Skip to content
/ sshsig Public

Go implementation of the OpenSSH SSH Signature protocol. Sign and verify messages using SSH keys in Go.

License

Notifications You must be signed in to change notification settings

hiddeco/sshsig

Repository files navigation

sshsig

Go Reference Go Report Card

This Go library implements the SSHSIG wire protocol, and can be used to sign and verify messages using SSH keys.

Compared to other implementations, this library does all the following:

  • Accepts an io.Reader as input for signing and verifying messages.
  • Performs simple public key fingerprint and namespace mismatch checks in Verify. Malicious input will still fail signature verification, but this provides more useful error messages.
  • Properly uses ssh-sha2-512 as signature algorithm when signing with an RSA private key, as described in the protocol.
  • Does not accept a Sign operation without a namespace as specified in the protocol.
  • Allows Verify operations to be performed without a namespace, ensuring compatibility with loose implementations.
  • Provides Armor and Unarmor functions to encode/decode the signature to/from an (armored) PEM format.

For more information about the use of this library, see the Go Reference.

Acknowledgements

There are several other implementations of the SSHSIG protocol in Go, from which this library has borrowed ideas:

About

Go implementation of the OpenSSH SSH Signature protocol. Sign and verify messages using SSH keys in Go.

Topics

Resources

License

Stars

Watchers

Forks