Skip to content
Snippets Groups Projects
Commit d4085cc2 authored by David Cowden's avatar David Cowden
Browse files

keys: add method to load cert and encrypted key 

Consumers can now have the convenience of loading an openssh style key
and cert pair when the key is encrypted with a passphrase.
parent 2de209d4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 35 additions and 0 deletions
keys.go
+ 35
0
View file @ d4085cc2
...@@ -19,6 +19,15 @@ func LoadCertFromKeyFileOpenSSH(keypath string) (ssh.Signer, error) { ...@@ -19,6 +19,15 @@ func LoadCertFromKeyFileOpenSSH(keypath string) (ssh.Signer, error) {
return LoadCertFromFiles(keypath, certpath) return LoadCertFromFiles(keypath, certpath)
} }
// LoadCertFromKeyFileEncOpenSSH returns an ssh.Signer from the encrypted key
// stored at the given filesystem path with a public key that is the ssh
// certificate loaded from the file "<path>-cert.pub". This is how ssh-add looks
// for certs when adding keys to ssh-agent.
func LoadCertFromKeyFileEncOpenSSH(keypath string, pass []byte) (ssh.Signer, error) {
certpath := keypath + "-cert.pub"
return LoadCertFromFilesEnc(keypath, certpath, pass)
}
// LoadCertFromFiles returns an ssh.Signer with private key loaded from the // LoadCertFromFiles returns an ssh.Signer with private key loaded from the
// unecrypted path keypath and a public cert component loaded from certpath. // unecrypted path keypath and a public cert component loaded from certpath.
func LoadCertFromFiles(keypath, certpath string) (ssh.Signer, error) { func LoadCertFromFiles(keypath, certpath string) (ssh.Signer, error) {
...@@ -44,6 +53,32 @@ func LoadCertFromFiles(keypath, certpath string) (ssh.Signer, error) { ...@@ -44,6 +53,32 @@ func LoadCertFromFiles(keypath, certpath string) (ssh.Signer, error) {
return signer, nil return signer, nil
} }
// LoadCertFromFilesEnc returns an ssh.Signer with private key loaded from the
// ecrypted key at path keypath and a public cert component loaded from certpath.
func LoadCertFromFilesEnc(keypath, certpath string, pass []byte) (ssh.Signer, error) {
// Read host key from a file, parse using x/crypto/ssh.
kb, err := ioutil.ReadFile(keypath)
if err != nil {
return nil, err
}
key, err := ssh.ParsePrivateKeyWithPassphrase(kb, pass)
if err != nil {
return nil, err
}
cb, err := ioutil.ReadFile(certpath)
if err != nil {
return nil, err
}
pub, _, _, _, err := ssh.ParseAuthorizedKey(cb)
if err != nil {
return nil, err
}
cert := pub.(*ssh.Certificate)
signer, err := ssh.NewCertSigner(cert, key)
return signer, nil
}
// LoadKeyFromFile returns an ssh.Signer from the unencrypted key stored // LoadKeyFromFile returns an ssh.Signer from the unencrypted key stored
// at the given filesystem path. // at the given filesystem path.
func LoadKeyFromFile(path string) (ssh.Signer, error) { func LoadKeyFromFile(path string) (ssh.Signer, error) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

:feet::heart: Strive to be the person your dogs believe you are :heart::feet: