#crypto #certificate #openssh #ssh #sshsig

no-std ssh-key

Pure Rust implementation of SSH key file format decoders/encoders as described in RFC4251/RFC4253 and OpenSSH key formats, as well as “sshsig” signatures and certificates (including certificate validation and certificate authority support), with further support for the authorized_keys and known_hosts file formats

19 releases

0.6.3 Nov 21, 2023
0.6.1 Aug 15, 2023
0.6.0-rc.2 Jun 25, 2023
0.6.0-rc.0 Mar 30, 2023
0.0.0 Nov 18, 2021

#1819 in Cryptography

Download history 5535/week @ 2023-08-10 6379/week @ 2023-08-17 6504/week @ 2023-08-24 6769/week @ 2023-08-31 5838/week @ 2023-09-07 6321/week @ 2023-09-14 5284/week @ 2023-09-21 6507/week @ 2023-09-28 7122/week @ 2023-10-05 7790/week @ 2023-10-12 9225/week @ 2023-10-19 9974/week @ 2023-10-26 9354/week @ 2023-11-02 11548/week @ 2023-11-09 10612/week @ 2023-11-16 7782/week @ 2023-11-23

41,158 downloads per month
Used in 37 crates (19 directly)

Apache-2.0 OR MIT

7.5K SLoC

RustCrypto: SSH Keys and Certificates

crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat



Pure Rust implementation of SSH key file format decoders/encoders as described in RFC4251 and RFC4253 as well as OpenSSH's PROTOCOL.key format specification.

Additionally provides support for SSH signatures as described in PROTOCOL.sshsig, OpenSSH certificates as specified in PROTOCOL.certkeys including certificate validation and certificate authority (CA) support, FIDO/U2F keys as specified in PROTOCOL.u2f (and certificates thereof), and also the authorized_keys and known_hosts file formats.

Supports a minimal profile which works on heapless no_std targets. See "Supported algorithms" table below for which key formats work on heapless targets and which algorithms require alloc.

When the ed25519, p256, and/or rsa features of this crate are enabled, provides key generation and certificate signing/verification support for that respective SSH key algorithm.


  • Constant-time Base64 decoder/encoder using base64ct/pem-rfc7468 crates
  • OpenSSH-compatible decoder/encoders for the following formats:
    • OpenSSH public keys
    • OpenSSH private keys (i.e. BEGIN OPENSSH PRIVATE KEY)
    • OpenSSH certificates
    • OpenSSH signatures (a.k.a. "sshsig")
  • OpenSSH certificate support
    • Certificate validation
    • Certificate authority (CA) support i.e. cert builder/signer
  • Private key encryption/decryption (bcrypt-pbkdf + aes256-ctr only)
  • Private key generation support: DSA, Ed25519, ECDSA (P-256+P-384), and RSA
  • FIDO/U2F key support (sk-*) as specified in PROTOCOL.u2f
  • Fingerprint support
    • "randomart" fingerprint visualizations
  • no_std support including support for "heapless" (no-alloc) targets
  • Parsing authorized_keys files
  • Parsing known_hosts files
  • serde support
  • zeroize support for private keys


  • ECDSA/P-521 support
  • FIDO/U2F signature support
  • Legacy (pre-OpenSSH) SSH key format support
    • PKCS#1
    • PKCS#8
    • RFC4716 public keys
    • SEC1

Supported Signature Algorithms

Name Decode Encode Cert Keygen Sign Verify Feature no_std
ecdsa‑sha2‑nistp256 ✅️ ✅️ ✅️ p256 heapless
ecdsa‑sha2‑nistp384 ✅️ ✅️ ✅️ p384 heapless
ecdsa‑sha2‑nistp521 ⛔️ ⛔ ️ ⛔️ heapless
ssh‑dsa ✅️ ✅️ dsa alloc
ssh‑ed25519 ✅️ ✅️ ed25519 heapless
ssh‑rsa ✅️ ✅️ rsa alloc
sk‑ecdsa‑sha2‑nistp256@openssh.com ⛔️ ✅️ alloc
sk‑ssh‑ed25519@openssh.com ⛔️ ⛔️ alloc

By default no algorithms are enabled and you will get an Error::AlgorithmUnsupported error if you try to use them.

Enable the crypto feature or the "Feature" for specific algorithms in the chart above (e.g. p256, rsa) in order to use cryptographic functionality.

The "Feature" column lists the name of ssh-key crate features which can be enabled to provide full support for the "Keygen", "Sign", and "Verify" functionality for a particular SSH key algorithm.

Minimum Supported Rust Version

This crate requires Rust 1.65 at a minimum.

We may change the MSRV in the future, but it will be accompanied by a minor version bump.


Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


~62K SLoC