sshsig

This Go library implements the SSHSIG wire protocol, and can be used to sign and verify messages using SSH keys.

Compared to other implementations, this library does all the following:

Accepts an io.Reader as input for signing and verifying messages.
Performs simple public key fingerprint and namespace mismatch checks in Verify. Malicious input will still fail signature verification, but this provides more useful error messages.
Properly uses ssh-sha2-512 as signature algorithm when signing with an RSA private key, as described in the protocol.
Does not accept a Sign operation without a namespace as specified in the protocol.
Allows Verify operations to be performed without a namespace, ensuring compatibility with loose implementations.
Provides Armor and Unarmor functions to encode/decode the signature to/from an (armored) PEM format.

For more information about the use of this library, see the Go Reference.

Acknowledgements

There are several other implementations of the SSHSIG protocol in Go, from which this library has borrowed ideas:

Name		Name	Last commit message	Last commit date
Latest commit History 115 Commits
.github		.github
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
armor.go		armor.go
armor_test.go		armor_test.go
doc.go		doc.go
example_test.go		example_test.go
go.mod		go.mod
go.sum		go.sum
hash.go		hash.go
internal_test.go		internal_test.go
openssh_test.go		openssh_test.go
sign.go		sign.go
sign_test.go		sign_test.go
verify.go		verify.go
verify_test.go		verify_test.go
wire.go		wire.go
wire_test.go		wire_test.go