You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to use a crypto.Signer as a private key for an SSH Agent. This would allow using keys that are stored on an HSM or have other reasons that a full *rsa.PrivateKey is not available. Creating an ssh.Signer from a crypto.Signer is provided by the ssh.NewSignerFromSigner function, but because of the agent.Agent interface, they are not possible to add to the SSH Agent.
I believe any other implementations of the agent.Agent interface also follow this pattern, because the other methods of the interface require ssh.Signer as a return value.
Happy to submit a CL if there is agreement on how to best do this.
The text was updated successfully, but these errors were encountered:
To avoid adding another method to the agent.Agent interface, one idea for a change would be to add an ssh.Signer field to the AddedKey struct. If this field is present, the Add() method would ignore the PrivateKey and Certificate fields, and add the Signer directly to the its internal storage, but this might break upgrading code that only looks at the existing fields, since they would be nil in this case.
1. What version of Go are you using (
go version
)?go1.7rc3
3. What did you do?
I want to use a
crypto.Signer
as a private key for an SSH Agent. This would allow using keys that are stored on an HSM or have other reasons that a full*rsa.PrivateKey
is not available. Creating anssh.Signer
from acrypto.Signer
is provided by the ssh.NewSignerFromSigner function, but because of theagent.Agent
interface, they are not possible to add to the SSH Agent.This is likely a change needed for #16304.
4. What did you expect to see?
https://godoc.org/golang.org/x/crypto/ssh/agent#AddedKey
The
agent.AddedKey
struct is used in theagent.Agent
interface, through theAdd()
method.AddedKey
asks for a Private Key (usinginterface{}
), and optionally an SSH Certificate*ssh.Certificate
.The
keyring
implementation of Add() then converts these into anssh.Signer
interface : https://github.com/golang/crypto/blob/bc89c496413265e715159bdc8478ee9a92fdc265/ssh/agent/keyring.go#L127-L152I believe any other implementations of the
agent.Agent
interface also follow this pattern, because the other methods of the interface requiressh.Signer
as a return value.Happy to submit a CL if there is agreement on how to best do this.
The text was updated successfully, but these errors were encountered: