Skip to content

Support importing OpenSSH public certificates#913

Open
salasebas wants to merge 1 commit into
Legrandin:masterfrom
salasebas:issue-843-openssh-certs
Open

Support importing OpenSSH public certificates#913
salasebas wants to merge 1 commit into
Legrandin:masterfrom
salasebas:issue-843-openssh-certs

Conversation

@salasebas

Copy link
Copy Markdown

Summary

  • Add support for importing OpenSSH public certificate lines such as ssh-rsa-cert-v01@openssh.com
  • Return the embedded public key as a regular RSA, DSA, ECDSA, or Ed25519 key
  • Validate the certificate wrapper enough to reject malformed, mismatched, truncated, or trailing-data inputs

Notes

This does not expose certificate metadata and does not verify CA signatures, principals, validity windows, critical options, or extensions. It only imports the embedded public key, matching the existing import_key() API shape.

Closes #843

Tests

  • PYTHONPATH=lib python3 -m Crypto.SelfTest.PublicKey.test_import_RSA
  • PYTHONPATH=lib python3 -m Crypto.SelfTest.PublicKey.test_import_DSA
  • PYTHONPATH=lib python3 -m Crypto.SelfTest.PublicKey.test_import_ECC
  • PYTHONPATH=lib:test_vectors python3 -m Crypto.SelfTest.PublicKey.test_import_RSA
  • PYTHONPATH=lib:test_vectors python3 -m Crypto.SelfTest.PublicKey.test_import_DSA
  • PYTHONPATH=lib:test_vectors python3 -m Crypto.SelfTest.PublicKey.test_import_ECC

Add parsing for OpenSSH public certificate lines and return the embedded RSA, DSA, ECDSA, or Ed25519 public key without exposing or verifying certificate metadata.

Refs Legrandin#843
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

support for openssh certificates

1 participant