1 // Copyright 2015 Joyent, Inc.
5 readSSHPrivate: readSSHPrivate,
9 var assert = require('assert-plus');
10 var asn1 = require('asn1');
11 var algs = require('../algs');
12 var utils = require('../utils');
13 var crypto = require('crypto');
15 var Key = require('../key');
16 var PrivateKey = require('../private-key');
17 var pem = require('./pem');
18 var rfc4253 = require('./rfc4253');
19 var SSHBuffer = require('../ssh-buffer');
21 function read(buf, options) {
22 return (pem.read(buf, options));
25 var MAGIC = 'openssh-key-v1';
27 function readSSHPrivate(type, buf) {
28 buf = new SSHBuffer({buffer: buf});
30 var magic = buf.readCString();
31 assert.strictEqual(magic, MAGIC, 'bad magic string');
33 var cipher = buf.readString();
34 var kdf = buf.readString();
36 /* We only support unencrypted keys. */
37 if (cipher !== 'none' || kdf !== 'none') {
38 throw (new Error('OpenSSH-format key is encrypted ' +
39 '(password-protected). Please use the SSH agent ' +
40 'or decrypt the key.'));
43 /* Skip over kdfoptions. */
46 var nkeys = buf.readInt();
48 throw (new Error('OpenSSH-format key file contains ' +
49 'multiple keys: this is unsupported.'));
52 var pubKey = buf.readBuffer();
54 if (type === 'public') {
55 assert.ok(buf.atEnd(), 'excess bytes left after key');
56 return (rfc4253.read(pubKey));
59 var privKeyBlob = buf.readBuffer();
60 assert.ok(buf.atEnd(), 'excess bytes left after key');
62 buf = new SSHBuffer({buffer: privKeyBlob});
64 var checkInt1 = buf.readInt();
65 var checkInt2 = buf.readInt();
66 assert.strictEqual(checkInt1, checkInt2, 'checkints do not match');
69 var key = rfc4253.readInternal(ret, 'private', buf.remainder());
71 buf.skip(ret.consumed);
73 var comment = buf.readString();
74 key.comment = comment;
79 function write(key, options) {
81 if (PrivateKey.isPrivateKey(key))
82 pubKey = key.toPublic();
87 if (PrivateKey.isPrivateKey(key)) {
88 privBuf = new SSHBuffer({});
89 var checkInt = crypto.randomBytes(4).readUInt32BE(0);
90 privBuf.writeInt(checkInt);
91 privBuf.writeInt(checkInt);
92 privBuf.write(key.toBuffer('rfc4253'));
93 privBuf.writeString(key.comment || '');
96 while (privBuf._offset % 8 !== 0)
97 privBuf.writeChar(n++);
100 var buf = new SSHBuffer({});
102 buf.writeCString(MAGIC);
103 buf.writeString('none'); /* cipher */
104 buf.writeString('none'); /* kdf */
105 buf.writeBuffer(new Buffer(0)); /* kdfoptions */
107 buf.writeInt(1); /* nkeys */
108 buf.writeBuffer(pubKey.toBuffer('rfc4253'));
111 buf.writeBuffer(privBuf.toBuffer());
113 buf = buf.toBuffer();
116 if (PrivateKey.isPrivateKey(key))
117 header = 'OPENSSH PRIVATE KEY';
119 header = 'OPENSSH PUBLIC KEY';
121 var tmp = buf.toString('base64');
122 var len = tmp.length + (tmp.length / 70) +
123 18 + 16 + header.length*2 + 10;
124 buf = new Buffer(len);
126 o += buf.write('-----BEGIN ' + header + '-----\n', o);
127 for (var i = 0; i < tmp.length; ) {
129 if (limit > tmp.length)
131 o += buf.write(tmp.slice(i, limit), o);
135 o += buf.write('-----END ' + header + '-----\n', o);
137 return (buf.slice(0, o));