The ssh-key
crate is a pure Rust implementation of an OpenSSH key parser, leveraging the base64ct
crate for constant-time Base64 parsing:
- repo: formats/ssh-key at master · RustCrypto/formats · GitHub
- crate: https://crates.io/crates/ssh-key
- docs: ssh_key - Rust
It supports keys for the four main signature algorithms used for SSH authentication (DSA, ECDSA, Ed25519, and RSA).
DSA and RSA support are gated under an optional alloc
feature. ECDSA and Ed25519 are supported on "heapless" targets and do not depend on the alloc
feature.
Constant-time parsing is important to prevent private keys from being leaked by timing side channels. The recent Util::Lookup
paper demonstrates exfiltration of secrets from SGX enclaves due to timing variability from non-constant-time parsers.
This crate is relatively new and still has a laundry list of TODO items such as support for password-protected encrypted private keys. We hope to implement this feature in the next release.
Enjoy!