[ANN] `ssh-key` v0.2.0: no_std-friendly constant-time parser for OpenSSH private/public keys

The ssh-key crate is a pure Rust implementation of an OpenSSH key parser, leveraging the base64ct crate for constant-time Base64 parsing:

It supports keys for the four main signature algorithms used for SSH authentication (DSA, ECDSA, Ed25519, and RSA).

DSA and RSA support are gated under an optional alloc feature. ECDSA and Ed25519 are supported on "heapless" targets and do not depend on the alloc feature.

Constant-time parsing is important to prevent private keys from being leaked by timing side channels. The recent Util::Lookup paper demonstrates exfiltration of secrets from SGX enclaves due to timing variability from non-constant-time parsers.

This crate is relatively new and still has a laundry list of TODO items such as support for password-protected encrypted private keys. We hope to implement this feature in the next release.

Enjoy!

7 Likes