ssh-key crate is a pure Rust implementation of an OpenSSH key parser, leveraging the
base64ct crate for constant-time Base64 parsing:
- repo: formats/ssh-key at master · RustCrypto/formats · GitHub
- crate: https://crates.io/crates/ssh-key
- docs: ssh_key - Rust
It supports keys for the four main signature algorithms used for SSH authentication (DSA, ECDSA, Ed25519, and RSA).
DSA and RSA support are gated under an optional
alloc feature. ECDSA and Ed25519 are supported on "heapless" targets and do not depend on the
Constant-time parsing is important to prevent private keys from being leaked by timing side channels. The recent
Util::Lookup paper demonstrates exfiltration of secrets from SGX enclaves due to timing variability from non-constant-time parsers.
This crate is relatively new and still has a laundry list of TODO items such as support for password-protected encrypted private keys. We hope to implement this feature in the next release.