
2021-12-19 12:36:00 -05:00
c16b90ac63
Support checking the sk_flags
2021-12-19 11:43:40 -05:00
b4b7cb649a
Remove re-check of hash algorithm since it's checked in initialize
2021-12-17 13:53:26 -05:00
0b1f519e5a
Rename hashalgorithm to hash_algorithm to match spec
2021-12-17 13:51:44 -05:00
d74f25829f
Fix decode_openssh_signature to respect offset
2021-12-17 13:47:24 -05:00
e0c24b2c39
Support SSHSIG and SK verification.
...
This adds support for OpenSSH SSHSIG signatures, used for signing
arbitrary payloads.
This also adds support for public-key verification from -SK algorithms
so that signatures from security keys can be verified. This enables
using security keys for SSHSIG, as well as using security keys as
SSH-cert CAs.
2021-12-13 11:07:22 -05:00
fd2ef08043
Bump version
...
Bump the version in preparation for a new release.
2021-12-02 10:37:34 -05:00
595d2d6dbe
Add doc comment and new line at EOF
2021-03-03 17:29:50 -05:00
be8023c9b4
Rename algos to follow consistency.
2021-03-03 14:20:04 -05:00
e7f046c9d4
Support ED25519 certificates.
2021-03-03 14:00:06 -05:00
3848df5516
Support SK-ECDSA leaf certificates
2021-03-03 14:00:05 -05:00
dde95a7de8
Support SK-ECDSA keys.
2021-03-03 14:00:03 -05:00
9c646e3c53
Support SK-ED25519 public key parsing.
2021-03-03 14:00:02 -05:00
e61f3987e8
bump version to 1.1.0
2019-08-08 10:11:03 -06:00
6f5025c3be
support for force-command and source-address critical options
2019-08-08 10:08:20 -06:00
55cd10009e
bump version to 1.0.0
2019-06-25 11:50:24 -06:00
2438cc9f7f
fail consistenly when ed25519 gem isn't loaded
2019-06-24 14:40:33 -06:00
ca0ab31b5d
bump version to 0.0.10
2019-06-10 15:56:10 -06:00
4fe3b7e155
parse PEM keys with empty passphrase
...
Otherwise OpenSSL tries prompting for a passphrase!
2019-06-10 15:46:21 -06:00
d19cb6f478
bump version to 0.0.9
2019-06-10 15:44:43 -06:00
8d95e57e34
sign certificates with RSA SH2 variants
2019-06-10 15:01:33 -06:00
49fe1f19e2
allow algo to be specified for signing
2019-06-10 15:01:14 -06:00
af65b722c1
support rsa-sha2 signatures
2019-06-10 14:53:39 -06:00
78dbb1b2d6
address feedback from @ptoomey3
2019-02-25 09:14:01 -07:00
8ee17d2716
helper for issuing certificates using private keys
2019-02-25 09:04:44 -07:00
214e2cbb23
helpers for generating private keys
2019-02-25 08:57:08 -07:00
689f9f9533
allow certificates to be signed by private keys
2019-02-21 17:36:36 -07:00
e46b72a533
allow private keys to sign
2019-02-21 17:19:15 -07:00
a9212976e1
calculate signed_data from serialized cert
2019-02-21 16:58:54 -07:00
cfc5029bfb
re-encode certificates back into openssh format
2019-02-21 16:27:00 -07:00
7fdb72a330
add methods for encoding more types
2019-02-21 15:52:26 -07:00
a2a17f9337
move some encoding logic out of the Certificate module
2019-02-21 13:45:26 -07:00
ce06217fed
rename PublicKey::Base#raw to #rfc4253
2019-02-21 12:10:40 -07:00
6c2bb0d568
add ALGOS constant to Certificate and PublicKey
2019-02-11 12:44:29 -07:00
ce0f60ee15
keep the old `parse` methods since those are being used currently
2019-02-11 12:22:01 -07:00
74e9910aa0
re-encode public keys back into authorized_keys format
2019-02-11 12:15:28 -07:00
f2a8716b15
rename PublicKey and Certificate `parse` methods `parse_openssh`
2019-02-11 12:06:20 -07:00
27ba7d8e09
fix some comments and variable names
2019-02-11 12:04:37 -07:00
Kevin Jones
Jesse Shawl
Ben Toews