Kevin Jones
7c9505e35d
Memoize the public key so that we do not re-create it every time it is accessed
2023-08-03 21:01:22 -04:00
Kevin Jones
24e07071a1
Update comment to use bytes instead of bits.
2023-04-25 10:52:46 -04:00
Kevin Jones
9b29a3bc55
Handle diminished RSA signatures.
...
If an RSA signature length, in bytes, is less than the RSA modulus length, in bytes, prepend the signature with zeros.
OpenSSH supports diminished RSA signatures where "leading" zeros do not need to be explicitly encoded. This handles RSA signatures similarly to how OpenSSH handles them.
2023-04-24 13:06:24 -04:00
Jesse Shawl
612f1ab34c
Change return type of PrivateKey::RSA.from_openssl
...
This PR updates the documentation comment to return an `OpenSSL::PKey::RSA` instance instead of `OpenSSL::PKey::DSA`
2023-03-29 17:22:54 -05:00
Jesse Shawl
8dda472871
fix documentation typo
2023-03-26 06:58:52 -05:00
Jesse Shawl
6fafd8c6dd
fix typos
2023-03-07 06:00:46 -06:00
Kevin Jones
bed8c96486
Use generate to construct key instead of mutating the PKEY instance for OpenSSL 3.0 compatibility
2023-01-05 18:18:51 -05:00
Kevin Jones
41e4e893dc
Prepare for 1.3.0 release
2022-01-21 10:40:12 -05:00
Kevin Jones
c78ca22f5b
Merge pull request #32 from github/update-ruby-tests
...
Support Ruby 3.1 and fix Q size to 160 bits
2022-01-05 12:24:54 -05:00
Kevin Jones
6e1bb8edfb
Fix DSA key generation to use a 160 Q bit value in Ruby 3.1 / OpenSSL 3.0.
2021-12-29 17:14:53 -05:00
Kevin Jones
5f3cbdfe45
Code review feedback.
...
* Move some things in to a more specific module for security keys.
* Comment on the security key defaults.
* Rework code so that flag checks are independent for security keys.
2021-12-29 11:58:57 -05:00
Kevin Jones
4233196772
Add support for SSHSIG with certificates
2021-12-19 15:50:58 -05:00
Kevin Jones
07d2424db4
Test various security key options
2021-12-19 12:36:00 -05:00
Kevin Jones
c16b90ac63
Support checking the sk_flags
2021-12-19 11:43:40 -05:00
Kevin Jones
b4b7cb649a
Remove re-check of hash algorithm since it's checked in initialize
2021-12-17 13:53:26 -05:00
Kevin Jones
0b1f519e5a
Rename hashalgorithm to hash_algorithm to match spec
2021-12-17 13:51:44 -05:00
Kevin Jones
d74f25829f
Fix decode_openssh_signature to respect offset
2021-12-17 13:47:24 -05:00
Kevin Jones
e0c24b2c39
Support SSHSIG and SK verification.
...
This adds support for OpenSSH SSHSIG signatures, used for signing
arbitrary payloads.
This also adds support for public-key verification from -SK algorithms
so that signatures from security keys can be verified. This enables
using security keys for SSHSIG, as well as using security keys as
SSH-cert CAs.
2021-12-13 11:07:22 -05:00
Kevin Jones
fd2ef08043
Bump version
...
Bump the version in preparation for a new release.
2021-12-02 10:37:34 -05:00
Kevin Jones
595d2d6dbe
Add doc comment and new line at EOF
2021-03-03 17:29:50 -05:00
Kevin Jones
be8023c9b4
Rename algos to follow consistency.
2021-03-03 14:20:04 -05:00
Kevin Jones
e7f046c9d4
Support ED25519 certificates.
2021-03-03 14:00:06 -05:00
Kevin Jones
3848df5516
Support SK-ECDSA leaf certificates
2021-03-03 14:00:05 -05:00
Kevin Jones
dde95a7de8
Support SK-ECDSA keys.
2021-03-03 14:00:03 -05:00
Kevin Jones
9c646e3c53
Support SK-ED25519 public key parsing.
2021-03-03 14:00:02 -05:00
Ben Toews
e61f3987e8
bump version to 1.1.0
2019-08-08 10:11:03 -06:00
Ben Toews
6f5025c3be
support for force-command and source-address critical options
2019-08-08 10:08:20 -06:00
Ben Toews
55cd10009e
bump version to 1.0.0
2019-06-25 11:50:24 -06:00
Ben Toews
2438cc9f7f
fail consistenly when ed25519 gem isn't loaded
2019-06-24 14:40:33 -06:00
Ben Toews
ca0ab31b5d
bump version to 0.0.10
2019-06-10 15:56:10 -06:00
Ben Toews
4fe3b7e155
parse PEM keys with empty passphrase
...
Otherwise OpenSSL tries prompting for a passphrase!
2019-06-10 15:46:21 -06:00
Ben Toews
d19cb6f478
bump version to 0.0.9
2019-06-10 15:44:43 -06:00
Ben Toews
8d95e57e34
sign certificates with RSA SH2 variants
2019-06-10 15:01:33 -06:00
Ben Toews
49fe1f19e2
allow algo to be specified for signing
2019-06-10 15:01:14 -06:00
Ben Toews
af65b722c1
support rsa-sha2 signatures
2019-06-10 14:53:39 -06:00
Ben Toews
78dbb1b2d6
address feedback from @ptoomey3
2019-02-25 09:14:01 -07:00
Ben Toews
8ee17d2716
helper for issuing certificates using private keys
2019-02-25 09:04:44 -07:00
Ben Toews
214e2cbb23
helpers for generating private keys
2019-02-25 08:57:08 -07:00
Ben Toews
689f9f9533
allow certificates to be signed by private keys
2019-02-21 17:36:36 -07:00
Ben Toews
e46b72a533
allow private keys to sign
2019-02-21 17:19:15 -07:00
Ben Toews
a9212976e1
calculate signed_data from serialized cert
2019-02-21 16:58:54 -07:00
Ben Toews
cfc5029bfb
re-encode certificates back into openssh format
2019-02-21 16:27:00 -07:00
Ben Toews
7fdb72a330
add methods for encoding more types
2019-02-21 15:52:26 -07:00
Ben Toews
a2a17f9337
move some encoding logic out of the Certificate module
2019-02-21 13:45:26 -07:00
Ben Toews
ce06217fed
rename PublicKey::Base#raw to #rfc4253
2019-02-21 12:10:40 -07:00
Ben Toews
6c2bb0d568
add ALGOS constant to Certificate and PublicKey
2019-02-11 12:44:29 -07:00
Ben Toews
ce0f60ee15
keep the old `parse` methods since those are being used currently
2019-02-11 12:22:01 -07:00
Ben Toews
74e9910aa0
re-encode public keys back into authorized_keys format
2019-02-11 12:15:28 -07:00
Ben Toews
f2a8716b15
rename PublicKey and Certificate `parse` methods `parse_openssh`
2019-02-11 12:06:20 -07:00
Ben Toews
27ba7d8e09
fix some comments and variable names
2019-02-11 12:04:37 -07:00