RubyGems - sshkey - Versions diffs - 1.6.1 → 2.0.0 - Mend

sshkey 1.6.1 → 2.0.0

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: dcab21406c740089ec26317a5499a2b757f03e7c
-  data.tar.gz: 212a9a19f541aea1aeaf577cb2e938f1eae9c4fd
+  metadata.gz: b6e9c3f40bf3a5b7a9f80cadd7d98e8c4e9b41d4
+  data.tar.gz: 362495eb1d46d0befe4c932c94318ce1e40c8ec2
 SHA512:
-  metadata.gz: ba8bf9fcef2981609256d9765e855e49771992caa20d1b87ff52a20d627a8d2571318486687b2cf51c52d6f8a510281ad351069e94cb092e44a520f069af5ab6
-  data.tar.gz: f1f47cb1a2861aa2a8a741d8b511529c62701e943658c1dead0f6621ad639158874b4c13fc6a00f9bc6375e00ea46aab32612d5337c8e55002503f0aaac6dab9
+  metadata.gz: 7f99fe44852eb551a34ff7fc8ca2dcab7e51a222e9e2bb7c9708115419e1e1e08444ca03973692547b2ce5d83d4dda593b95baa3bca19b1def9df3037bae127c
+  data.tar.gz: 846c9b1966e56c5f405897254619367867d34855c9ebaa65f7d863ad271763427d574589c22b6570c790642a352e8fb39fb055a56ce446c18d717f17cf943f42

data/.travis.yml CHANGED Viewed

@@ -1,41 +1,21 @@
+language: ruby
 rvm:
-  - 1.8.7
-  - 1.9.2
-  - 1.9.3
-  - 2.0.0
-  - ree
+  - 2.0
+  - 2.1
+  - 2.2
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
   - ruby-head
-  - jruby-18mode
-  - jruby-19mode
-  - jruby-20mode
+  - jruby
   - jruby-head
-  - rbx-2.1.1
 matrix:
   allow_failures:
     - rvm: ruby-head
-  include:
-    - rvm: jruby-18mode
-      jdk: openjdk6
-    - rvm: jruby-18mode
-      jdk: openjdk7
-    - rvm: jruby-18mode
-      jdk: oraclejdk7
-    - rvm: jruby-19mode
-      jdk: openjdk6
-    - rvm: jruby-19mode
-      jdk: openjdk7
-    - rvm: jruby-19mode
-      jdk: oraclejdk7
-    - rvm: jruby-20mode
-      jdk: openjdk6
-    - rvm: jruby-20mode
-      jdk: openjdk7
-    - rvm: jruby-20mode
-      jdk: oraclejdk7
-    - rvm: jruby-head
-      jdk: openjdk6
     - rvm: jruby-head
-      jdk: openjdk7
-    - rvm: jruby-head
-      jdk: oraclejdk7
+sudo: required
+dist: xenial

data/Gemfile CHANGED Viewed

@@ -1,6 +1,5 @@
 source "https://rubygems.org"
-gem "jruby-openssl", ">= 0.8.2", :platforms => :jruby
-gem "rubysl", "~> 2.0.14", :platforms => :rbx
+gem "jruby-openssl", ">= 0.8.2", platform: :jruby
 gemspec

data/LICENSE CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright (c) 2011-2013 James Miller
+Copyright (c) 2011-2016 James Miller
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md CHANGED Viewed

@@ -2,11 +2,15 @@
 Generate private and public SSH keys (RSA and DSA supported) using pure Ruby.
-	gem install sshkey
+[![Build Status](https://secure.travis-ci.org/bensie/sshkey.svg?branch=master)](http://travis-ci.org/bensie/sshkey)
-Tested on the following Rubies: MRI 1.8.7, 1.9.2, 1.9.3, 2.0.0, REE, JRuby (1.7.2 and newer), Rubinius (2.1.1 and newer). Ruby must be compiled with OpenSSL support.
+## Requirements
-[![Build Status](https://secure.travis-ci.org/bensie/sshkey.png)](http://travis-ci.org/bensie/sshkey)
+Tested / supported on CRuby 2.0.0+ and JRuby.
+## Installation
+    gem install sshkey
 ## Usage
@@ -18,7 +22,12 @@ You can also (optionally) supply a `comment` or `passphrase`.
 ```ruby
 k = SSHKey.generate
-k = SSHKey.generate(:type => "DSA", :bits => 1024, :comment => "foo@bar.com", :passphrase => "foobar")
+k = SSHKey.generate(
+  type:       "DSA",
+  bits:       1024,
+  comment:    "foo@bar.com",
+  passphrase: "foobar"
+)
 ```
 ### Use your existing key
@@ -26,7 +35,8 @@ k = SSHKey.generate(:type => "DSA", :bits => 1024, :comment => "foo@bar.com", :p
 Return an SSHKey object from an existing RSA or DSA private key (provided as a string).
 ```ruby
-k = SSHKey.new(File.read("~/.ssh/id_rsa"), :comment => "foo@bar.com")
+f = File.read(File.expand_path("~/.ssh/id_rsa"))
+k = SSHKey.new(f, comment: "foo@bar.com")
 ```
 ### The SSHKey object
@@ -52,11 +62,11 @@ k.ssh_public_key
 #### Encryption
-If a passcode is set when a key is generated or by setting the `passcode` accessor, you can
+If a passphrase is set when a key is generated or by setting the `passphrase` accessor, you can
 fetch the encrypted version of the private key.
 ```ruby
-k.passcode = "foo"
+k.passphrase = "foo"
 # => "foo"
 k.encrypted_private_key
@@ -77,6 +87,9 @@ k.comment = "me@me.com"
 k.ssh_public_key
 # => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7 me@me.com"
+k.ssh2_public_key
+# => "---- BEGIN SSH2 PUBLIC KEY ----\nComment: me@me.com\nAAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+n\nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5\nXsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoA\nv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I\n9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVIC\nWtKbqW263HT5LvSxwKorR7\n---- END SSH2 PUBLIC KEY ----"
 ```
 #### Bit length
@@ -91,14 +104,17 @@ k.bits
 #### Fingerprints
 It is often helpful to use a fingerprint to visually or programmatically check if one key
-matches another. Fetch either an MD5 (OpenSSH default) or SHA1 fingerprint of the SSH public key.
+matches another. Fetch an MD5, SHA1, or SHA256 fingerprint of the SSH public key.
 ```ruby
 k.md5_fingerprint
-# => "2a:89:84:c9:29:05:d1:f8:49:79:1c:ba:73:99:eb:af"
+# => "04:1b:d4:18:df:87:60:94:8c:83:8a:7b:5a:35:59:3d"
 k.sha1_fingerprint
-# => "e4:f9:79:f2:fe:d6:be:2d:ef:2e:c2:fa:aa:f8:b0:17:34:fe:0d:c0"
+# => "e5:c2:43:9e:e4:0c:0c:47:82:7a:3b:e9:61:13:bd:9c:43:eb:4c:b7"
+k.sha256_fingerprint
+# => "x1GEnx1SRY/QwxjMAoyO6mhQlaBedDHtYLEmfeUXy3o="
 ```
 #### Public Key Directives
@@ -126,7 +142,7 @@ k.ssh_public_key
 #### Randomart
-Generate [OpenSSH compatible](http://www.opensource.apple.com/source/OpenSSH/OpenSSH-175/openssh/key.c) ASCII art fingerprints
+Generate [OpenSSH compatible](http://www.opensource.apple.com/source/OpenSSH/OpenSSH-175/openssh/key.c) ASCII art fingerprints.
 ```ruby
 puts k.randomart
@@ -165,7 +181,7 @@ SSHKey.valid_ssh_public_key? "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE
 #### Bit length
-Determine the strenth of the key in bits as an integer.  Returns `SSHKey::PublicKeyError` if bits cannot be determined.
+Determine the strength of the key in bits as an integer. Returns `SSHKey::PublicKeyError` if bits cannot be determined.
 ```ruby
 SSHKey.ssh_public_key_bits "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7"
@@ -174,16 +190,27 @@ SSHKey.ssh_public_key_bits "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o
 #### Fingerprints
-Fetch either an MD5 (OpenSSH default) or SHA1 fingerprint of the SSH
-public key.  Returns `SSHKey::PublicKeyError` if a fingerprint cannot be determined.
+Fetch an MD5, SHA1, or SHA256 fingerprint of the SSH public key.
+Returns `SSHKey::PublicKeyError` if a fingerprint cannot be determined.
 ```ruby
 SSHKey.fingerprint "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7"
 # => "04:1b:d4:18:df:87:60:94:8c:83:8a:7b:5a:35:59:3d"
 SSHKey.sha1_fingerprint "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7"
 # => "e5:c2:43:9e:e4:0c:0c:47:82:7a:3b:e9:61:13:bd:9c:43:eb:4c:b7"
+SSHKey.sha256_fingerprint "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7"
+# => "x1GEnx1SRY/QwxjMAoyO6mhQlaBedDHtYLEmfeUXy3o="
+```
+#### Convert to SSH2 Public Key
+Convert an existing SSH Public Key into an SSH2 Public key. Returns `SSHKey::PublicKeyError` if a valid key cannot be generated.
+```ruby
+SSHKey.ssh_public_key_to_ssh2_public_key "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7 me@me.com"
+# => "---- BEGIN SSH2 PUBLIC KEY ----\nComment: me@me.com\nAAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+n\nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5\nXsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoA\nv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I\n9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVIC\nWtKbqW263HT5LvSxwKorR7\n---- END SSH2 PUBLIC KEY ----"
 ```
 ## Copyright
-Copyright (c) 2011-2013 James Miller
+Copyright (c) 2011-2019 James Miller

data/lib/sshkey.rb CHANGED Viewed

@@ -1,14 +1,27 @@
-$:.unshift File.dirname(__FILE__)
 require 'openssl'
 require 'base64'
 require 'digest/md5'
 require 'digest/sha1'
-require 'sshkey/exception'
+require 'digest/sha2'
 class SSHKey
-  SSH_TYPES      = {"rsa" => "ssh-rsa", "dsa" => "ssh-dss"}
+  SSH_TYPES = {
+    "ssh-rsa" => "rsa",
+    "ssh-dss" => "dsa",
+    "ssh-ed25519" => "ed25519",
+    "ecdsa-sha2-nistp256" => "ecdsa",
+    "ecdsa-sha2-nistp384" => "ecdsa",
+    "ecdsa-sha2-nistp521" => "ecdsa",
+  }
+  SSHFP_TYPES = {
+    "rsa"     => 1,
+    "dsa"     => 2,
+    "ecdsa"   => 3,
+    "ed25519" => 4,
+  }
   SSH_CONVERSION = {"rsa" => ["e", "n"], "dsa" => ["p", "q", "g", "pub_key"]}
+  SSH2_LINE_LENGTH = 70 # +1 (for line wrap '/' character) must be <= 72
   class << self
     # Generate a new keypair and return an SSHKey object
@@ -30,7 +43,7 @@ class SSHKey
       default_bits = type == "rsa" ? 2048 : 1024
       bits   = options[:bits] || default_bits
-      cipher = OpenSSL::Cipher::Cipher.new("AES-128-CBC") if options[:passphrase]
+      cipher = OpenSSL::Cipher.new("AES-128-CBC") if options[:passphrase]
       case type.downcase
       when "rsa" then new(OpenSSL::PKey::RSA.generate(bits).to_pem(cipher, options[:passphrase]), options)
@@ -49,7 +62,17 @@ class SSHKey
     #
     def valid_ssh_public_key?(ssh_public_key)
       ssh_type, encoded_key = parse_ssh_public_key(ssh_public_key)
-      SSH_CONVERSION[SSH_TYPES.invert[ssh_type]].size == unpacked_byte_array(ssh_type, encoded_key).size
+      sections = unpacked_byte_array(ssh_type, encoded_key)
+      case ssh_type
+        when "ssh-rsa", "ssh-dss"
+          sections.size == SSH_CONVERSION[SSH_TYPES[ssh_type]].size
+        when "ssh-ed25519"
+          sections.size == 1                                # https://tools.ietf.org/id/draft-bjh21-ssh-ed25519-00.html#rfc.section.4
+        when "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521"
+          sections.size == 2                                # https://tools.ietf.org/html/rfc5656#section-3.1
+        else
+          false
+      end
     rescue
       false
     end
@@ -88,10 +111,59 @@ class SSHKey
       end
     end
+    # SHA256 fingerprint for the given SSH key
+    def sha256_fingerprint(key)
+      if key.match(/PRIVATE/)
+        new(key).sha256_fingerprint
+      else
+        Base64.encode64(Digest::SHA256.digest(decoded_key(key))).gsub("\n", "")
+      end
+    end
+    # SSHFP records for the given SSH key
+    def sshfp(hostname, key)
+      if key.match(/PRIVATE/)
+        new(key).sshfp hostname
+      else
+        type, encoded_key = parse_ssh_public_key(key)
+        format_sshfp_record(hostname, SSH_TYPES[type], Base64.decode64(encoded_key))
+      end
+    end
+    # Convert an existing SSH public key to SSH2 (RFC4716) public key
+    #
+    # ==== Parameters
+    # * ssh_public_key<~String> - "ssh-rsa AAAAB3NzaC1yc2EA...."
+    # * headers<~Hash> - The Key will be used as the header-tag and the value as the header-value
+    #
+    def ssh_public_key_to_ssh2_public_key(ssh_public_key, headers = nil)
+      raise PublicKeyError, "invalid ssh public key" unless SSHKey.valid_ssh_public_key?(ssh_public_key)
+      _source_format, source_key = parse_ssh_public_key(ssh_public_key)
+      # Add a 'Comment' Header Field unless others are explicitly passed in
+      if source_comment = ssh_public_key.split(source_key)[1]
+        headers = {'Comment' => source_comment.strip} if headers.nil? && !source_comment.empty?
+      end
+      header_fields = build_ssh2_headers(headers)
+      ssh2_key = "---- BEGIN SSH2 PUBLIC KEY ----\n"
+      ssh2_key << header_fields unless header_fields.nil?
+      ssh2_key << source_key.scan(/.{1,#{SSH2_LINE_LENGTH}}/).join("\n")
+      ssh2_key << "\n---- END SSH2 PUBLIC KEY ----"
+    end
+    def format_sshfp_record(hostname, type, key)
+      [[Digest::SHA1, 1], [Digest::SHA256, 2]].map { |f, num|
+        fpr = f.hexdigest(key)
+        "#{hostname} IN SSHFP #{SSHFP_TYPES[type]} #{num} #{fpr}"
+      }.join("\n")
+    end
     private
     def unpacked_byte_array(ssh_type, encoded_key)
-      prefix = [7].pack("N") + ssh_type
+      prefix = [ssh_type.length].pack("N") + ssh_type
       decoded = Base64.decode64(encoded_key)
       # Base64 decoding is too permissive, so we should validate if encoding is correct
@@ -99,16 +171,26 @@ class SSHKey
         raise PublicKeyError, "validation error"
       end
+      byte_count = 0
       data = []
       until decoded.empty?
         front = decoded.slice!(0,4)
         size = front.unpack("N").first
         segment = decoded.slice!(0, size)
+        byte_count += segment.length
         unless front.length == 4 && segment.length == size
           raise PublicKeyError, "byte array too short"
         end
         data << OpenSSL::BN.new(segment, 2)
       end
+      if ssh_type == "ssh-ed25519"
+        unless byte_count == 32
+          raise PublicKeyError, "validation error, ed25519 key length not OK"
+        end
+      end
       return data
     end
@@ -121,12 +203,28 @@ class SSHKey
     end
     def parse_ssh_public_key(public_key)
+      raise PublicKeyError, "newlines are not permitted between key data" if public_key =~ /\n(?!$)/
       parsed = public_key.split(" ")
       parsed.each_with_index do |el, index|
-        return parsed[index..(index+1)] if SSH_TYPES.invert[el]
+        return parsed[index..(index+1)] if SSH_TYPES[el]
       end
       raise PublicKeyError, "cannot determine key type"
     end
+    def build_ssh2_headers(headers = {})
+      return nil if headers.nil? || headers.empty?
+      headers.keys.sort.collect do |header_tag|
+        # header-tag must be us-ascii & <= 64 bytes and header-data must be UTF-8 & <= 1024 bytes
+        raise PublicKeyError, "SSH2 header-tag '#{header_tag}' must be US-ASCII" unless header_tag.each_byte.all? {|b| b < 128 }
+        raise PublicKeyError, "SSH2 header-tag '#{header_tag}' must be <= 64 bytes" unless header_tag.size <= 64
+        raise PublicKeyError, "SSH2 header-value for '#{header_tag}' must be <= 1024 bytes" unless headers[header_tag].size <= 1024
+        header_field = "#{header_tag}: #{headers[header_tag]}"
+        header_field.scan(/.{1,#{SSH2_LINE_LENGTH}}/).join("\\\n")
+      end.join("\n") << "\n"
+    end
   end
   attr_reader :key_object, :type
@@ -168,7 +266,7 @@ class SSHKey
   # If no passphrase is set, returns the unencrypted private key
   def encrypted_private_key
     return private_key unless passphrase
-    key_object.to_pem(OpenSSL::Cipher::Cipher.new("AES-128-CBC"), passphrase)
+    key_object.to_pem(OpenSSL::Cipher.new("AES-128-CBC"), passphrase)
   end
   # Fetch the RSA/DSA public key
@@ -182,7 +280,20 @@ class SSHKey
   # SSH public key
   def ssh_public_key
-    [directives.join(",").strip, SSH_TYPES[type], Base64.encode64(ssh_public_key_conversion).gsub("\n", ""), comment].join(" ").strip
+    [directives.join(",").strip, SSH_TYPES.invert[type], Base64.encode64(ssh_public_key_conversion).gsub("\n", ""), comment].join(" ").strip
+  end
+  # SSH2 public key (RFC4716)
+  #
+  # ==== Parameters
+  # * headers<~Hash> - Keys will be used as header-tags and values as header-values.
+  #
+  # ==== Examples
+  # {'Comment' => '2048-bit RSA created by user@example'}
+  # {'x-private-use-tag' => 'Private Use Value'}
+  #
+  def ssh2_public_key(headers = nil)
+    self.class.ssh_public_key_to_ssh2_public_key(ssh_public_key, headers)
   end
   # Fingerprints
@@ -198,6 +309,11 @@ class SSHKey
     Digest::SHA1.hexdigest(ssh_public_key_conversion).gsub(/(.{2})(?=.)/, '\1:\2')
   end
+  # SHA256 fingerprint for the given SSH public key
+  def sha256_fingerprint
+    Base64.encode64(Digest::SHA256.digest(ssh_public_key_conversion)).gsub("\n", "")
+  end
   # Determine the length (bits) of the key as an integer
   def bits
     self.class.ssh_public_key_bits(ssh_public_key)
@@ -260,6 +376,10 @@ class SSHKey
     output
   end
+  def sshfp(hostname)
+    self.class.format_sshfp_record(hostname, @type, ssh_public_key_conversion)
+  end
   def directives=(directives)
     @directives = Array[directives].flatten.compact
   end
@@ -277,7 +397,7 @@ class SSHKey
   # For instance, the "ssh-rsa" string is encoded as the following byte array
   # [0, 0, 0, 7, 's', 's', 'h', '-', 'r', 's', 'a']
   def ssh_public_key_conversion
-    typestr = SSH_TYPES[type]
+    typestr = SSH_TYPES.invert[type]
     methods = SSH_CONVERSION[type]
     pubkey = key_object.public_key
     methods.inject([7].pack("N") + typestr) do |pubkeystr, m|
@@ -300,4 +420,6 @@ class SSHKey
       pubkeystr + [data.length].pack("N") + data
     end
   end
+  class PublicKeyError < StandardError; end
 end

data/lib/sshkey/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 class SSHKey
-  VERSION = "1.6.1"
+  VERSION = "2.0.0"
 end

data/sshkey.gemspec CHANGED Viewed

@@ -21,4 +21,5 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
   s.add_development_dependency("rake")
+  s.add_development_dependency("test-unit")
 end

data/test/sshkey_test.rb CHANGED Viewed

@@ -79,13 +79,30 @@ EOF
   SSH_PUBLIC_KEY2 = 'AAAAB3NzaC1yc2EAAAABIwAAAQEAxl6TpN7uFiY/JZ8qDnD7UrxDP+ABeh2PVg8Du1LEgXNk0+YWCeP5S6oHklqaWeDlbmAs1oHsBwCMAVpMa5tgONOLvz4JgwgkiqQEbKR8ofWJ+LADUElvqRVGmGiNEMLI6GJWeneL4sjmbb8d6U+M53c6iWG0si9XE5m7teBQSsCl0Tk3qMIkQGw5zpJeCXjZ8KpJhIJRYgexFkGgPlYRV+UYIhxpUW90t0Ra5i6JOFYwq98k5S/6SJIZQ/A9F4JNzwLw3eVxZj0yVHWxkGz1+TyELNY1kOyMxnZaqSfGzSQJTrnIXpdweVHuYh1LtOgedRQhCyiELeSMGwio1vRPKw=='
   SSH_PUBLIC_KEY3 = 'AAAAB3NzaC1kc3MAAACBALyVy5dwVwgL3CxXzsvo8DBh58qArQLBNIPW/f9pptmy7jD5QXzOw+12w0/z4lZ86ncoVutRMf44OABcX9ovhRl+luxB7jjpkVXy/p2ZaqPbeyTQUtdTmXa2y4n053Jd61VeMG+iLP7+viT+Ib96y9aVUYQfCrl5heBDUZ9cAFjdAAAAFQDFXnO7JJpFKwkeoor4GWGHtz0D2QAAAIEAqel0RUBO0MY5b3DZ69J/mRzUifN1O6twk4er2ph0JpryuUwZohLpcVZwqoGWmPQy/ZHmV1b3RtT9GWUa+HUqKdMhFVOx/iq1khVfLi83whjMMvXj3ecqd0yzGxGHnSsjVKefa2ywCLHrh4nlUVIaXI5gQpgMyVbMcromDe1WZzoAAACBAIwTRPAEcroqOzaebiVspFcmsXxDQ4wXQZQdho1ExW6FKS8s7/6pItmZYXTvJDwLXgq2/iK1fRRcKk2PJEaSuJR7WeNGsJKfWmQ2UbOhqA3wWLDazIZtcMKjFzD0hM4E8qgjHjMvKDE6WgT6SFP+tqx3nnh7pJWwsbGjSMQexpyR'
+  SSH_PUBLIC_KEY_ED25519        = 'AAAAC3NzaC1lZDI1NTE5AAAAIBrNsRCISAtKXV5OVxqV6unVcdis5Uh3oiC6B7CMB7HQ'
+  SSH_PUBLIC_KEY_ED25519_0_BYTE = 'AAAAC3NzaC1lZDI1NTE5AAAAIADK9x9t3yQQH7h4OEJpUa7l2j7mcmKf4LAsNXHxNbSm'
+  SSH_PUBLIC_KEY_ECDSA_256 = 'AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHJFDZ5qymZfIzoJcxYeu3C9HjJ08QAbqR28C2zSMLwcb3ZzWdRApnj6wEgRvizsBmr9zyPKb2u5Rp0vjJtQcZo='
+  SSH_PUBLIC_KEY_ECDSA_384 = 'AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBP+GtUCOR8aW7xTtpkbJS0qqNZ98PgbUNtTFhE+Oe+khgoFMX+o0JG5bckVuvtkRl8dr+63kUK0QPTtzP9O5yixB9CYnB8CgCgYo1FCXZuJIImf12wW5nWKglrCH4kV1Qg=='
+  SSH_PUBLIC_KEY_ECDSA_521 = 'AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBACsunidnIZ77AjCHSDp/xknLGDW3M0Ia7nxLdImmp0XGbxtbwYm2ga5XUzV9dMO9wF9ICC3OuH6g9DtGOBNPru1PwFDjaPISGgm0vniEzWazLsvjJVLThOA3VyYLxmtjm0WfS+/DfxgWVS6oeCTnDjjoVVpwU/fDbUbYPPRZI84/hOGNA=='
   KEY1_MD5_FINGERPRINT = "2a:89:84:c9:29:05:d1:f8:49:79:1c:ba:73:99:eb:af"
   KEY2_MD5_FINGERPRINT = "3c:af:74:87:cc:cc:a1:12:05:1a:09:b7:7b:ce:ed:ce"
   KEY3_MD5_FINGERPRINT = "14:f6:6a:12:96:be:44:32:e6:3c:77:43:94:52:f5:7a"
+  ED25519_MD5_FINGERPRINT = "6f:1a:8a:c1:4f:13:5c:36:6e:3f:be:eb:49:3b:8e:3e"
+  ECDSA_256_MD5_FINGERPRINT = "d9:3a:7f:de:b2:65:04:ac:62:05:1a:1e:97:e9:2b:9d"
   KEY1_SHA1_FINGERPRINT = "e4:f9:79:f2:fe:d6:be:2d:ef:2e:c2:fa:aa:f8:b0:17:34:fe:0d:c0"
   KEY2_SHA1_FINGERPRINT = "9a:52:78:2b:6b:cb:39:b7:85:ed:90:8a:28:62:aa:b3:98:88:e6:07"
   KEY3_SHA1_FINGERPRINT = "15:68:c6:72:ac:18:d1:fc:ab:a2:b7:b5:8c:d1:fe:8f:b9:ae:a9:47"
+  ED25519_SHA1_FINGERPRINT = "57:41:7c:d0:e2:53:28:87:7e:87:53:d4:69:ef:ef:63:ec:c0:0e:5e"
+  ECDSA_256_SHA1_FINGERPRINT = "94:e8:92:2b:1b:ec:49:de:ff:85:ea:6e:10:d6:8d:87:7a:67:40:ee"
+  KEY1_SHA256_FINGERPRINT = "js3llFehloxCfsVuDw5xu3NtS9AOAxcXY8WL6vkDIts="
+  KEY2_SHA256_FINGERPRINT = "23f/6U/LdxIFx1CQFKHylw76n+LIHYoY4nRxKcFoos4="
+  KEY3_SHA256_FINGERPRINT = "mPqEPQlOPGORrTJrU17sPax1jOqeutZja6MOsFIca+8="
+  ED25519_SHA256_FINGERPRINT = "gyzHUKl1eO8Bk1Cvn4joRgxRlXo1+1HJ3Vho/hAtKEg="
+  ECDSA_256_SHA256_FINGERPRINT = "ncy2crhoL44R58GCZPQ5chPRrjlQKKgu07FDNelDmdk="
   KEY1_RANDOMART = <<-EOF.rstrip
 +--[ RSA 2048]----+
@@ -127,6 +144,61 @@ EOF
 |                 |
 |                 |
 +-----------------+
+EOF
+  KEY1_SSHFP = <<-EOF.rstrip
+localhost IN SSHFP 1 1 e4f979f2fed6be2def2ec2faaaf8b01734fe0dc0
+localhost IN SSHFP 1 2 8ecde59457a1968c427ec56e0f0e71bb736d4bd00e03171763c58beaf90322db
+EOF
+  KEY2_SSHFP = <<-EOF.rstrip
+localhost IN SSHFP 1 1 9a52782b6bcb39b785ed908a2862aab39888e607
+localhost IN SSHFP 1 2 db77ffe94fcb771205c7509014a1f2970efa9fe2c81d8a18e2747129c168a2ce
+EOF
+  KEY3_SSHFP = <<-EOF.rstrip
+localhost IN SSHFP 2 1 1568c672ac18d1fcaba2b7b58cd1fe8fb9aea947
+localhost IN SSHFP 2 2 98fa843d094e3c6391ad326b535eec3dac758cea9ebad6636ba30eb0521c6bef
+EOF
+  SSH2_PUBLIC_KEY1 = <<-EOF.rstrip
+---- BEGIN SSH2 PUBLIC KEY ----
+Comment: me@example.com
+AAAAB3NzaC1yc2EAAAABIwAAAQEArfTA/lKVR84IMc9ZzXOCHr8DVtR8hzWuEVHF6KElav
+RHlk14g0SZu3m908Ejm/XF3EfNHjX9wN+62IMA0QBxkBMFCuLF+U/oeUs0NoDdAEKxjj4n
+6lq6Ss8aLct+anMy7D1jwvOLbcwV54w1d5JDdlZVdZ6AvHm9otwJq6rNpDgdmXY4HgC2nM
+9csFpuy0cDpL6fdJx9lcNL2RnkRC4+RMsIB+PxDw0j3vDi04dYLBXMGYjyeGH+mIFpL3PT
+PXGXwL2XDYXZ2H4SQX6bOoKmazTXq6QXuEB665njh1GxXldoIMcSshoJL0hrk3WrTOG22N
+2CQA+IfHgrXJ+A+QUzKQ==
+---- END SSH2 PUBLIC KEY ----
+EOF
+  SSH2_PUBLIC_KEY2 = <<-EOF.rstrip
+---- BEGIN SSH2 PUBLIC KEY ----
+AAAAB3NzaC1yc2EAAAABIwAAAQEAxl6TpN7uFiY/JZ8qDnD7UrxDP+ABeh2PVg8Du1LEgX
+Nk0+YWCeP5S6oHklqaWeDlbmAs1oHsBwCMAVpMa5tgONOLvz4JgwgkiqQEbKR8ofWJ+LAD
+UElvqRVGmGiNEMLI6GJWeneL4sjmbb8d6U+M53c6iWG0si9XE5m7teBQSsCl0Tk3qMIkQG
+w5zpJeCXjZ8KpJhIJRYgexFkGgPlYRV+UYIhxpUW90t0Ra5i6JOFYwq98k5S/6SJIZQ/A9
+F4JNzwLw3eVxZj0yVHWxkGz1+TyELNY1kOyMxnZaqSfGzSQJTrnIXpdweVHuYh1LtOgedR
+QhCyiELeSMGwio1vRPKw==
+---- END SSH2 PUBLIC KEY ----
+EOF
+  SSH2_PUBLIC_KEY3 = <<-EOF.rstrip
+---- BEGIN SSH2 PUBLIC KEY ----
+Comment: 1024-bit DSA with provided comment
+x-private-use-header: some value that is long enough to go to wrap aro\\
+und to a new line.
+AAAAB3NzaC1kc3MAAACBALyVy5dwVwgL3CxXzsvo8DBh58qArQLBNIPW/f9pptmy7jD5QX
+zOw+12w0/z4lZ86ncoVutRMf44OABcX9ovhRl+luxB7jjpkVXy/p2ZaqPbeyTQUtdTmXa2
+y4n053Jd61VeMG+iLP7+viT+Ib96y9aVUYQfCrl5heBDUZ9cAFjdAAAAFQDFXnO7JJpFKw
+keoor4GWGHtz0D2QAAAIEAqel0RUBO0MY5b3DZ69J/mRzUifN1O6twk4er2ph0JpryuUwZ
+ohLpcVZwqoGWmPQy/ZHmV1b3RtT9GWUa+HUqKdMhFVOx/iq1khVfLi83whjMMvXj3ecqd0
+yzGxGHnSsjVKefa2ywCLHrh4nlUVIaXI5gQpgMyVbMcromDe1WZzoAAACBAIwTRPAEcroq
+OzaebiVspFcmsXxDQ4wXQZQdho1ExW6FKS8s7/6pItmZYXTvJDwLXgq2/iK1fRRcKk2PJE
+aSuJR7WeNGsJKfWmQ2UbOhqA3wWLDazIZtcMKjFzD0hM4E8qgjHjMvKDE6WgT6SFP+tqx3
+nnh7pJWwsbGjSMQexpyR
+---- END SSH2 PUBLIC KEY ----
 EOF
   def setup
@@ -202,6 +274,17 @@ EOF
     assert_equal expected4, @key_without_comment.ssh_public_key
   end
+  def test_ssh2_public_key_output
+    expected1 = SSH2_PUBLIC_KEY1
+    expected2 = SSH2_PUBLIC_KEY2
+    expected3 = SSH2_PUBLIC_KEY3
+    assert_equal expected1, @key1.ssh2_public_key
+    assert_equal expected2, @key2.ssh2_public_key({})
+    assert_equal expected3, @key3.ssh2_public_key({'Comment' => '1024-bit DSA with provided comment',
+      'x-private-use-header' => 'some value that is long enough to go to wrap around to a new line.'})
+  end
   def test_public_key_directives
     assert_equal [], SSHKey.generate.directives
@@ -253,6 +336,46 @@ EOF
     assert !SSHKey.valid_ssh_public_key?(invalid5)
   end
+  def test_ssh_public_key_validation_elliptic
+    assert SSHKey.valid_ssh_public_key?("ssh-ed25519 #{SSH_PUBLIC_KEY_ED25519} me@example.com")
+    assert SSHKey.valid_ssh_public_key?("ssh-ed25519 #{SSH_PUBLIC_KEY_ED25519_0_BYTE} me@example.com")
+    assert SSHKey.valid_ssh_public_key?("ecdsa-sha2-nistp256 #{SSH_PUBLIC_KEY_ECDSA_256}")
+    assert SSHKey.valid_ssh_public_key?("ecdsa-sha2-nistp384 #{SSH_PUBLIC_KEY_ECDSA_384} me@example.com")
+    assert SSHKey.valid_ssh_public_key?(%Q{from="trusted.eng.cam.ac.uk",no-port-forwarding,no-pty ecdsa-sha2-nistp521 #{SSH_PUBLIC_KEY_ECDSA_521} me@example.com})
+    assert !SSHKey.valid_ssh_public_key?("ssh-ed25519 #{SSH_PUBLIC_KEY_ED25519}= me@example.com") # bad base64
+    assert !SSHKey.valid_ssh_public_key?("ssh-ed25519 #{SSH_PUBLIC_KEY_ECDSA_384} me@example.com") # mismatched key format
+    assert !SSHKey.valid_ssh_public_key?("ecdsa-sha2-nistp256 #{SSH_PUBLIC_KEY_ECDSA_384} me@example.com") # mismatched key format
+    assert !SSHKey.valid_ssh_public_key?("ssh-ed25519 asdf me@example.com") # gibberish key data
+    assert !SSHKey.valid_ssh_public_key?("ecdsa-sha2-nistp256 asdf me@example.com") # gibberish key data
+  end
+  def test_ssh_public_key_validation_with_newlines
+    expected1 = "ssh-rsa #{SSH_PUBLIC_KEY1}\n"
+    expected2 = "ssh-ed25519 #{SSH_PUBLIC_KEY_ED25519} me@example.com\n"
+    invalid1  = "ssh-rsa #{SSH_PUBLIC_KEY1}\nme@example.com"
+    invalid2  = "ssh-rsa #{SSH_PUBLIC_KEY1}\n me@example.com"
+    invalid3  = "ssh-rsa #{SSH_PUBLIC_KEY1} \nme@example.com"
+    invalid4  = "ecdsa-sha2-nistp256 #{SSH_PUBLIC_KEY_ECDSA_256}\nme@example.com"
+    assert SSHKey.valid_ssh_public_key?(expected1)
+    assert SSHKey.valid_ssh_public_key?(expected2)
+    assert !SSHKey.valid_ssh_public_key?(invalid1)
+    assert !SSHKey.valid_ssh_public_key?(invalid2)
+    assert !SSHKey.valid_ssh_public_key?(invalid3)
+    assert !SSHKey.valid_ssh_public_key?(invalid4)
+  end
+  def test_ssh_public_key_sshfp
+    assert_equal KEY1_SSHFP, SSHKey.sshfp("localhost", "ssh-rsa #{SSH_PUBLIC_KEY1}\n")
+    assert_equal KEY2_SSHFP, SSHKey.sshfp("localhost", "ssh-rsa #{SSH_PUBLIC_KEY2}\n")
+    assert_equal KEY3_SSHFP, SSHKey.sshfp("localhost", "ssh-dss #{SSH_PUBLIC_KEY3}\n")
+    assert_equal KEY1_SSHFP, SSHKey.sshfp("localhost", SSH_PRIVATE_KEY1)
+    assert_equal KEY2_SSHFP, SSHKey.sshfp("localhost", SSH_PRIVATE_KEY2)
+    assert_equal KEY3_SSHFP, SSHKey.sshfp("localhost", SSH_PRIVATE_KEY3)
+  end
   def test_ssh_public_key_bits
     expected1 = "ssh-rsa #{SSH_PUBLIC_KEY1} me@example.com"
     expected2 = "ssh-rsa #{SSH_PUBLIC_KEY2} me@example.com"
@@ -277,6 +400,17 @@ EOF
     assert_equal( "cannot determine key type", exception3.message )
   end
+  def test_ssh2_public_key_bits
+    public_key1 = "ssh-rsa #{SSH_PUBLIC_KEY1} me@example.com"
+    public_key2 = "ssh-rsa #{SSH_PUBLIC_KEY2}"
+    public_key3 = "ssh-dss #{SSH_PUBLIC_KEY3} 1024-bit DSA with provided comment"
+    assert_equal(SSH2_PUBLIC_KEY1, SSHKey.ssh_public_key_to_ssh2_public_key(public_key1))
+    assert_equal(SSH2_PUBLIC_KEY2, SSHKey.ssh_public_key_to_ssh2_public_key(public_key2))
+    assert_equal(SSH2_PUBLIC_KEY2, SSHKey.ssh_public_key_to_ssh2_public_key(public_key2, {}))
+    assert_equal(SSH2_PUBLIC_KEY3, SSHKey.ssh_public_key_to_ssh2_public_key(public_key3, {'Comment' => '1024-bit DSA with provided comment', 'x-private-use-header' => 'some value that is long enough to go to wrap around to a new line.'}))
+  end
   def test_exponent
     assert_equal 35, @key1.key_object.e.to_i
     assert_equal 35, @key2.key_object.e.to_i
@@ -297,12 +431,18 @@ EOF
     assert_equal KEY2_SHA1_FINGERPRINT, @key2.sha1_fingerprint
     assert_equal KEY3_SHA1_FINGERPRINT, @key3.sha1_fingerprint
+    assert_equal KEY1_SHA256_FINGERPRINT, @key1.sha256_fingerprint
+    assert_equal KEY2_SHA256_FINGERPRINT, @key2.sha256_fingerprint
+    assert_equal KEY3_SHA256_FINGERPRINT, @key3.sha256_fingerprint
     assert_equal KEY1_MD5_FINGERPRINT, SSHKey.md5_fingerprint(SSH_PRIVATE_KEY1)
     assert_equal KEY1_MD5_FINGERPRINT, SSHKey.md5_fingerprint("ssh-rsa #{SSH_PUBLIC_KEY1}")
     assert_equal KEY2_MD5_FINGERPRINT, SSHKey.md5_fingerprint(SSH_PRIVATE_KEY2)
     assert_equal KEY2_MD5_FINGERPRINT, SSHKey.md5_fingerprint("ssh-rsa #{SSH_PUBLIC_KEY2} me@me.com")
     assert_equal KEY3_MD5_FINGERPRINT, SSHKey.md5_fingerprint(SSH_PRIVATE_KEY3)
     assert_equal KEY3_MD5_FINGERPRINT, SSHKey.md5_fingerprint("ssh-dss #{SSH_PUBLIC_KEY3}")
+    assert_equal ED25519_MD5_FINGERPRINT, SSHKey.md5_fingerprint("ssh-ed25519 #{SSH_PUBLIC_KEY_ED25519}")
+    assert_equal ECDSA_256_MD5_FINGERPRINT, SSHKey.md5_fingerprint("ecdsa-sha2-nistp256 #{SSH_PUBLIC_KEY_ECDSA_256} me@me.com")
     assert_equal KEY1_SHA1_FINGERPRINT, SSHKey.sha1_fingerprint(SSH_PRIVATE_KEY1)
     assert_equal KEY1_SHA1_FINGERPRINT, SSHKey.sha1_fingerprint("ssh-rsa #{SSH_PUBLIC_KEY1}")
@@ -310,6 +450,17 @@ EOF
     assert_equal KEY2_SHA1_FINGERPRINT, SSHKey.sha1_fingerprint("ssh-rsa #{SSH_PUBLIC_KEY2} me@me.com")
     assert_equal KEY3_SHA1_FINGERPRINT, SSHKey.sha1_fingerprint(SSH_PRIVATE_KEY3)
     assert_equal KEY3_SHA1_FINGERPRINT, SSHKey.sha1_fingerprint("ssh-dss #{SSH_PUBLIC_KEY3}")
+    assert_equal ED25519_SHA1_FINGERPRINT, SSHKey.sha1_fingerprint("ssh-ed25519 #{SSH_PUBLIC_KEY_ED25519}")
+    assert_equal ECDSA_256_SHA1_FINGERPRINT, SSHKey.sha1_fingerprint("ecdsa-sha2-nistp256 #{SSH_PUBLIC_KEY_ECDSA_256} me@me.com")
+    assert_equal KEY1_SHA256_FINGERPRINT, SSHKey.sha256_fingerprint(SSH_PRIVATE_KEY1)
+    assert_equal KEY1_SHA256_FINGERPRINT, SSHKey.sha256_fingerprint("ssh-rsa #{SSH_PUBLIC_KEY1}")
+    assert_equal KEY2_SHA256_FINGERPRINT, SSHKey.sha256_fingerprint(SSH_PRIVATE_KEY2)
+    assert_equal KEY2_SHA256_FINGERPRINT, SSHKey.sha256_fingerprint("ssh-rsa #{SSH_PUBLIC_KEY2} me@me.com")
+    assert_equal KEY3_SHA256_FINGERPRINT, SSHKey.sha256_fingerprint(SSH_PRIVATE_KEY3)
+    assert_equal KEY3_SHA256_FINGERPRINT, SSHKey.sha256_fingerprint("ssh-dss #{SSH_PUBLIC_KEY3}")
+    assert_equal ED25519_SHA256_FINGERPRINT, SSHKey.sha256_fingerprint("ssh-ed25519 #{SSH_PUBLIC_KEY_ED25519}")
+    assert_equal ECDSA_256_SHA256_FINGERPRINT, SSHKey.sha256_fingerprint("ecdsa-sha2-nistp256 #{SSH_PUBLIC_KEY_ECDSA_256} me@me.com")
   end
   def test_bits
@@ -324,6 +475,13 @@ EOF
     assert_equal KEY2_RANDOMART, @key2.randomart
     assert_equal KEY3_RANDOMART, @key3.randomart
   end
+  def test_sshfp
+    assert_equal KEY1_SSHFP, @key1.sshfp("localhost")
+    assert_equal KEY2_SSHFP, @key2.sshfp("localhost")
+    assert_equal KEY3_SSHFP, @key3.sshfp("localhost")
+  end
 end
 class SSHKeyEncryptedTest < Test::Unit::TestCase

metadata CHANGED Viewed

@@ -1,27 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: sshkey
 version: !ruby/object:Gem::Version
-  version: 1.6.1
+  version: 2.0.0
 platform: ruby
 authors:
 - James Miller
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-11-14 00:00:00.000000000 Z
+date: 2019-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Generate private/public SSH keypairs using pure Ruby
@@ -31,14 +45,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
 - lib/sshkey.rb
-- lib/sshkey/exception.rb
 - lib/sshkey/version.rb
 - sshkey.gemspec
 - test/sshkey_test.rb
@@ -52,17 +65,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: sshkey
-rubygems_version: 2.0.3
+rubygems_version: 2.5.2.3
 signing_key:
 specification_version: 4
 summary: SSH private/public key generator in Ruby

data/lib/sshkey/exception.rb DELETED Viewed

@@ -1,3 +0,0 @@
-class SSHKey
-  class PublicKeyError < StandardError; end
-end