|0.6.3||Nov 21, 2023|
|0.6.1||Aug 15, 2023|
|0.6.0-rc.2||Jun 25, 2023|
|0.6.0-rc.0||Mar 30, 2023|
#1819 in Cryptography
41,158 downloads per month
Used in 37 crates (19 directly)
RustCrypto: SSH Keys and Certificates
Additionally provides support for SSH signatures as described in
PROTOCOL.sshsig, OpenSSH certificates as specified in PROTOCOL.certkeys
including certificate validation and certificate authority (CA) support,
FIDO/U2F keys as specified in PROTOCOL.u2f (and certificates thereof), and
known_hosts file formats.
Supports a minimal profile which works on heapless
no_std targets. See
"Supported algorithms" table below for which key formats work on heapless
targets and which algorithms require
rsa features of this crate are enabled,
provides key generation and certificate signing/verification support for that
respective SSH key algorithm.
- Constant-time Base64 decoder/encoder using
- OpenSSH-compatible decoder/encoders for the following formats:
- OpenSSH public keys
- OpenSSH private keys (i.e.
BEGIN OPENSSH PRIVATE KEY)
- OpenSSH certificates
- OpenSSH signatures (a.k.a. "sshsig")
- OpenSSH certificate support
- Certificate validation
- Certificate authority (CA) support i.e. cert builder/signer
- Private key encryption/decryption (
- Private key generation support: DSA, Ed25519, ECDSA (P-256+P-384), and RSA
- FIDO/U2F key support (
sk-*) as specified in PROTOCOL.u2f
- Fingerprint support
- "randomart" fingerprint visualizations
no_stdsupport including support for "heapless" (no-
zeroizesupport for private keys
- ECDSA/P-521 support
- FIDO/U2F signature support
- Legacy (pre-OpenSSH) SSH key format support
- RFC4716 public keys
Supported Signature Algorithms
By default no algorithms are enabled and you will get an
Error::AlgorithmUnsupported error if you try to use them.
crypto feature or the "Feature" for specific algorithms in the
chart above (e.g.
rsa) in order to use cryptographic functionality.
The "Feature" column lists the name of
ssh-key crate features which can
be enabled to provide full support for the "Keygen", "Sign", and "Verify"
functionality for a particular SSH key algorithm.
Minimum Supported Rust Version
This crate requires Rust 1.65 at a minimum.
We may change the MSRV in the future, but it will be accompanied by a minor version bump.
Licensed under either of:
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.