Socket
Socket
Sign inDemoInstall

sshpk

Package Overview
Dependencies
2
Maintainers
1
Versions
50
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

    sshpk

A library for finding and using SSH public keys

Version published
Weekly downloads
18M
decreased by-1.76%
Maintainers
1
Install size
89.7 kB
Created
Weekly downloads
 

Package description

What is sshpk?

The sshpk npm package is a tool for parsing and generating SSH public and private keys. It supports various key types, including RSA, DSA, ECDSA, and Ed25519. It can also handle certificate formats such as SSH, X.509, and others. The package is useful for applications that need to manage or interact with SSH keys and certificates.

What are sshpk's main functionalities?

Parsing SSH keys

This feature allows you to parse SSH public keys from strings or files. The code sample demonstrates how to read an SSH public key from a file and parse it using sshpk.

const sshpk = require('sshpk');
const fs = require('fs');

const keyData = fs.readFileSync('path/to/ssh/key.pub', 'utf-8');
const key = sshpk.parseKey(keyData, 'ssh');

Generating SSH keys

This feature enables the generation of new SSH keys. The code sample shows how to generate a new RSA key with a 2048-bit length.

const sshpk = require('sshpk');

const key = sshpk.generateKey('rsa', 2048);

Converting keys to different formats

This feature allows you to convert SSH keys to different formats, such as PEM. The code sample demonstrates how to parse an SSH key and then convert it to PEM format.

const sshpk = require('sshpk');
const fs = require('fs');

const keyData = fs.readFileSync('path/to/ssh/key.pub', 'utf-8');
const key = sshpk.parseKey(keyData, 'ssh');
const pemKey = key.toBuffer('pem');

Fingerprinting keys

This feature is used to generate a fingerprint of an SSH key, which can be used for verifying identity. The code sample shows how to parse an SSH key and generate its fingerprint using SHA-256.

const sshpk = require('sshpk');
const fs = require('fs');

const keyData = fs.readFileSync('path/to/ssh/key.pub', 'utf-8');
const key = sshpk.parseKey(keyData, 'ssh');
const fingerprint = key.fingerprint('sha256').toString();

Other packages similar to sshpk

    node-forge

    node-forge is a JavaScript implementation of various network protocols, including TLS. It can also parse and generate keys, similar to sshpk, but it has a broader scope that includes encryption, decryption, and other cryptographic operations.

    pem

    pem is a package that can generate and manage PEM files. It is similar to sshpk in that it can handle key generation and conversion to PEM format, but it is specifically focused on PEM file management and SSL certificate creation.

    keypair

    keypair is a simple library for generating RSA private and public keys. It is similar to sshpk's key generation feature but is limited to RSA and does not support other key types or parsing.

Readme

Source

sshpk

Parse, convert, fingerprint and use SSH public keys in pure node -- no ssh-keygen or other external dependencies.

Supports RSA, DSA and ECDSA (nistp-*) key types. Can also parse SSH private keys in PEM format and output their public half.

This library has been extracted from node-http-signature (work by Mark Cavage and Dave Eddy) and node-ssh-fingerprint (work by Dave Eddy), with some additions (including ECDSA support) by Alex Wilson.

Install

npm install sshpk

Examples

var sshpk = require('sshpk');

var fs = require('fs');

/* Read in an OpenSSH-format public key */
var keyPub = fs.readFileSync('id_rsa.pub');
var key = sshpk.parseKey(keyPub, 'ssh');

/* Get metadata about the key */
console.log('type => %s', key.type);
console.log('size => %d bits', key.size);
console.log('comment => %s', key.comment);

/* Compute key fingerprints, in new OpenSSH (>6.7) format, and old MD5 */
console.log('fingerprint => %s', key.fingerprint().toString());
console.log('old-style fingerprint => %s', key.fingerprint('md5').toString());

Example output:

type => rsa
size => 2048 bits
comment => foo@foo.com
fingerprint => SHA256:PYC9kPVC6J873CSIbfp0LwYeczP/W4ffObNCuDJ1u5w
old-style fingerprint => a0:c8:ad:6c:32:9a:32:fa:59:cc:a9:8c:0a:0d:6e:bd

More examples: converting between formats:

/* Read in a PEM public key (PKCS#8) */
var keyPem = fs.readFileSync('id_rsa.pem');
var key = sshpk.parseKey(keyPem, 'pem');


/* Read in an OpenSSH/PEM *private* key, will load just the public half */
var keyPriv = fs.readFileSync('id_ecdsa');
var key = sshpk.parseKey(keyPriv, 'pem');


/* Convert to PEM PKCS#8 public key format */
var pemBuf = key.toBuffer('pem');

/* Convert to SSH public key format (and return as a string) */
var sshKey = key.toString('ssh');


/* Make a crypto.Verifier with this key */
var v = key.createVerify('sha1');
v.update('some data here');
var valid = v.verify(signature);

Matching fingerprints with keys:

var fp = sshpk.parseFingerprint('SHA256:PYC9kPVC6J873CSIbfp0LwYeczP/W4ffObNCuDJ1u5w');

var keys = [sshpk.parseKey(...), sshpk.parseKey(...), ...];

keys.forEach(function (key) {
	if (fp.matches(key))
		console.log('found it!');
});

Usage

parseKey(data[, format = 'ssh'[, name]])

Parses a key from a given data format and returns a new Key object.

Parameters

  • data -- Either a Buffer or String, containing the key
  • format -- String name of format to use, valid options are pem (supports both PKCS#1 and PKCS#8), rfc4253 (raw OpenSSH wire format, as returned by ssh-agent, for example), ssh (OpenSSH format)
  • name -- Optional name for the key being parsed (eg. the filename that was opened). Used to generate Error messages

Key#type

String, the type of key. Valid options are rsa, dsa, ecdsa.

Key#size

Integer, "size" of the key in bits. For RSA/DSA this is the size of the modulus; for ECDSA this is the bit size of the curve in use.

Key#comment

Optional string, a key comment used by some formats (eg the ssh format).

Key#curve

Only present if this.type === 'ecdsa', string containing the name of the named curve used with this key. Possible values include nistp256, nistp384 and nistp521.

Key#toBuffer([format = 'ssh'])

Convert the key into a given data format and return the serialized key as a Buffer.

Parameters

  • format -- String name of format to use, valid options are pem, rfc4253, ssh

Key#toString([format = 'ssh])

Same as this.toBuffer(format).toString().

Key#fingerprint([algorithm = 'sha256'])

Creates a new Fingerprint object representing this Key's fingerprint.

Parameters

  • algorithm -- String name of hash algorithm to use, valid options are md5, sha1, sha256, sha384, sha512

Key#createVerify([hashAlgorithm])

Creates a crypto.Verifier specialized to use this Key (and the correct public key algorithm to match it). The returned Verifier has the same API as a regular one, except that the verify() function takes only the target signature as an argument.

Parameters

  • hashAlgorithm -- optional String name of hash algorithm to use, any supported by OpenSSL are valid, usually including sha1, sha256.

v.verify(signature[, format]) Parameters

  • signature -- either a Signature object, or a Buffer or String
  • format -- optional String, name of format to interpret given String with. Not valid if signature is a Signature or Buffer.

parseFingerprint(fingerprint[, algorithms])

Pre-parses a fingerprint, creating a Fingerprint object that can be used to quickly locate a key by using the Fingerprint#matches function.

Parameters

  • fingerprint -- String, the fingerprint value, in any supported format
  • algorithms -- Optional list of strings, names of hash algorithms to limit support to. If fingerprint uses a hash algorithm not on this list, throws InvalidAlgorithmError.

Fingerprint#toString([format])

Returns a fingerprint as a string, in the given format.

Parameters

  • format -- Optional String, format to use, valid options are hex and base64. If this Fingerprint uses the md5 algorithm, the default format is hex. Otherwise, the default is base64.

Fingerprint#matches(key)

Verifies whether or not this Fingerprint matches a given Key. This function uses double-hashing to avoid leaking timing information. Returns a boolean.

Parameters

  • key -- a Key object, the key to match this fingerprint against

parseSignature(signature, algorithm, format)

Parses a signature in a given format, createing a Signature object. Useful for converting between the SSH and ASN.1 (PKCS/OpenSSL) signature formats for DSA and ECDSA.

A Signature object can also be passed to a verifier produced by Key#createVerify() and it will automatically be converted into the correct format for verification.

Parameters

  • signature -- a Buffer (binary) or String (base64), data of the actual signature in the given format
  • algorithm -- a String, name of the algorithm to be used, possible values are rsa, dsa and ecdsa
  • format -- a String, either asn1 or ssh

Signature#toBuffer([format = 'asn1'])

Converts a Signature to the given format and returns it as a Buffer.

Parameters

  • format -- a String, either asn1 or ssh

Signature#toString([format = 'asn1'])

Same as this.toBuffer(format).toString('base64').

Errors

InvalidAlgorithmError

The specified algorithm is not valid, either because it is not supported, or because it was not included on a list of allowed algorithms.

Thrown by Fingerprint.parse, Key#fingerprint.

Properties

  • algorithm -- the algorithm that could not be validated

FingerprintFormatError

The fingerprint string given could not be parsed as a supported fingerprint format, or the specified fingerprint format is invalid.

Thrown by Fingerprint.parse, Fingerprint#toString.

Properties

  • fingerprint -- if caused by a fingerprint, the string value given
  • format -- if caused by an invalid format specification, the string value given

KeyParseError

The key data given could not be parsed as a valid key.

Properties

  • keyName -- name that was given to Key#parse
  • format -- the format that was trying to parse the key
  • innerErr -- the inner Error thrown by the format parser

FAQs

Last updated on 28 Sep 2015

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Biz Podcast: How Shifts in Open Source Made It a Prime Attack Vector

Security News

Risky Biz Podcast: How Shifts in Open Source Made It a Prime Attack Vector

This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.

By Sarah Gooding  -  May 01, 2024
Introducing SSO

Product

Introducing SSO

Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.

By Alex Morais  -  Apr 29, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc