RubyGems - sshkey - Versions diffs - 1.1.3 → 1.2.0 - Mend

sshkey 1.1.3 → 1.2.0

Files changed (6) hide show

data/README.md ADDED

@@ -0,0 +1,67 @@
+sshkey
+======
+Generate private/public SSH keys using Ruby without the `ssh-keygen` system command.
+	gem install sshkey
+Tested on the following Rubies: MRI 1.8.7 and 1.9.2, Rubinius, JRuby.  Ruby must be compiled with OpenSSL support.
+Usage
+-----
+Generate an SSH RSA Keypair with foo@bar.com as the comment - providing a comment is optional
+``` ruby
+k = SSHKey.generate(:comment => "foo@bar.com")
+```
+Generate an SSH DSA Keypair with foo@bar.com as the comment - providing a comment is optional
+``` ruby
+k = SSHKey.generate(:type => "dsa", :comment => "foo@bar.com")
+```
+Return an SSHKey object from an existing RSA Private Key (provided as a string)
+``` ruby
+k = SSHKey.new(File.read("~/.ssh/id_rsa"), :comment => "foo@bar.com")
+```
+Both of these will return an SSHKey object with the following methods:
+``` ruby
+# Returns an OpenSSL::PKey::RSA or OpenSSL::PKey::DSA key object
+# See http://www.ruby-doc.org/stdlib/libdoc/openssl/rdoc/classes/OpenSSL/PKey/RSA.html
+k.key_object
+# => -----BEGIN RSA PRIVATE KEY-----\nMIIEowI...
+# Returns the Private Key as a string
+k.private_key
+# => "-----BEGIN RSA PRIVATE KEY-----\nMIIEowI..."
+# Returns the Public Key as a string
+k.public_key
+# => "-----BEGIN RSA PUBLIC KEY-----\nMIIBCg..."
+# Returns the SSH Public Key as a string
+k.ssh_public_key
+# => "ssh-rsa AAAAB3NzaC1yc2EA...."
+# Returns the comment as a string
+k.comment
+# => "foo@bar.com"
+# Returns the fingerprint as a string
+k.fingerprint
+# => "2a:89:84:c9:29:05:d1:f8:49:79:1c:ba:73:99:eb:af"
+# Validates SSH Public Key
+SSHKey.valid? "ssh-rsa AAAAB3NzaC1yc2EA...."
+# => true
+```
+Copyright
+---------
+Copyright (c) 2011 James Miller

data/lib/sshkey.rb CHANGED

@@ -3,28 +3,97 @@ require 'base64'
 require 'digest/md5'
 class SSHKey
+  SSH_TYPES      = {"rsa" => "ssh-rsa", "dsa" => "ssh-dss"}
+  SSH_CONVERSION = {"rsa" => ["e", "n"], "dsa" => ["p", "q", "g", "pub_key"]}
+  attr_reader :key_object, :comment, :type
   def self.generate(options = {})
-    SSHKey.new(OpenSSL::PKey::RSA.generate(2048).to_pem, options)
+    type = options[:type] || "rsa"
+    case type
+    when "rsa" then SSHKey.new(OpenSSL::PKey::RSA.generate(2048).to_pem, options)
+    when "dsa" then SSHKey.new(OpenSSL::PKey::DSA.generate(2048).to_pem, options)
+    else
+      raise "Unknown key type #{type}"
+    end
   end
-  attr_reader :key_object, :comment
+  def self.valid?(ssh_key)
+    ssh_type, encoded_key = ssh_key.split(" ")
+    type = SSH_TYPES.invert[ssh_type]
+    prefix = [0,0,0,7].pack("C*")
+    decoded = Base64.decode64(encoded_key)
+    # Base64 decoding is too permissive, so we should validate if encoding is correct
+    return false unless Base64.encode64(decoded).gsub("\n", "") == encoded_key
+    return false unless decoded.sub!(/^#{prefix}#{ssh_type}/, "")
+    unpacked = decoded.unpack("C*")
+    data = []
+    index = 0
+    until unpacked[index].nil?
+      datum_size = from_byte_array unpacked[index..index+4-1], 4
+      index = index + 4
+      datum = from_byte_array unpacked[index..index+datum_size-1], datum_size
+      data << datum
+      index = index + datum_size
+    end
+    SSH_CONVERSION[type].size == data.size
+  rescue
+    false
+  end
+  def self.from_byte_array(byte_array, expected_size = nil)
+    num = 0
+    raise "Byte array too short" if !expected_size.nil? && expected_size != byte_array.size
+    byte_array.reverse.each_with_index do |item, index|
+      num += item * 256**(index)
+    end
+    num
+  end
   def initialize(private_key, options = {})
-    @key_object = OpenSSL::PKey::RSA.new(private_key)
-    @comment    = options[:comment] || ""
+    begin
+      @key_object = OpenSSL::PKey::RSA.new(private_key)
+      @type = "rsa"
+    rescue
+      @key_object = OpenSSL::PKey::DSA.new(private_key)
+      @type = "dsa"
+    end
+    @comment = options[:comment] || ""
   end
-  def rsa_private_key
+  def private_key
     key_object.to_pem
   end
-  def rsa_public_key
+  def public_key
     key_object.public_key.to_pem
   end
+  ########################
+  # Backward compatibility
+  def rsa_private_key
+    private_key if type == "rsa"
+  end
+  def rsa_public_key
+    public_key if type == "rsa"
+  end
+  def dsa_private_key
+    private_key if type == "dsa"
+  end
+  def dsa_public_key
+    public_key if type == "dsa"
+  end
+  ########################
   def ssh_public_key
-    ["ssh-rsa", Base64.encode64(ssh_public_key_conversion).gsub("\n", ""), @comment].join(" ").strip
+    [SSH_TYPES[type], Base64.encode64(ssh_public_key_conversion).gsub("\n", ""), comment].join(" ").strip
   end
   def fingerprint
@@ -41,15 +110,14 @@ class SSHKey
   # For instance, the "ssh-rsa" string is encoded as the following byte array
   # [0, 0, 0, 7, 's', 's', 'h', '-', 'r', 's', 'a']
   def ssh_public_key_conversion
-    e = @key_object.public_key.e.to_i
-    n = @key_object.public_key.n.to_i
+    out = [0,0,0,7].pack("C*")
+    out += SSH_TYPES[type]
-    out = [0,0,0,7].pack("c*")
-    out += "ssh-rsa"
-    out += encode_unsigned_int_32(to_byte_array(e).length).pack("c*")
-    out += to_byte_array(e).pack("c*")
-    out += encode_unsigned_int_32(to_byte_array(n).length).pack("c*")
-    out += to_byte_array(n).pack("c*")
+    SSH_CONVERSION[type].each do |method|
+      byte_array = to_byte_array(key_object.public_key.send(method).to_i)
+      out += encode_unsigned_int_32(byte_array.length).pack("c*")
+      out += byte_array.pack("C*")
+    end
     return out
   end
@@ -71,4 +139,5 @@ class SSHKey
     end until (num == 0 || num == -1) && (result.last[7] == num[7])
     result.reverse
   end
 end

data/lib/sshkey/version.rb CHANGED

@@ -1,3 +1,3 @@
 class SSHKey
-  VERSION = "1.1.3"
+  VERSION = "1.2.0"
 end

data/test/sshkey_test.rb CHANGED

@@ -59,28 +59,52 @@ NOAVAoGACIdfR5oZ4tvNIeqjtLF83HmUJARv86eMmjqgiQTFcZS3A8vk5y05STxX
 HU3kTCfT6sypRi9zDQafIIyqYFgaOezr2eRRFRojQZqzHjtuFUeKLrKf7R9bzwwx
 DPlNgYq8p4FOY5ZOL/ZOxUHW4vKRewURJttnxzw+LEy0T1FyAE0=
 -----END RSA PRIVATE KEY-----
+EOF
+  SSH_PRIVATE_KEY3 = <<-EOF
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQC8lcuXcFcIC9wsV87L6PAwYefKgK0CwTSD1v3/aabZsu4w+UF8
+zsPtdsNP8+JWfOp3KFbrUTH+ODgAXF/aL4UZfpbsQe446ZFV8v6dmWqj23sk0FLX
+U5l2tsuJ9OdyXetVXjBvoiz+/r4k/iG/esvWlVGEHwq5eYXgQ1GfXABY3QIVAMVe
+c7skmkUrCR6iivgZYYe3PQPZAoGBAKnpdEVATtDGOW9w2evSf5kc1InzdTurcJOH
+q9qYdCaa8rlMGaIS6XFWcKqBlpj0Mv2R5ldW90bU/RllGvh1KinTIRVTsf4qtZIV
+Xy4vN8IYzDL1493nKndMsxsRh50rI1Snn2tssAix64eJ5VFSGlyOYEKYDMlWzHK6
+Jg3tVmc6AoGBAIwTRPAEcroqOzaebiVspFcmsXxDQ4wXQZQdho1ExW6FKS8s7/6p
+ItmZYXTvJDwLXgq2/iK1fRRcKk2PJEaSuJR7WeNGsJKfWmQ2UbOhqA3wWLDazIZt
+cMKjFzD0hM4E8qgjHjMvKDE6WgT6SFP+tqx3nnh7pJWwsbGjSMQexpyRAhQLhz0l
+GzM8qwTcXd06uIZAJdTHIQ==
+-----END DSA PRIVATE KEY-----
 EOF
   SSH_PUBLIC_KEY1 = 'AAAAB3NzaC1yc2EAAAABIwAAAQEArfTA/lKVR84IMc9ZzXOCHr8DVtR8hzWuEVHF6KElavRHlk14g0SZu3m908Ejm/XF3EfNHjX9wN+62IMA0QBxkBMFCuLF+U/oeUs0NoDdAEKxjj4n6lq6Ss8aLct+anMy7D1jwvOLbcwV54w1d5JDdlZVdZ6AvHm9otwJq6rNpDgdmXY4HgC2nM9csFpuy0cDpL6fdJx9lcNL2RnkRC4+RMsIB+PxDw0j3vDi04dYLBXMGYjyeGH+mIFpL3PTPXGXwL2XDYXZ2H4SQX6bOoKmazTXq6QXuEB665njh1GxXldoIMcSshoJL0hrk3WrTOG22N2CQA+IfHgrXJ+A+QUzKQ=='
   SSH_PUBLIC_KEY2 = 'AAAAB3NzaC1yc2EAAAABIwAAAQEAxl6TpN7uFiY/JZ8qDnD7UrxDP+ABeh2PVg8Du1LEgXNk0+YWCeP5S6oHklqaWeDlbmAs1oHsBwCMAVpMa5tgONOLvz4JgwgkiqQEbKR8ofWJ+LADUElvqRVGmGiNEMLI6GJWeneL4sjmbb8d6U+M53c6iWG0si9XE5m7teBQSsCl0Tk3qMIkQGw5zpJeCXjZ8KpJhIJRYgexFkGgPlYRV+UYIhxpUW90t0Ra5i6JOFYwq98k5S/6SJIZQ/A9F4JNzwLw3eVxZj0yVHWxkGz1+TyELNY1kOyMxnZaqSfGzSQJTrnIXpdweVHuYh1LtOgedRQhCyiELeSMGwio1vRPKw=='
+  SSH_PUBLIC_KEY3 = 'AAAAB3NzaC1kc3MAAACBALyVy5dwVwgL3CxXzsvo8DBh58qArQLBNIPW/f9pptmy7jD5QXzOw+12w0/z4lZ86ncoVutRMf44OABcX9ovhRl+luxB7jjpkVXy/p2ZaqPbeyTQUtdTmXa2y4n053Jd61VeMG+iLP7+viT+Ib96y9aVUYQfCrl5heBDUZ9cAFjdAAAAFQDFXnO7JJpFKwkeoor4GWGHtz0D2QAAAIEAqel0RUBO0MY5b3DZ69J/mRzUifN1O6twk4er2ph0JpryuUwZohLpcVZwqoGWmPQy/ZHmV1b3RtT9GWUa+HUqKdMhFVOx/iq1khVfLi83whjMMvXj3ecqd0yzGxGHnSsjVKefa2ywCLHrh4nlUVIaXI5gQpgMyVbMcromDe1WZzoAAACBAIwTRPAEcroqOzaebiVspFcmsXxDQ4wXQZQdho1ExW6FKS8s7/6pItmZYXTvJDwLXgq2/iK1fRRcKk2PJEaSuJR7WeNGsJKfWmQ2UbOhqA3wWLDazIZtcMKjFzD0hM4E8qgjHjMvKDE6WgT6SFP+tqx3nnh7pJWwsbGjSMQexpyR'
   KEY1_FINGERPRINT = "2a:89:84:c9:29:05:d1:f8:49:79:1c:ba:73:99:eb:af"
   KEY2_FINGERPRINT = "3c:af:74:87:cc:cc:a1:12:05:1a:09:b7:7b:ce:ed:ce"
+  KEY3_FINGERPRINT = "14:f6:6a:12:96:be:44:32:e6:3c:77:43:94:52:f5:7a"
   def setup
     @key1 = SSHKey.new(SSH_PRIVATE_KEY1, :comment => "me@example.com")
     @key2 = SSHKey.new(SSH_PRIVATE_KEY2, :comment => "me@example.com")
+    @key3 = SSHKey.new(SSH_PRIVATE_KEY3, :comment => "me@example.com")
     @key_without_comment = SSHKey.new(SSH_PRIVATE_KEY1)
   end
   def test_private_key1
+    assert_equal SSH_PRIVATE_KEY1, @key1.private_key
     assert_equal SSH_PRIVATE_KEY1, @key1.rsa_private_key
   end
   def test_private_key2
+    assert_equal SSH_PRIVATE_KEY2, @key2.private_key
     assert_equal SSH_PRIVATE_KEY2, @key2.rsa_private_key
   end
+  def test_private_key3
+    assert_equal SSH_PRIVATE_KEY3, @key3.private_key
+    assert_equal SSH_PRIVATE_KEY3, @key3.dsa_private_key
+  end
   def test_ssh_public_key_decoded1
     assert_equal Base64.decode64(SSH_PUBLIC_KEY1), @key1.send(:ssh_public_key_conversion)
   end
@@ -89,6 +113,10 @@ EOF
     assert_equal Base64.decode64(SSH_PUBLIC_KEY2), @key2.send(:ssh_public_key_conversion)
   end
+  def test_ssh_public_key_decoded3
+    assert_equal Base64.decode64(SSH_PUBLIC_KEY3), @key3.send(:ssh_public_key_conversion)
+  end
   def test_ssh_public_key_encoded1
     assert_equal SSH_PUBLIC_KEY1, Base64.encode64(@key1.send(:ssh_public_key_conversion)).gsub("\n", "")
   end
@@ -97,13 +125,42 @@ EOF
     assert_equal SSH_PUBLIC_KEY2, Base64.encode64(@key2.send(:ssh_public_key_conversion)).gsub("\n", "")
   end
+  def test_ssh_public_key_encoded3
+    assert_equal SSH_PUBLIC_KEY3, Base64.encode64(@key3.send(:ssh_public_key_conversion)).gsub("\n", "")
+  end
   def test_ssh_public_key_output
     expected1 = "ssh-rsa #{SSH_PUBLIC_KEY1} me@example.com"
     expected2 = "ssh-rsa #{SSH_PUBLIC_KEY2} me@example.com"
-    expected3 = "ssh-rsa #{SSH_PUBLIC_KEY1}"
+    expected3 = "ssh-dss #{SSH_PUBLIC_KEY3} me@example.com"
+    expected4 = "ssh-rsa #{SSH_PUBLIC_KEY1}"
     assert_equal expected1, @key1.ssh_public_key
     assert_equal expected2, @key2.ssh_public_key
-    assert_equal expected3, @key_without_comment.ssh_public_key
+    assert_equal expected3, @key3.ssh_public_key
+    assert_equal expected4, @key_without_comment.ssh_public_key
+  end
+  def test_ssh_public_key_validation
+    expected1 = "ssh-rsa #{SSH_PUBLIC_KEY1} me@example.com"
+    expected2 = "ssh-rsa #{SSH_PUBLIC_KEY2} me@example.com"
+    expected3 = "ssh-dss #{SSH_PUBLIC_KEY3} me@example.com"
+    expected4 = "ssh-rsa #{SSH_PUBLIC_KEY1}"
+    invalid1  = "ssh-rsa #{SSH_PUBLIC_KEY1}= me@example.com"
+    invalid2  = "ssh-rsa #{SSH_PUBLIC_KEY2}= me@example.com"
+    invalid3  = "ssh-dss #{SSH_PUBLIC_KEY3}= me@example.com"
+    invalid4  = "ssh-rsa A#{SSH_PUBLIC_KEY1}"
+    invalid5  = "ssh-rsa #{SSH_PUBLIC_KEY3} me@example.com"
+    assert SSHKey.valid?(expected1)
+    assert SSHKey.valid?(expected2)
+    assert SSHKey.valid?(expected3)
+    assert SSHKey.valid?(expected4)
+    assert !SSHKey.valid?(invalid1)
+    assert !SSHKey.valid?(invalid2)
+    assert !SSHKey.valid?(invalid3)
+    assert !SSHKey.valid?(invalid4)
+    assert !SSHKey.valid?(invalid5)
   end
   def test_exponent
@@ -119,6 +176,7 @@ EOF
   def test_fingerprint
     assert_equal KEY1_FINGERPRINT, @key1.fingerprint
     assert_equal KEY2_FINGERPRINT, @key2.fingerprint
+    assert_equal KEY3_FINGERPRINT, @key3.fingerprint
   end
   def test_to_byte_array

metadata CHANGED

@@ -2,7 +2,7 @@
 name: sshkey
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 1.1.3
+  version: 1.2.0
 platform: ruby
 authors:
 - James Miller
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-05-12 00:00:00 -07:00
+date: 2011-06-02 00:00:00 -07:00
 default_executable:
 dependencies: []
@@ -27,7 +27,7 @@ files:
 - .gitignore
 - Gemfile
 - LICENSE
-- README.rdoc
+- README.md
 - Rakefile
 - lib/sshkey.rb
 - lib/sshkey/version.rb

data/README.rdoc DELETED

@@ -1,48 +0,0 @@
-= sshkey
-Generate private/public SSH keys using Ruby without the `ssh-keygen` system command.
-  gem install sshkey
-Tested on Ruby 1.8.7 and 1.9.2 (MRI).  Ruby must be compiled with OpenSSL support.
-== Usage
-Generate an SSH Keypair with foo@bar.com as the comment - providing a comment is optional
-  k = SSHKey.generate(:comment => "foo@bar.com")
-Return an SSHKey object from an existing RSA Private Key (provided as a string)
-  k = SSHKey.new(File.read("~/.ssh/id_rsa"), :comment => "foo@bar.com")
-Both of these will return an SSHKey object with the following methods:
-  # Returns an OpenSSL::PKey::RSA key object
-  # See http://www.ruby-doc.org/stdlib/libdoc/openssl/rdoc/classes/OpenSSL/PKey/RSA.html
-  k.key_object
-  # => -----BEGIN RSA PRIVATE KEY-----\nMIIEowI...
-  # Returns the RSA Private Key as a string
-  k.rsa_private_key
-  # => "-----BEGIN RSA PRIVATE KEY-----\nMIIEowI..."
-  # Returns the RSA Public Key as a string
-  k.rsa_public_key
-  # => "-----BEGIN RSA PUBLIC KEY-----\nMIIBCg..."
-  # Returns the SSH Public Key as a string
-  k.ssh_public_key
-  # => "ssh-rsa AAAAB3NzaC1yc2EA...."
-  # Returns the comment as a string
-  k.comment
-  # => "foo@bar.com"
-  # Returns the fingerprint as a string
-  k.fingerprint
-  # => "2a:89:84:c9:29:05:d1:f8:49:79:1c:ba:73:99:eb:af"
-== Copyright
-Copyright (c) 2011 James Miller