Skip to content

Encrypted Private Key Support
Compare
Choose a tag to compare
@obelisk obelisk released this 09 Aug 16:22
· 16 commits to master since this release
v0.6.0
f288675

SSHCerts can now handle reading encrypted private keys encrypted with AES256-CTR + bcrypt (the current default). The API for reading private keys has remained the same so no updates should be required but there are now sister functions *_with_passphrase which will attempt decryption.

Calling a *_with_passphrase(2) will not fail if the key is unencrypted, the decryption routine will just not run.

Since supported encrypted keys required adding new dependencies and I'm trying to keep this as light as possible, encrypted key support is gated behind the option feature encrypted-keys.

Unlike rsa-signing, this is not a default feature.

Other Updates

  • There have also been a couple documentation updates
  • Key validation is more strict. It extracts the public key from the private key ensuring it matches the stated public key in the key file.
  • Abstraction around reading a private key in byte format. This is the same format ssh-agents use so you can now turn those into usable private keys.
Assets 2
Loading