Builder

ssh_key::certificate

Struct Builder 

Source 
pub struct Builder { /* private fields */ }
Available on crate feature alloc only.
Expand description

OpenSSH certificate builder.

This type provides the core functionality of an OpenSSH certificate authority.

It can build and sign OpenSSH certificates.

§Principals

Certificates are valid for a specific set of principal names:

When building a certificate, you will either need to specify principals by calling Builder::valid_principal one or more times, or explicitly marking a certificate as valid for all principals (i.e. “golden ticket”) using the Builder::all_principals_valid method.

§Example

use ssh_key::{Algorithm, PrivateKey, certificate, rand_core::OsRng};
use std::time::{SystemTime, UNIX_EPOCH};

// Generate the certificate authority's private key
let ca_key = PrivateKey::random(&mut OsRng, Algorithm::Ed25519)?;

// Generate a "subject" key to be signed by the certificate authority.
// Normally a user or host would do this locally and give the certificate
// authority the public key.
let subject_private_key = PrivateKey::random(&mut OsRng, Algorithm::Ed25519)?;
let subject_public_key = subject_private_key.public_key();

// Create certificate validity window
let valid_after = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs();
let valid_before = valid_after + (365 * 86400); // e.g. 1 year

// Initialize certificate builder
let mut cert_builder = certificate::Builder::new_with_random_nonce(
   &mut OsRng,
   subject_public_key,
   valid_after,
   valid_before,
)?;
cert_builder.serial(42)?; // Optional: serial number chosen by the CA
cert_builder.key_id("nobody-cert-02")?; // Optional: CA-specific key identifier
cert_builder.cert_type(certificate::CertType::User)?; // User or host certificate
cert_builder.valid_principal("nobody")?; // Unix username or hostname
cert_builder.comment("nobody@example.com")?; // Comment (typically an email address)

// Sign and return the `Certificate` for `subject_public_key`
let cert = cert_builder.sign(&ca_key)?;

Implementations§

Source§

impl Builder

Source

pub const RECOMMENDED_NONCE_SIZE: usize = 16usize

Recommended size for a nonce.

Source

pub fn new( nonce: impl Into<Vec<u8>>, public_key: impl Into<KeyData>, valid_after: u64, valid_before: u64, ) -> Result<Self>

Create a new certificate builder for the given subject’s public key.

Also requires a nonce (random value typically 16 or 32 bytes long) and the validity window of the certificate as Unix seconds.

Source

pub fn new_with_validity_times( nonce: impl Into<Vec<u8>>, public_key: impl Into<KeyData>, valid_after: SystemTime, valid_before: SystemTime, ) -> Result<Self>

Available on crate feature std only.

Create a new certificate builder with the validity window specified using SystemTime values.

Source

pub fn new_with_random_nonce( rng: &mut impl CryptoRngCore, public_key: impl Into<KeyData>, valid_after: u64, valid_before: u64, ) -> Result<Self>

Available on crate feature rand_core only.

Create a new certificate builder, generating a random nonce using the provided random number generator.

Source

pub fn serial(&mut self, serial: u64) -> Result<&mut Self>

Set certificate serial number.

Default: 0.

Source

pub fn cert_type(&mut self, cert_type: CertType) -> Result<&mut Self>

Set certificate type: user or host.

Default: CertType::User.

Source

pub fn key_id(&mut self, key_id: impl Into<String>) -> Result<&mut Self>

Set key ID: label to identify this particular certificate.

Default ""

Source

pub fn valid_principal( &mut self, principal: impl Into<String>, ) -> Result<&mut Self>

Add a principal (i.e. username or hostname) to valid_principals.

Source

pub fn all_principals_valid(&mut self) -> Result<&mut Self>

Mark this certificate as being valid for all principals.

§⚠️ Security Warning

Use this method with care! It generates “golden ticket” certificates which can e.g. authenticate as any user on a system, or impersonate any host.

Source

pub fn critical_option( &mut self, name: impl Into<String>, data: impl Into<String>, ) -> Result<&mut Self>

Add a critical option to this certificate.

Critical options must be recognized or the certificate must be rejected.

Source

pub fn extension( &mut self, name: impl Into<String>, data: impl Into<String>, ) -> Result<&mut Self>

Add an extension to this certificate.

Extensions can be unrecognized without impacting the certificate.

Source

pub fn comment(&mut self, comment: impl Into<String>) -> Result<&mut Self>

Add a comment to this certificate.

Default ""

Source

pub fn sign<S: SigningKey>(self, signing_key: &S) -> Result<Certificate>

Sign the certificate using the provided signer type.

The PrivateKey type can be used as a signer.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

Layout§

Note: Most layout information is completely unstable and may even differ between compilations. The only exception is types with certain repr(...) attributes. Please see the Rust Reference's “Type Layout” chapter for details on type layout guarantees.

Size: 352 bytes