Package: wnpp
Severity: wishlist
Owner: Simon Josefsson <simon@josefsson.org>
* Package name : golang-github-hiddeco-sshsig
Version : 0.1.0-1
Upstream Author : Hidde Beydals
* URL : https://github.com/hiddeco/sshsig
* License : Apache-2.0
Programming Lang: Go
Description : SSH Signature: sign and verify messages using SSH keys (Go library)
This Go library implements the SSHSIG wire protocol
(https://github.com/openssh/openssh-
portable/blob/V_9_2_P1/PROTOCOL.sshsig), and can be used to sign and
verify messages using SSH keys.
.
Compared to other implementations, this library does all the following:
.
* Accepts an io.Reader as input for signing and verifying messages.
* Performs simple public key fingerprint and namespace mismatch checks
in
Verify. Malicious input will still fail signature verification, but
this
provides more useful error messages.
* Properly uses ssh-sha2-512 as signature algorithm when signing with an
RSA
private key, as described in the protocol
(https://github.com/openssh/openssh-
portable/blob/V_9_2_P1/PROTOCOL.sshsig#L69-L72).
* Does not accept a Sign operation without a namespace as specified in
the
protocol (https://github.com/openssh/openssh-
portable/blob/V_9_2_P1/PROTOCOL.sshsig#L57).
* Allows Verify operations to be performed without a namespace,
ensuring
compatibility with loose implementations.
* Provides Armor and Unarmor functions to encode/decode the signature
to/from an (armored) PEM format.
.
For more information about the use of this library, see the Go Reference
(https://pkg.go.dev/github.com/hiddeco/sshsig).
https://salsa.debian.org/go-team/packages/golang-github-hiddeco-sshsig
/Simon
Attachment:
signature.asc
Description: PGP signature