You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think it's worth checking out the possibility of reading and writing openssh private keys.
The original motivation of this library was to provide ssh key reading and writing for coreos-metadata and update-ssh-keys, and they only require public key management. I didn't include private key functionality at the time because I didn't want to have to deal with sensitive data.
There is a good argument that supporting private keys in the openssh format should be within the scope of this library though. Generally, these keys are handled in pairs, and providing that general functionality will expand the uses of this library beyond simple public key management.
Things to consider when making this -
library security. Is there some way for the information to leak where we don't want it to?
api security/usability. Should we provide functionality for the keys to be pulled apart, or should they be entirely opaque? How much should we hide from consumers of the library?
other key formats. Private keys have this worse than public keys in the ssh ecosystem. There are two competing formats - PEM and an SSH-specific key format apparently based on RFC 4716. I'm going to detail supporting other key formats in support reading and writing keys in additional formats #22.
The text was updated successfully, but these errors were encountered:
sdemos
changed the title
investigate reading and writing the private openssh key format
investigate reading and writing private openssh keys
May 1, 2018
I think it's worth checking out the possibility of reading and writing openssh private keys.
The original motivation of this library was to provide ssh key reading and writing for
coreos-metadata
andupdate-ssh-keys
, and they only require public key management. I didn't include private key functionality at the time because I didn't want to have to deal with sensitive data.There is a good argument that supporting private keys in the openssh format should be within the scope of this library though. Generally, these keys are handled in pairs, and providing that general functionality will expand the uses of this library beyond simple public key management.
Things to consider when making this -
The text was updated successfully, but these errors were encountered: