[crypto] Ad-hoc deserialization from ssh-keygen armored files

[huitseeker]

For genesis, we have node runners that like to generate their keypair (EdDSA) from the ssh-keygen tool (a well-trusted implementation).

We would like to be able to import and deserialize an EdDSA keypair as generated from ssk-keygen, which means interpreting the armored format for the private key. We would add this functionality as a simple pub function in out ed25519.rs, which would be integrated in our tooling Sui-side.

The rust crate rust-sshkeys provides a lot of tooling for reading the ssh pem files, but unfortunately, at the moment, only reads Pubkeys (whereas we would like to generate a keypair, hence reading private keys).

[joyqvq]

do we want to support passphrase protected keys? if so, this may be a bit of more work. also there seems to be few versions of the PEM format, may be a bigger scope to support all of them.

I started on a branch armored-key and plan to use https://github.com/Leo1003/rust-osshkeys and realized few missing features and there isn't a matured library to support this. i may need to patch the library - documenting my progress here

[huitseeker]

I think at this stage the goal is to let folks use a tool they like and trust to generate their key. The goal is to first support one of the ways to generate a key with ssh-keygen (e.g. with no passphrase, one format only). We can leave the extension of that core of functionality for a second iteration.

[kchalkias]

cc: @huitseeker and @joyqvq is this still an active issue?

[joyqvq]

this is still useful. let me revisit this next week.

[joyqvq]

https://github.com/MystenLabs/base64pemkey