In [3]:
#!/usr/bin/env python3
"""
Parse OpenSSH-style Ed25519 keys generated by ssh-keygen.

Functions
---------
parse_ed25519_pub(line_or_path)          → dict
parse_ed25519_priv(path, passphrase=None)→ dict
"""

import base64
import pathlib
import struct
from typing import Tuple, Dict, Union

# --------------------------------------------------------------------------- #
# Helper: SSH “string” = 4-byte big-endian length prefix + data
# --------------------------------------------------------------------------- #
def _read_string(buf: bytes, offset: int = 0) -> Tuple[bytes, int]:
    """Return (string_bytes, new_offset)."""
    if offset + 4 > len(buf):
        raise ValueError("Truncated SSH string")
    length = struct.unpack(">I", buf[offset:offset + 4])[0]
    start, end = offset + 4, offset + 4 + length
    if end > len(buf):
        raise ValueError("Truncated SSH string payload")
    return buf[start:end], end


# --------------------------------------------------------------------------- #
# Public-key (*.pub) parser
# --------------------------------------------------------------------------- #
def parse_ed25519_pub(src: Union[str, pathlib.Path]) -> Dict[str, bytes]:
    """
    Accepts a one-line public-key string or the path to a *.pub file.
    Returns {'algorithm': b'ssh-ed25519', 'pubkey': 32-byte bytes, 'comment': str}.
    """
    if pathlib.Path(src).exists():
        line = pathlib.Path(src).read_text(encoding="utf-8").strip()
    else:
        line = str(src).strip()

    alg, b64, *maybe_comment = line.split(maxsplit=2)
    if alg != "ssh-ed25519":
        raise ValueError("Not an Ed25519 public key")
    raw = base64.b64decode(b64)

    # raw =  SSH string "ssh-ed25519"  || SSH string 32-byte-PK
    alg_str, off = _read_string(raw, 0)
    if alg_str != b"ssh-ed25519":
        raise ValueError("Mismatched algorithm inside blob")

    pubkey_bytes, off = _read_string(raw, off)
    if len(pubkey_bytes) != 32:
        raise ValueError("Ed25519 public key must be 32 bytes")

    return {
        "algorithm": alg_str.decode(),      # ← decode once here
        "pubkey": pubkey_bytes,
        "comment": maybe_comment[0] if maybe_comment else "",
    }


# --------------------------------------------------------------------------- #
# Private-key (-----BEGIN OPENSSH PRIVATE KEY-----) parser
# --------------------------------------------------------------------------- #
def parse_ed25519_priv(path: Union[str, pathlib.Path],
                       passphrase: bytes | None = None) -> Dict[str, bytes]:
    """
    Supports un-encrypted keys (ciphername == 'none').
    Raises NotImplementedError for encrypted keys.
    Returns a dict with public key, 32-byte seed, 64-byte expanded key & comment.
    """
    text = pathlib.Path(path).read_text()
    header = "-----BEGIN OPENSSH PRIVATE KEY-----"
    footer = "-----END OPENSSH PRIVATE KEY-----"
    if header not in text:
        raise ValueError("Missing BEGIN line")

    b64 = "".join(
        line.strip() for line in text.splitlines()
        if line and not line.startswith("----")
    )
    blob = base64.b64decode(b64)

    # 1. Preamble “openssh-key-v1\0”
    magic = b"openssh-key-v1\x00"
    if not blob.startswith(magic):
        raise ValueError("Not an OpenSSH-v1 private key")
    off = len(magic)

    # 2. Header strings
    ciphername, off = _read_string(blob, off)
    kdfname, off     = _read_string(blob, off)
    kdfopts, off     = _read_string(blob, off)
    nkeys  = struct.unpack(">I", blob[off:off + 4])[0]
    off += 4
    if nkeys != 1:
        raise ValueError("Parser supports exactly one key")

    # 3. Skip the public-key copy that follows
    _, off = _read_string(blob, off)

    # 4. Private-key blob (possibly encrypted)
    pk_block_len = struct.unpack(">I", blob[off:off + 4])[0]
    off += 4
    pk_block = blob[off:off + pk_block_len]

    if ciphername != b"none":
        raise NotImplementedError(
            f"Key is encrypted with {ciphername.decode()}, "
            "supply passphrase & add decryption support."
        )

    inner_off = 0
    check1, check2 = struct.unpack(">II", pk_block[inner_off:inner_off + 8])
    inner_off += 8
    if check1 != check2:
        raise ValueError("Failing check-ints → wrong passphrase?")

    key_type, inner_off = _read_string(pk_block, inner_off)
    if key_type != b"ssh-ed25519":
        raise ValueError("Not an Ed25519 key")

    pubkey,  inner_off = _read_string(pk_block, inner_off)
    privkey, inner_off = _read_string(pk_block, inner_off)
    comment, inner_off = _read_string(pk_block, inner_off)

    if len(privkey) != 64 or len(pubkey) != 32:
        raise ValueError("Unexpected Ed25519 key lengths")
    seed = privkey[:32]          # first half of 64-byte expanded key

    # padding bytes 0x01,0x02,… can be ignored

    return {
        "algorithm": key_type.decode(),     # ← decode here too
        "pubkey": pubkey,
        "seed": seed,
        "expanded_privkey": privkey,
        "comment": comment.decode("utf-8", "replace"),
    }


# --------------------------------------------------------------------------- #
# Demo
# --------------------------------------------------------------------------- #
if __name__ == "__main__":
    import argparse, json, binascii

    #p = argparse.ArgumentParser(description="Inspect ssh-ed25519 keys")
    #p.add_argument("file", help="*.pub or private key file")
    #args = p.parse_args()

    path = pathlib.Path("key")
    if path.suffix == ".pub":
        info = parse_ed25519_pub(path)
        info["pubkey_hex"] = binascii.hexlify(info.pop("pubkey")).decode()
    else:
        info = parse_ed25519_priv(path)
        info["pubkey_hex"]   = binascii.hexlify(info.pop("pubkey")).decode()
        info["seed_hex"]     = binascii.hexlify(info.pop("seed")).decode()
        info["privkey_hex"]  = binascii.hexlify(info.pop("expanded_privkey")).decode()

    print(json.dumps(info, indent=2))
    

    path = pathlib.Path("key.pub")
    if path.suffix == ".pub":
        info = parse_ed25519_pub(path)
        info["pubkey_hex"] = binascii.hexlify(info.pop("pubkey")).decode()
    else:
        info = parse_ed25519_priv(path)
        info["pubkey_hex"]   = binascii.hexlify(info.pop("pubkey")).decode()
        info["seed_hex"]     = binascii.hexlify(info.pop("seed")).decode()
        info["privkey_hex"]  = binascii.hexlify(info.pop("expanded_privkey")).decode()

    print(json.dumps(info, indent=2))

{
  "algorithm": "ssh-ed25519",
  "comment": "duruozer13@gmail.com",
  "pubkey_hex": "9d65ed157550e00c3d094fdcc8fd747659c61b5f5adce10c055b7c84fe7e615b",
  "seed_hex": "81d5b6e7df169cbab1160f5f12eb5826cc25524e858e28c56c0c4e12ae0e29b2",
  "privkey_hex": "81d5b6e7df169cbab1160f5f12eb5826cc25524e858e28c56c0c4e12ae0e29b29d65ed157550e00c3d094fdcc8fd747659c61b5f5adce10c055b7c84fe7e615b"
}
{
  "algorithm": "ssh-ed25519",
  "comment": "duruozer13@gmail.com",
  "pubkey_hex": "9d65ed157550e00c3d094fdcc8fd747659c61b5f5adce10c055b7c84fe7e615b"
}


echo "Hello, World" | ssh-keygen -Y sign -n file -f key > content.sig
echo "Hello, World" | ssh-keygen -Y check-novalidate -n file -f key.pub -s content.sig

In [5]:
#!/usr/bin/env python3
"""
Make an OpenSSH “SSHSIG” signature identical to

    echo "Hello, World" | ssh-keygen -Y sign -n file -f key > content.sig

✓ ED25519 keys (OpenSSH “OPENSSH PRIVATE KEY” format)
✓ SHA-256 pre-hash (OpenSSH default for -n file)
✓ Armoured output (-----BEGIN SSH SIGNATURE----- …)
"""

import base64, struct, hashlib, textwrap, sys, pathlib
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey

# ────────────────────────────────────────────────────────────────────────────────
# RFC-4253 helpers
def ssh_string(payload: bytes) -> bytes:
    """SSH wire-format string = 4-byte big-endian length + payload."""
    return struct.pack(">I", len(payload)) + payload


# ────────────────────────────────────────────────────────────────────────────────
def load_ed25519_private_key(path: pathlib.Path, passphrase: bytes | None = None
                             ) -> Ed25519PrivateKey:
    with path.open("rb") as fh:
        key_blob = fh.read()
    key = serialization.load_ssh_private_key(key_blob, password=passphrase)
    if not isinstance(key, Ed25519PrivateKey):
        raise TypeError(f"{path} is not an ED25519 private key")
    return key


def build_sshsig(message: bytes,
                 key_path: str | pathlib.Path,
                 namespace: str = "file",
                 hash_alg: str = "sha256",
                 passphrase: bytes | None = None) -> str:
    """
    Return a complete armour-wrapped SSHSIG signature.
    """
    key_path = pathlib.Path(key_path)
    sk: Ed25519PrivateKey = load_ed25519_private_key(key_path, passphrase)
    pk_bytes = sk.public_key().public_bytes(
        encoding=serialization.Encoding.Raw,
        format=serialization.PublicFormat.Raw,
    )

    alg_name = b"ssh-ed25519"
    ns = namespace.encode()
    hash_alg_b = hash_alg.encode()

    # 1) Pre-hash the message (OpenSSH does this before signing)
    digest = hashlib.new(hash_alg, message).digest()

    # 2) Build the *signed data* (wrapper)
    signed_data = (
        b"SSHSIG"
        + ssh_string(ns)
        + ssh_string(b"")              # reserved (empty)
        + ssh_string(hash_alg_b)
        + ssh_string(digest)
    )

    # 3) Make the raw 64-byte ED25519 signature (deterministic)
    sig_raw = sk.sign(signed_data)

    # 4) Build the “signature” field (itself an SSH string containing
    #    algorithm name + signature bytes).
    sig_field = ssh_string(alg_name) + ssh_string(sig_raw)
    sig_string = ssh_string(sig_field)

    # 5) Public-key field (algorithm name + 32-byte public key)
    pubkey_field = ssh_string(alg_name) + ssh_string(pk_bytes)
    pubkey_string = ssh_string(pubkey_field)

    # 6) Entire SSHSIG *blob* (binary, before base64)
    blob = (
        b"SSHSIG"
        + struct.pack(">I", 1)         # version 1
        + pubkey_string
        + ssh_string(ns)
        + ssh_string(b"")              # reserved
        + ssh_string(hash_alg_b)
        + sig_string
    )

    # 7) ASCII-armor (70-column wrap per PROTOCOL.sshsig)
    b64 = base64.b64encode(blob).decode()
    wrapped = "\n".join(textwrap.wrap(b64, 70))
    return (
        "-----BEGIN SSH SIGNATURE-----\n"
        f"{wrapped}\n"
        "-----END SSH SIGNATURE-----\n"
    )


# ────────────────────────────────────────────────────────────────────────────────
if __name__ == "__main__":
    # Message as echoed by `echo "Hello, World"` (trailing LF!)
    msg = b"Hello, World\n"

    sig_text = build_sshsig(msg, "key", hash_alg="sha512") # adjust path / passphrase as needed
    sys.stdout.write(sig_text)           # ➜ identical to content.sig


-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgnWXtFXVQ4Aw9CU/cyP10dlnGG1
9a3OEMBVt8hP5+YVsAAAAEZmlsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQyNTUx
OQAAAEA1JM2XODdWCunfw/5v4RjSj1ki+SjAuc/orl/4jJS5oIGBObAJFaAVy12RCXoDgq
/o0EPNa4it/7dEfIRM3asG
-----END SSH SIGNATURE-----
