sshsig
Go implementation of the OpenSSH SSH Signature protocol. Sign and verify messages using SSH keys in Go.
APACHE-2.0 License
Stars
12
Ecosystems:
Go
sshsig
This Go library implements the SSHSIG wire protocol, and
can be used to sign and verify messages using SSH keys.
Compared to other implementations, this library does all the following:
- Accepts an
io.Readeras input for signing and verifying messages. - Performs simple public key fingerprint and namespace mismatch checks in
Verify. Malicious input will still fail signature verification, but this
provides more useful error messages. - Properly uses
ssh-sha2-512as signature algorithm when signing with an RSA
private key, as described in the protocol. - Does not accept a
Signoperation without anamespaceas specified in the
protocol. - Allows
Verifyoperations to be performed without anamespace, ensuring
compatibility with loose implementations. - Provides
ArmorandUnarmorfunctions to encode/decode the signature
to/from an (armored) PEM format.
For more information about the use of this library, see the Go Reference.
Acknowledgements
There are several other implementations of the SSHSIG protocol in Go, from
which this library has borrowed ideas:
- go-sshsig by Paul Tagliamonte
- Sigstore Rekor from the Sigstore project
Package Rankings
Top 12.18% on Proxy.golang.org
Badges
Extracted from project README
