Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh/agent: Support ssh.Signer for AddedKey #16524

Open
pquerna opened this issue Jul 28, 2016 · 1 comment
Open

x/crypto/ssh/agent: Support ssh.Signer for AddedKey #16524

pquerna opened this issue Jul 28, 2016 · 1 comment
Milestone

Comments

@pquerna
Copy link

@pquerna pquerna commented Jul 28, 2016

1. What version of Go are you using (go version)?

go1.7rc3

3. What did you do?

I want to use a crypto.Signer as a private key for an SSH Agent. This would allow using keys that are stored on an HSM or have other reasons that a full *rsa.PrivateKey is not available. Creating an ssh.Signer from a crypto.Signer is provided by the ssh.NewSignerFromSigner function, but because of the agent.Agent interface, they are not possible to add to the SSH Agent.

This is likely a change needed for #16304.

4. What did you expect to see?

https://godoc.org/golang.org/x/crypto/ssh/agent#AddedKey

The agent.AddedKey struct is used in the agent.Agent interface, through the Add() method.

AddedKey asks for a Private Key (using interface{}), and optionally an SSH Certificate *ssh.Certificate.

The keyring implementation of Add() then converts these into an ssh.Signer interface : https://github.com/golang/crypto/blob/bc89c496413265e715159bdc8478ee9a92fdc265/ssh/agent/keyring.go#L127-L152

I believe any other implementations of the agent.Agent interface also follow this pattern, because the other methods of the interface require ssh.Signer as a return value.

Happy to submit a CL if there is agreement on how to best do this.

@pquerna

This comment has been minimized.

Copy link
Author

@pquerna pquerna commented Jul 28, 2016

To avoid adding another method to the agent.Agent interface, one idea for a change would be to add an ssh.Signer field to the AddedKey struct. If this field is present, the Add() method would ignore the PrivateKey and Certificate fields, and add the Signer directly to the its internal storage, but this might break upgrading code that only looks at the existing fields, since they would be nil in this case.

@quentinmit quentinmit added this to the Unreleased milestone Aug 1, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.