cert

package

v0.0.0-...-5b89c6a Latest Latest Go to latest Published: Jun 12, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/lukegriffith/SSHTrust

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GenerateSSHKey(keyType KeyType, bits int) (ssh.Signer, error)
func SavePublicKey(signer ssh.Signer, filePath string) error
func SignUserKey(caSigner ssh.Signer, userPublicKey ssh.PublicKey, principals []string, ...) (*ssh.Certificate, error)
type CA
- func NewCA(name string, signer ssh.Signer, validPrincipals []string, bits, maxTtl int) CA
- func (c CA) CreateResponse() *CaResponse
type CaRequest
- func (c CaRequest) Validate() (error, bool)
type CaResponse
type CommonCa
type KeyType
type SignRequest
type SignResponse

Constants ¶

This section is empty.

Variables ¶

View Source

var InvalidKeyErr error = errors.New("unsupported key type")

Functions ¶

func GenerateSSHKey ¶

func GenerateSSHKey(keyType KeyType, bits int) (ssh.Signer, error)

GenerateSSHKey generates a new SSH keypair with a 4096-bit RSA private key

func SavePublicKey ¶

func SavePublicKey(signer ssh.Signer, filePath string) error

SavePublicKey saves the public key from the SSH signer to a file

func SignUserKey ¶

func SignUserKey(caSigner ssh.Signer, userPublicKey ssh.PublicKey, principals []string, ttlMinutes int) (*ssh.Certificate, error)

SignUserKey signs a user's public key using the CA private key. It returns a signed SSH certificate.

Types ¶

type CA ¶

type CA struct {
	Name            string
	Signer          ssh.Signer
	Bits            int
	MaxTTLMinutes   int
	ValidPrincipals []string
}

func NewCA ¶

func NewCA(name string, signer ssh.Signer, validPrincipals []string, bits, maxTtl int) CA

func (CA) CreateResponse ¶

func (c CA) CreateResponse() *CaResponse

type CaRequest ¶

type CaRequest struct {
	CommonCa
}

func (CaRequest) Validate ¶

func (c CaRequest) Validate() (error, bool)

type CaResponse ¶

type CaResponse struct {
	CommonCa
	// CA Public Key
	PublicKey string `json:"public_key"`
}

type CommonCa ¶

type CommonCa struct {
	// Name of CA
	Name string `json:"name"`
	// Type of ca, rsa, ed25519
	Type KeyType `json:"type"`
	// Key length
	Bits int `json:"bits"`
	// Maximum TTL certs can be signed for
	MaxTTLMinutes int `json:"max_ttl_minutes"`
	// List of Valid Principals
	ValidPrincipals []string `json:"valid_principals"`
}

type KeyType ¶

type KeyType string

const (
	RSAKey  KeyType = "ssh-rsa"
	ED25519 KeyType = "ssh-ed25519"
)

type SignRequest ¶

type SignRequest struct {
	// Public key material to be signed
	PublicKey string `json:"public_key"`
	// List of valid principals, usernames
	Principals []string `json:"principals"`
	// How long the certificate is valid for
	TTLMinutes int `json:"ttl_minutes"`
}

type SignResponse ¶

type SignResponse struct {
	// Signed certificate by the CA
	SignedKey string `json:"signed_key"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL