File: api-keys.texi

package info (click to toggle)
guile-ssh 0.18.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,996 kB
  • sloc: ansic: 4,821; lisp: 4,171; makefile: 310; sh: 259
file content (153 lines) | stat: -rw-r--r-- 4,660 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
 
@c -*-texinfo-*-
@c This file is part of Guile-SSH Reference Manual.
@c Copyright (C) 2014-2023 Artyom V. Poptsov
@c See the file guile-ssh.texi for copying conditions.

@node Keys
@section Keys

@cindex public keys
@cindex private keys
@tindex key

The @code{(ssh key)} module provides procedures for handling of
Guile-SSH keys.

@strong{Note} that Guile-SSH does not support ECDSA keys if libssh 0.6.3 is
compiled with GCrypt instead of OpenSSL.

@deffn {Scheme Procedure} make-keypair type length
Generate a keypair of specified @var{type} and @var{length} (in bits).  This
may take some time.

Possible key types are: @code{dss}, @code{rsa}, @code{rsa1}, @code{ecdsa}.

Return newly generated private key.  Throw @code{guile-ssh-error} on error.
@end deffn

@deffn {Scheme Procedure} key? x
Return @code{#t} if @var{x} is a Guile-SSH key, @code{#f} otherwise.
@end deffn

@deffn {Scheme Procedure} public-key? x
Return @code{#t} if @var{x} is a Guile-SSH key and it @strong{contains} a
public key, @code{#f} otherwise.  What it means is that the procedure will
return @code{#t} for a private key too (because the private key contains a
public key in some sense).
@end deffn

@deffn {Scheme Procedure} private-key? x
Return @code{#t} if @var{x} is a Guile-SSH private key, @code{#f}
otherwise.
@end deffn

@deffn {Scheme Procedure} public-key->string public-key
Convert @var{public-key} to a string.
@end deffn

@deffn {Scheme Procedure} string->public-key string type
Convert a public key of @var{type} represented as Base64 @var{string}
to a Guile-SSH key.  Throw @code{guile-ssh-error} on error.

The @var{type} must be one of the following symbols: @code{dss},
@code{rsa}, @code{rsa1}, @code{ecdsa}
@end deffn

@deffn {Scheme Procedure} private-key-from-file @
               file @
               [#:auth-callback=#f] @
               [#:user-data=#f]

Read private key from a @var{file}.  If the the key is encrypted the user will
be asked using @var{auth-callback} for passphrase to decrypt the key.  When
@var{auth-callback} is called, @var{user-data} is passed to it as an argument.
If no @var{auth-callback} is provided then the procedure denies access to an
encrypted key.

Return a new Guile-SSH key or @code{#f} on error.

The procedure performs @var{auth-callback} call as follows:

@lisp
(auth-callback prompt maximum-password-length echo? verify? user-data)
@end lisp

Where @code{prompt} is a string that specifies the password prompt to use.
The callback must return either a password as a string or @code{#f} if access
must be denied.

Usage example:
@lisp
(use-modules (ssh key))

(define (callback prompt max-len echo? verify? user-data)
  (getpass (format #f "~a: " prompt)))

(define key (private-key-from-file (string-append (getenv "HOME")
                                                  "/.ssh/id_rsa")
                                   #:auth-callback callback))
@end lisp

@end deffn

@deffn {Scheme Procedure} private-key-to-file private-key file-name
Export @var{private-key} to a PAM file @var{file-name} on a disk.  Throw
@code{guile-ssh-error} on error.  Return value is undefined.

@strong{Note} that this procedure won't work if libssh 0.6.3 is compiled with
GCrypt cryptographic library.
@end deffn

@deffn {Scheme Procedure} private-key->public-key private-key
Get a public key from the @var{private-key}.
@end deffn

@deffn {Scheme Procedure} public-key-from-file session file
Read public key from a @var{file}.  Return a public key or @code{#f}
on error.
@end deffn

@deffn {Scheme Procedure} get-key-type key
Get a symbol that represents the type of the Guile-SSH @var{key}.
Possible types are: @code{dss}, @code{rsa}, @code{rsa1}, @code{unknown}.
@end deffn

@deffn {Scheme Procedure} get-public-key-hash public-key type
@cindex fingerprint
@tindex fingerprint
Get a @var{public-key} hash of @var{type} as a bytevector.  Return the
bytevector on success, @code{#f} on error.

See also @code{get-server-public-key} in @pxref{Sessions}.

The @var{type} can be one of the following symbols: @code{md5},
@code{sha1}.

Example:

@lisp
(let ((pubkey (get-server-public-key session)))
  (get-public-key-hash pubkey 'md5))
@result{} #vu8(15 142 110 203 162 228 250 211 20 212 26 217 118 57 217 66)
@end lisp

@end deffn

@deffn {Scheme Procedure} bytevector->hex-string bv
@cindex fingerprint
@tindex fingerprint
Convert the given bytevector @var{bv} to a colon separated string.

Example:

@lisp
(let ((hash (get-public-key-hash pubkey 'md5)))
  (bytevector->hex-string hash))
@result{} "0f:8e:6e:cb:a2:e4:fa:d3:14:d4:1a:d9:76:39:d9:42"
@end lisp

@end deffn

@c Local Variables:
@c TeX-master: "guile-ssh.texi"
@c End: