ssh.Certificate ParseCeritificate() ?

310 views
Skip to first unread message

Peter Moody

unread,
Jul 7, 2015, 9:12:54 PM7/7/15
to golan...@googlegroups.com
I can see how to easily generate new signed ssh certificates, but I can't figure out how to load previously generated certs using go. What's the correct way to load a previously signed ssh cert in go?

Cheers

Jonathan Pittman

unread,
Jul 8, 2015, 9:37:32 PM7/8/15
to golan...@googlegroups.com
Do you mean a cert from a file such as one generated by openssh?  Something like id_rsa-cert.pub?

If so, then you most likely want ParseAuthorizedKey.

If the cert is in memory or stored in a database as just the key/cert bytes and is not base64 encoded, then this may be what you want.

ParseAuthorizedKey eventually calls ParsePublicKey after doing the base64 decoding (and also stripping off newlines, the leading format string, and the trailing comment commonly found in the file).

Peter Moody

unread,
Jul 17, 2015, 4:45:37 PM7/17/15
to golan...@googlegroups.com
I'm apparently very bad at google groups, apologies ahead of time if you get a double posting from my work address.


On Wednesday, July 8, 2015 at 6:37:32 PM UTC-7, Jonathan Pittman wrote:
Do you mean a cert from a file such as one generated by openssh?  Something like id_rsa-cert.pub?

If so, then you most likely want ParseAuthorizedKey.

If the cert is in memory or stored in a database as just the key/cert bytes and is not base64 encoded, then this may be what you want.

ParseAuthorizedKey eventually calls ParsePublicKey after doing the base64 decoding (and also stripping off newlines, the leading format string, and the trailing comment commonly found in the file).

I'm probably missing something obvious, but I'm looking to end up with an ssh.Certificate struct that I can pass to agent.Add() to load into a running ssh-agent. ParsePublicKey appears to return a publickey who's Type() method return ssh-rsa-...@openssh.com, but I can't seem to figure out how to turn that publickey into a struct ssh.Certificate.

Cheers,
peter

Peter Moody

unread,
Jul 17, 2015, 5:06:02 PM7/17/15
to golan...@googlegroups.com
On Fri, Jul 17, 2015 at 1:45 PM, Peter Moody <peter...@gmail.com> wrote:
I'm apparently very bad at google groups, apologies ahead of time if you get a double posting from my work address.

On Wednesday, July 8, 2015 at 6:37:32 PM UTC-7, Jonathan Pittman wrote:
Do you mean a cert from a file such as one generated by openssh?  Something like id_rsa-cert.pub?

If so, then you most likely want ParseAuthorizedKey.

If the cert is in memory or stored in a database as just the key/cert bytes and is not base64 encoded, then this may be what you want.

ParseAuthorizedKey eventually calls ParsePublicKey after doing the base64 decoding (and also stripping off newlines, the leading format string, and the trailing comment commonly found in the file).

I'm probably missing something obvious, but I'm looking to end up with an ssh.Certificate struct that I can pass to agent.Add() to load into a running ssh-agent. ParsePublicKey appears to return a publickey who's Type() method return ssh-rsa-...@openssh.com, but I can't seem to figure out how to turn that publickey into a struct ssh.Certificate.

Nevermind, I think I've figured it out:

cert, err := ssh.ParsePublicKey(keyBytes)
if err != nil { return err }

sshCert, ok := cert.(*ssh.Certificate)

Thanks for pointing me in the right direction!

(I have a lot to learn about go)

Cheers,
peter


On Tuesday, July 7, 2015 at 7:12:54 PM UTC-6, Peter Moody wrote:
I can see how to easily generate new signed ssh certificates, but I can't figure out how to load previously generated certs using go. What's the correct way to load a previously signed ssh cert in go?

Cheers

--
You received this message because you are subscribed to a topic in the Google Groups "golang-nuts" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/golang-nuts/EwcZSZZMsko/unsubscribe.
To unsubscribe from this group and all its topics, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jonathan Pittman

unread,
Jul 17, 2015, 5:36:51 PM7/17/15
to Peter Moody, golang-nuts
Yep, that's pretty much it.

pmo...@uber.com

unread,
Jul 17, 2015, 6:18:05 PM7/17/15
to golan...@googlegroups.com
(sorry for the late reply, I guess groups didn't' auto-sub me to this thread I started).

On Wednesday, July 8, 2015 at 6:37:32 PM UTC-7, Jonathan Pittman wrote:
Do you mean a cert from a file such as one generated by openssh?  Something like id_rsa-cert.pub?

If so, then you most likely want ParseAuthorizedKey.

If the cert is in memory or stored in a database as just the key/cert bytes and is not base64 encoded, then this may be what you want.

ParseAuthorizedKey eventually calls ParsePublicKey after doing the base64 decoding (and also stripping off newlines, the leading format string, and the trailing comment commonly found in the file).

I'm probably missing something obvious but I'm looking for something that will return an ssh.Certificate that I can add to an ssh agent. ParsePublicKey(certBytes) works, and it returns something who's Type() method claims that it's ssh-rsa-...@openssh.com, but I can't see how to cast those bytes into an ssh.Certificate.
Reply all
Reply to author
Forward
0 new messages