-
Notifications
You must be signed in to change notification settings - Fork 4
/
ssh-keygen.go
134 lines (115 loc) · 2.22 KB
/
ssh-keygen.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"flag"
"fmt"
"log"
"os"
"golang.org/x/crypto/ssh"
)
var (
bitsize = flag.Int("b", 0, "bit size")
keytype = flag.String("t", "rsa", "type of key to create")
)
func main() {
log.SetFlags(0)
log.SetPrefix("ssh-keygen: ")
flag.Usage = usage
flag.Parse()
if *bitsize == 0 {
switch *keytype {
case "rsa":
*bitsize = 4096
case "ecdsa":
*bitsize = 521
}
}
err := gen(*keytype, *bitsize)
if err != nil {
log.Fatal(err)
}
}
func usage() {
fmt.Fprintln(os.Stderr, "usage: ssh-keygen [options]")
flag.PrintDefaults()
fmt.Fprintln(os.Stderr, "supported key types: rsa ecdsa")
os.Exit(2)
}
func gen(keytype string, bitsize int) error {
var (
priv, pub interface{}
pemblock pem.Block
)
switch keytype {
case "rsa":
rsapriv, err := genrsa(bitsize)
if err != nil {
return err
}
priv = rsapriv
pub = &rsapriv.PublicKey
privder, err := x509.MarshalPKCS8PrivateKey(priv)
if err != nil {
return err
}
pemblock = pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: privder,
}
case "ecdsa":
var curve elliptic.Curve
switch bitsize {
case 224:
curve = elliptic.P224()
case 256:
curve = elliptic.P256()
case 384:
curve = elliptic.P384()
case 521:
curve = elliptic.P521()
default:
return fmt.Errorf("unsupported ecdsa size %d", bitsize)
}
ecdsapriv, err := ecdsa.GenerateKey(curve, rand.Reader)
if err != nil {
return err
}
priv = ecdsapriv
pub = &ecdsapriv.PublicKey
privec, err := x509.MarshalECPrivateKey(ecdsapriv)
if err != nil {
return err
}
pemblock = pem.Block{
Type: "EC PRIVATE KEY",
Bytes: privec,
}
default:
return fmt.Errorf("unsupported key type %q", keytype)
}
sshpub, err := ssh.NewPublicKey(pub)
if err != nil {
return err
}
privdata := pem.EncodeToMemory(&pemblock)
pubdata := ssh.MarshalAuthorizedKey(sshpub)
fmt.Printf("%s", privdata)
fmt.Printf("%s", pubdata)
return err
}
func genrsa(bitsize int) (*rsa.PrivateKey, error) {
priv, err := rsa.GenerateKey(rand.Reader, bitsize)
if err != nil {
return nil, err
}
err = priv.Validate()
if err != nil {
return nil, err
}
return priv, nil
}