This is the cl-ssh-keys Reference Manual, version 0.7.0, generated automatically by Declt version 4.0 beta 2 "William Riker" on Sun Dec 15 05:24:46 2024 GMT+0.
cl-ssh-keys/cl-ssh-keys.asdcl-ssh-keys/core/package.lispcl-ssh-keys/core/base.lispcl-ssh-keys/core/rfc8017.lispcl-ssh-keys/core/generics.lispcl-ssh-keys/core/public-key.lispcl-ssh-keys/core/private-key.lispcl-ssh-keys/core/conditions.lispcl-ssh-keys/core/key-types.lispcl-ssh-keys/core/signature.lispcl-ssh-keys/core/ciphers.lispcl-ssh-keys/keys/rsa.lispcl-ssh-keys/keys/dsa.lispcl-ssh-keys/keys/ed25519.lispcl-ssh-keys/keys/ecdsa-nistp256.lispcl-ssh-keys/keys/ecdsa-nistp384.lispcl-ssh-keys/keys/ecdsa-nistp521.lispcl-ssh-keys/keys/cert-key.lispThe main system appears first, followed by any subsystem dependency.
cl-ssh-keysCommon Lisp system for generating and parsing of OpenSSH keys
cl-ssh-keys
Marin Atanasov Nikolov <dnaeon@gmail.com>
Marin Atanasov Nikolov <dnaeon@gmail.com>
BSD 2-Clause
## cl-ssh-keys
‘cl-ssh-keys‘ is a Common Lisp system, which provides the following
features.
* Decode OpenSSH public keys as defined in [RFC 4253][RFC 4253],
section 6.6.
* Decode OpenSSH private private keys as defined in
[PROTOCOL.key][PROTOCOL.key]
* Generate new private/public key pairs in OpenSSH compatible
binary format.
## Requirements
* [Quicklisp][Quicklisp]
## Installation
Clone the [cl-ssh-keys][cl-ssh-keys] repo in
your [Quicklisp local-projects
directory][Quicklisp FAQ].
“‘ shell
git clone https://github.com/dnaeon/cl-ssh-keys.git
“‘
Load the system.
“‘ common-lisp
CL-USER> (ql:quickload :cl-ssh-keys)
“‘
## Supported Key Types
The following public and private key pairs can be decoded, encoded and
generated by ‘cl-ssh-keys‘.
| Type | Status |
|———|———–|
| RSA | Supported |
| DSA | Supported |
| ED25519 | Supported |
| ECDSA | Supported |
In addition to the public keys listed above the following certificate
key types are supported.
| Type | Status |
|——————————————|———–|
| ssh-rsa-cert-v01@openssh.com | Supported |
| ssh-dss-cert-v01@openssh.com | Supported |
| ecdsa-sha2-nistp256-cert-v01@openssh.com | Supported |
| ecdsa-sha2-nistp384-cert-v01@openssh.com | Supported |
| ecdsa-sha2-nistp521-cert-v01@openssh.com | Supported |
| ssh-ed25519-cert-v01@openssh.com | Supported |
## Usage
The following section provides various examples showing you how to decode,
encode, and generate new OpenSSH private and public key pairs.
For additional examples, make sure to check the [test
suite](./t/test-suite.lisp).
### Public keys
A public key can be parsed from a given string using the
‘SSH-KEYS:PARSE-PUBLIC-KEY‘ function, or from a file using the
‘SSH-KEYS:PARSE-PUBLIC-KEY-FILE‘ function.
The public key may be a regular public key (e.g. RSA, DSA, etc.), or
it could be an [OpenSSH Certificate
Key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys).
“‘ common-lisp
CL-USER> (defparameter *public-key*
(ssh-keys:parse-public-key-file #P"~/.ssh/id_rsa.pub"))
*PUBLIC-KEY*
“‘
You can retrieve the comment associated with a public key by using the
‘SSH-KEYS:KEY-COMMENT‘ accessor.
“‘ common-lisp
CL-USER> (ssh-keys:key-comment *public-key*)
"john.doe@localhost"
“‘
The key kind can be retrieved using ‘SSH-KEYS:KEY-KIND‘.
“‘ common-lisp
CL-USER> (ssh-keys:key-kind *public-key*)
(:NAME "ssh-rsa" :PLAIN-NAME "ssh-rsa" :SHORT-NAME "RSA" :ID :SSH-RSA :IS-CERT NIL)
“‘
The number of bits for a key can be retrieved using the
‘SSH-KEYS:KEY-BITS‘ generic function, e.g.
“‘ common-lisp
CL-USER> (ssh-keys:key-bits *public-key*)
3072
“‘
‘SSH-KEYS:WITH-PUBLIC-KEY‘ and ‘SSH-KEYS:WITH-PUBLIC-KEY-FILE‘
are convenient macros when working with public keys, e.g.
“‘ common-lisp
CL-USER> (ssh-keys:with-public-key-file (key #P"~/.ssh/id_rsa.pub")
(format t "Comment: ~a~%" (ssh-keys:key-comment key))
(format t "MD5 fingerprint: ~a~%" (ssh-keys:fingerprint :md5 key))
(format t "Number of bits: ~a~%" (ssh-keys:key-bits key)))
Comment: john.doe@localhost
MD5 fingerprint: 04:02:4b:b2:43:39:a4:8e:89:47:49:6f:30:78:94:1e
Number of bits: 3072
NIL
“‘
### Private keys
A private keys can be parsed using the ‘SSH-KEYS:PARSE-PRIVATE-KEY‘
function, which takes a string representing a private key in [OpenSSH
private key format][PROTOCOL.key], or you can use the
‘SSH-KEYS:PARSE-PRIVATE-KEY-FILE‘ function, e.g.
“‘ common-lisp
CL-USER> (defparameter *private-key*
(ssh-keys:parse-private-key-file #P"~/.ssh/id_rsa"))
*PRIVATE-KEY*
“‘
Key kind, comment and number of bits can be retrieved using
‘SSH-KEYS:KEY-KIND‘, ‘SSH-KEYS:KEY-COMMENT‘ and ‘SSH-KEYS:KEY-BITS‘,
similarly to the way you would for public keys, e.g.
“‘ common-lisp
CL-USER> (ssh-keys:key-kind *private-key*)
(:NAME "ssh-rsa" :PLAIN-NAME "ssh-rsa" :SHORT-NAME "RSA" :ID :SSH-RSA :IS-CERT NIL)
CL-USER> (ssh-keys:key-comment *private-key*)
"john.doe@localhost"
CL-USER> (ssh-keys:key-bits *private-key*)
3072
“‘
OpenSSH private keys embed the public key within the binary blob of
the private key. From a private key you can get the embedded public
key using ‘SSH-KEYS:EMBEDDED-PUBLIC-KEY‘, e.g.
“‘ common-lisp
CL-USER> (ssh-keys:embedded-public-key *private-key*)
#<CL-SSH-KEYS:RSA-PUBLIC-KEY {100619EAB3}>
“‘
You can also use the ‘SSH-KEYS:WITH-PRIVATE-KEY‘ and
‘SSH-KEYS:WITH-PRIVATE-KEY-FILE‘ macros when working with private
keys.
“‘ common-lisp
CL-USER> (ssh-keys:with-private-key-file (key #P"~/.ssh/id_rsa")
(format t "Comment: ~a~%" (ssh-keys:key-comment key))
(format t "MD5 fingerprint: ~a~%" (ssh-keys:fingerprint :md5 key)))
Comment: john.doe@localhost
MD5 fingerprint: 04:02:4b:b2:43:39:a4:8e:89:47:49:6f:30:78:94:1e
“‘
### Encrypted keys
In order to parse an encrypted private key you need to provide a
passphrase, e.g.
“‘ common-lisp
CL-USER> (ssh-keys:with-private-key-file (key #P"~/.ssh/id_rsa" :passphrase "my-secret-password")
(ssh-keys:key-cipher-name key))
"aes256-ctr"
“‘
### Changing passphrase of an encrypted key
The passphrase for an encrypted private key can be changed by setting
a new value for the passphrase using the ‘SSH-KEYS:KEY-PASSPHRASE‘
accessor.
This example changes the passphrase for a given key and saves it on
the filesystem.
“‘ common-lisp
CL-USER> (ssh-keys:with-private-key-file (key #P"~/.ssh/id_rsa" :passphrase "OLD-PASSPHRASE")
(setf (ssh-keys:key-passphrase key) "MY-NEW-PASSPHRASE")
(ssh-keys:write-key-to-path key #P"~/.id_rsa-new-passphrase"))
“‘
### Setting passphrase for an existing un-encrypted key
In order to set a passphrase for an existing un-encrypted private key,
simply set a passphrase using the ‘SSH-KEYS:KEY-PASSPHRASE‘ accessor,
e.g.
“‘ common-lisp
CL-USER> (ssh-keys:with-private-key-file (key #P"~/.ssh/id_rsa")
(setf (ssh-keys:key-passphrase key) "my-secret-password")
(ssh-keys:write-key-to-path key #P"~/.id_rsa-encrypted"))
“‘
### Removing passphrase of an encrypted key
You can remove the passphrase of a private key and make it
un-encrypted by setting the passphrase to ‘nil‘.
“‘ common-lisp
CL-USER> (ssh-keys:with-private-key-file (key #P"~/.ssh/id_rsa" :passphrase "PASSPHRASE")
(setf (ssh-keys:key-passphrase key) nil)
(ssh-keys:write-key-to-path key #P"~/.id_rsa-unencrypted"))
“‘
### Changing the cipher of an encrypted key
The cipher to be used for encryption of a private key can be set by
using the ‘SSH-KEYS:KEY-CIPHER-NAME‘ accessor. The value should be one
of the known and supported ciphers as returned by
‘SSH-KEYS:GET-ALL-CIPHER-NAMES‘.
First, list the known cipher names.
“‘ common-lisp
CL-USER> (ssh-keys:get-all-cipher-names)
("3des-cbc" "aes128-cbc" "aes192-cbc" "aes256-cbc" "aes128-ctr" "aes192-ctr" "aes256-ctr" "none")
“‘
Then set a new cipher.
“‘ common-lisp
CL-USER> (ssh-keys:with-private-key-file (key #P"~/.ssh/id_rsa" :passphrase "PASSPHRASE")
(setf (ssh-keys:key-cipher-name key) "3des-cbc")
(ssh-keys:write-key-to-path key #P"~/.id_rsa-3des-cbc"))
“‘
### Changing the KDF number of iterations
By default ‘ssh-keygen(1)‘ and ‘cl-ssh-keys‘ will use ‘16‘ rounds of
iterations in order to produce an encryption key. You can set this to
a higher value, if needed, which would help against brute-force
attacks.
“‘ common-lisp
CL-USER> (ssh-keys:with-private-key-file (key #P"~/.ssh/id_rsa" :passphrase "PASSPHRASE")
(setf (ssh-keys:key-kdf-rounds key) 32)
(ssh-keys:write-key-to-path key #P"~/.id_rsa-stronger"))
“‘
### Fingerprints
Key fingerprints can be generated using the ‘SSH-KEYS:FINGERPRINT‘
generic function.
The following examples show how to generate the SHA-256, SHA-1 and MD5
fingerprints of a given public key.
“‘ common-lisp
CL-USER> (ssh-keys:fingerprint :sha256 *public-key*)
"VmYpd+5gvA5Cj57ZZcI8lnFMNNic6jpnnBd0WoNG1F8"
CL-USER> (ssh-keys:fingerprint :sha1 *public-key*)
"RnLPLG93GrABjOqc6xOvVFpQXsc"
CL-USER> (ssh-keys:fingerprint :md5 *public-key*)
"04:02:4b:b2:43:39:a4:8e:89:47:49:6f:30:78:94:1e"
“‘
Fingerprints of private keys are computed against the embedded public
key.
### Writing Keys
A public and private key can be written in its text representation
using the ‘SSH-KEYS:WRITE-KEY‘ generic function.
“‘ common-lisp
CL-USER> (ssh-keys:write-key *public-key*)
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsngzCcay+lQ+34qUeUSH2m1ZYW9B0a2rxpMmvYFcOyL/hRPJwv8XO89T0+HQIZRC+xlM3BSqdFGs+B58MYXPvo3H+p00CJN8tUjvC3VD74kiXSNxIyhBpKCY1s58RxnWS/6bPQIYfnCVBiQZnkNe1T3isxND1Y71TnbSz5QN2xBkAtiGPH0dPM89yWbZpTjTCaIOfyZn2fBBsmp0zUgEJ7o9W9Lrxs1f0Pn+bZ4PqFSEUzlub7mAQ+RpwgGeLeWIFz+o6KQJPFiuRgzQU6ZsY+wjorVefzgeqpRiWGw/bEyUDck09B4B0IWoTtIiKRzd635nOo7Lz/1XgaMZ60WZD9T/labEWcKmtp4Y7NoCkep0DyYyoAgWrco4FD1r0g4WcVbsJQt8HzRy9UaHlh6YPY/xkk0bSiljpygEiT48FxniqE+6HY+7SbC1wz5QThY+UsIiDgFcg3BljskfT8Il3hateXI2wEXqww4+a+DxcHzypclYorbQKUzdzNLZRBNk= john.doe@localhost
NIL
“‘
Another example, this time using a private key.
“‘ common-lisp
CL-USER> (ssh-keys:write-key *private-key*)
—–BEGIN OPENSSH PRIVATE KEY—–
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEArJ4MwnGsvpUPt+KlHlEh9ptWWFvQdGtq8aTJr2BXDsi/4UTycL/F
zvPU9Ph0CGUQvsZTNwUqnRRrPgefDGFz76Nx/qdNAiTfLVI7wt1Q++JIl0jcSMoQaSgmNb
OfEcZ1kv+mz0CGH5wlQYkGZ5DXtU94rMTQ9WO9U520s+UDdsQZALYhjx9HTzPPclm2aU40
wmiDn8mZ9nwQbJqdM1IBCe6PVvS68bNX9D5/m2eD6hUhFM5bm+5gEPkacIBni3liBc/qOi
kCTxYrkYM0FOmbGPsI6K1Xn84HqqUYlhsP2xMlA3JNPQeAdCFqE7SIikc3et+ZzqOy8/9V
4GjGetFmQ/U/5WmxFnCpraeGOzaApHqdA8mMqAIFq3KOBQ9a9IOFnFW7CULfB80cvVGh5Y
emD2P8ZJNG0opY6coBIk+PBcZ4qhPuh2Pu0mwtcM+UE4WPlLCIg4BXINwZY7JH0/CJd4Wr
XlyNsBF6sMOPmvg8XB88qXJWKK20ClM3czS2UQTZAAAFkJkcYpSZHGKUAAAAB3NzaC1yc2
EAAAGBAKyeDMJxrL6VD7fipR5RIfabVlhb0HRravGkya9gVw7Iv+FE8nC/xc7z1PT4dAhl
EL7GUzcFKp0Uaz4Hnwxhc++jcf6nTQIk3y1SO8LdUPviSJdI3EjKEGkoJjWznxHGdZL/ps
9Ahh+cJUGJBmeQ17VPeKzE0PVjvVOdtLPlA3bEGQC2IY8fR08zz3JZtmlONMJog5/JmfZ8
EGyanTNSAQnuj1b0uvGzV/Q+f5tng+oVIRTOW5vuYBD5GnCAZ4t5YgXP6jopAk8WK5GDNB
Tpmxj7COitV5/OB6qlGJYbD9sTJQNyTT0HgHQhahO0iIpHN3rfmc6jsvP/VeBoxnrRZkP1
P+VpsRZwqa2nhjs2gKR6nQPJjKgCBatyjgUPWvSDhZxVuwlC3wfNHL1RoeWHpg9j/GSTRt
KKWOnKASJPjwXGeKoT7odj7tJsLXDPlBOFj5SwiIOAVyDcGWOyR9PwiXeFq15cjbARerDD
j5r4PFwfPKlyViittApTN3M0tlEE2QAAAAMBAAEAAAGBAJT3DFHdYdNSti7d09sW7zVvlp
NIINvnO3Jv4HGNtXOXwSd5pbOxe9Z+TEBgDVqVRV8trfCkb8MBNQ9h6lr32uJqbdzyqh14
jnUBK3ueHN5SyIxuH1RdtM3bDSZ47YScfSivoVfn+hdbXDdzNei4cb8RZzXJ3/505ZU8Ww
6IS3X6Aw2/H7TwrExojNTFIQs9p4BCS5zgkRLKvC3NPG5mjWjxzBehuZcOS5AHQ35sVcX0
GAlpkFs/2v2qy6tc1H7j703RsrlJtXvLQ2fUGVXdZflMSlX1te+T+KM5T1unUS5fPFWfLj
U+bQK7KkY48ILVQkrFLGg+8Wj77MTS3AGmQ2MnHzaK0+Cd+HAqUfRIDZZgG/5/T8nIsra/
9AG2ZIvOTSZsLqht4TkfZnp6hJm+MKmpJ9F40NnzGtYNso6GD/aqkDxubKf4uoOEW9cbOO
s5i5bvvZSgxQ1sNees0/nBBYsRhLfYkC41EcCRlhQIcvHA1IFRj5Un0gowA8vtCGyRJQAA
AMEAuPkxyvsmPYIi0SbVNVMdEpaJ3UHTJOLL6b8QDPYsiuYG0DZfHgL1MSbgIrxUKI4Xi1
oEROgfGHnhnUd7mGbwUF/K0KnYJUMlV0W8Jfz94E7+cQiqgvvWD2JZcuvXP5Dg89whsFFy
pinpkrWe8gDmqo/LKzAEBIFAuNVarD7/cIKTpW+pdo7WfnYsXqTgyZ5NO8IwkTXho6NTRI
s/Z7o7UCXX2XnUcQxWOv+L5aw7w4dBdNZpN7XBQCOfOo32SDpQAAAAwQDYmJZrTrb5w5N+
o/j9nhcrY1ZbJNUbpx1lrV/r1GCGX0f3l2ztjjzyttP+WEggPypMB5BC+S6d67PEJeI988
OanzMx/r37tfFbMMtE5YNx1BwyL1Z1x/KYugReibWclHBAa+b+TCFSfJyf1I5NABsgjQ2h
4uVy1pRWcly4Cfu0NWRJo23waTzvODPWjUz1EFIcytpKvYxwbcvYOVEY5ie9+oXhVxNm6U
ZQTLMtPWNUZGHt3xOrGhrf4M7EJRLUBe8AAADBAMwFRHMyDsyjzlFZA1gL42xO4gCGwjJq
IZu+X6h1PV71IYyyY2XV9p6Ir9UZFeFs73wvO7I+OWW6POIKMKVOjjWTU5KD3+kSI2THWq
j/Cf8gr/aLqHOKa6X63meJCPSKC5CtHFchvAPvcUhfLLv7MfHJfwFU4vrBJh5w4h0TXKCU
8hIzudC5tinyYsDgv0i0keWxWAmKMxSxsfIQkqYtqMHc4E9EZ1baUsvAj8VolJcKn0Ocj9
tvLra3KkT8SoqptwAAABJqb2huLmRvZUBsb2NhbGhvc3QBAgMEBQYH
—–END OPENSSH PRIVATE KEY—–
NIL
“‘
The ‘SSH-KEYS:WRITE-KEY‘ generic function takes an optional stream
parameter, so you can write your keys to a given stream, if needed.
“‘ common-lisp
CL-USER> (with-open-file (out #P"my-rsa-public-key" :direction :output)
(ssh-keys:write-key *public-key* out))
NIL
“‘
‘SSH-KEYS:WRITE-KEY-TO-PATH‘ is a convenience function you can use to
write keys to a given path, e.g.
“‘ common-lisp
CL-USER> (ssh-keys:write-key-to-path (key #P"my-rsa-public-key")
“‘
### Generating new private/public key pairs
The ‘SSH-KEYS:GENERATE-KEY-PAIR‘ generic function creates a new
private/public key pair of a given kind.
The generated keys are identical with what ‘ssh-keygen(1)‘ would
produce and you can use them to authenticate to remote systems.
The following example creates an RSA private/public key pair, and
saves the keys on the file system.
“‘ common-lisp
CL-USER> (multiple-value-bind (priv-key pub-key) (ssh-keys:generate-key-pair :rsa)
(ssh-keys:write-key-to-path priv-key #P"~/.ssh/my-priv-rsa-key")
(ssh-keys:write-key-to-path pub-key #P"~/.ssh/my-pub-rsa-key.pub"))
NIL
“‘
The following example generates DSA private/public key pairs.
“‘ common-lisp
CL-USER> (ssh-keys:generate-key-pair :dsa)
“‘
This example shows how to generate Ed25519 private/public key pairs.
“‘ common-lisp
CL-USER> (ssh-keys:generate-key-pair :ed25519)
“‘
ECDSA keys can be generated using NIST P-256, NIST P-384 or NIST P-521
curves. The following examples show how to create 256, 384 and 521 bit
ECDSA keys.
“‘ common-lisp
CL-USER> (ssh-keys:generate-key-pair :ecdsa-nistp256)
CL-USER> (ssh-keys:generate-key-pair :ecdsa-nistp384)
CL-USER> (ssh-keys:generate-key-pair :ecdsa-nistp521)
“‘
## Tests
Tests are provided as part of the ‘cl-ssh-keys.test‘ system.
The following Common Lisp implementations have been tested and are
known to work.
* [SBCL](http://www.sbcl.org)
* [CCL](https://ccl.clozure.com)
In order to run the tests you can evaluate the following expressions.
“‘ common-lisp
CL-USER> (ql:quickload :cl-ssh-keys.test)
CL-USER> (asdf:test-system :cl-ssh-keys.test)
“‘
Or you can run the tests in a Docker container instead.
First, build the Docker image.
“‘ shell
docker build -t cl-ssh-keys .
“‘
Run the tests.
“‘ shell
docker run –rm cl-ssh-keys
“‘
## Contributing
‘cl-ssh-keys‘ is hosted on [Github][cl-ssh-keys]. Please contribute by
reporting issues, suggesting features or by sending patches using pull
requests.
## Authors
* Marin Atanasov Nikolov (dnaeon@gmail.com)
## License
This project is Open Source and licensed under the [BSD
License][BSD License].
[RFC 4253]: https://tools.ietf.org/html/rfc4253
[PROTOCOL.key]: https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD
[Quicklisp]: https://www.quicklisp.org/beta/
[Quicklisp FAQ]: https://www.quicklisp.org/beta/faq.html
[cl-ssh-keys]: https://github.com/dnaeon/cl-ssh-keys
[BSD License]: http://opensource.org/licenses/BSD-2-Clause
0.7.0
cl-rfc4251 (system).
ironclad (system).
uiop (system).
alexandria (system).
cl-base64 (system).
Modules are listed depth-first from the system components tree.
cl-ssh-keys/corecl-ssh-keys (system).
package.lisp (file).
base.lisp (file).
rfc8017.lisp (file).
generics.lisp (file).
public-key.lisp (file).
private-key.lisp (file).
conditions.lisp (file).
key-types.lisp (file).
signature.lisp (file).
ciphers.lisp (file).
cl-ssh-keys/keyscore (module).
cl-ssh-keys (system).
rsa.lisp (file).
dsa.lisp (file).
ed25519.lisp (file).
ecdsa-nistp256.lisp (file).
ecdsa-nistp384.lisp (file).
ecdsa-nistp521.lisp (file).
cert-key.lisp (file).
Files are sorted by type and then listed depth-first from the systems components trees.
cl-ssh-keys/cl-ssh-keys.asdcl-ssh-keys/core/package.lispcl-ssh-keys/core/base.lispcl-ssh-keys/core/rfc8017.lispcl-ssh-keys/core/generics.lispcl-ssh-keys/core/public-key.lispcl-ssh-keys/core/private-key.lispcl-ssh-keys/core/conditions.lispcl-ssh-keys/core/key-types.lispcl-ssh-keys/core/signature.lispcl-ssh-keys/core/ciphers.lispcl-ssh-keys/keys/rsa.lispcl-ssh-keys/keys/dsa.lispcl-ssh-keys/keys/ed25519.lispcl-ssh-keys/keys/ecdsa-nistp256.lispcl-ssh-keys/keys/ecdsa-nistp384.lispcl-ssh-keys/keys/ecdsa-nistp521.lispcl-ssh-keys/keys/cert-key.lispcl-ssh-keys/cl-ssh-keys.asdcl-ssh-keys (system).
cl-ssh-keys/core/base.lisppackage.lisp (file).
core (module).
base-ecdsa-nistp-key (class).
base-key (class).
ecdsa-curve-identifier (reader method).
key-comment (reader method).
(setf key-comment) (writer method).
key-kind (reader method).
write-key-to-path (function).
cl-ssh-keys/core/rfc8017.lisppackage.lisp (file).
core (module).
*emsa-pkcs1-v1_5-digest-info* (special variable).
emsa-pkcs1-v1_5-encode (function).
i2osp (function).
os2ip (function).
rsasp1 (function).
rsassa-pkcs1-v1_5-sign (function).
rsassa-pkcs1-v1_5-verify (function).
rsavp1 (function).
cl-ssh-keys/core/generics.lisppackage.lisp (file).
core (module).
fingerprint (generic function).
generate-key-pair (generic function).
get-bytes-for-signing (generic function).
key-bits (generic function).
verify-signature (generic function).
write-key (generic function).
cl-ssh-keys/core/public-key.lisppackage.lisp (file).
core (module).
base-ecdsa-nistp-public-key (class).
base-public-key (class).
encode (method).
fingerprint (method).
fingerprint (method).
fingerprint (method).
parse-public-key (function).
parse-public-key-file (function).
with-public-key (macro).
with-public-key-file (macro).
write-key (method).
cl-ssh-keys/core/private-key.lisppackage.lisp (file).
ciphers.lisp (file).
core (module).
*default-kdf-rounds* (special variable).
+kdf-salt-size+ (constant).
+private-key-auth-magic+ (constant).
+private-key-mark-begin+ (constant).
+private-key-mark-end+ (constant).
base-ecdsa-nistp-private-key (class).
base-private-key (class).
embedded-public-key (reader method).
encode (method).
extract-private-key (function).
extract-private-key-from-file (function).
fingerprint (method).
fingerprint (method).
fingerprint (method).
key-checksum-int (reader method).
key-cipher-name (reader method).
(setf key-cipher-name) (writer method).
(setf key-cipher-name) (method).
key-kdf-name (reader method).
(setf key-kdf-name) (writer method).
(setf key-kdf-name) (method).
key-kdf-rounds (reader method).
(setf key-kdf-rounds) (writer method).
key-kdf-salt (reader method).
key-passphrase (reader method).
(setf key-passphrase) (writer method).
(setf key-passphrase) (method).
parse-private-key (function).
parse-private-key-file (function).
private-key-padding-is-correct-p (function).
with-private-key (macro).
with-private-key-file (macro).
write-key (method).
*supported-kdf-names* (special variable).
decrypt-private-key (function).
encrypt-private-key (function).
cl-ssh-keys/core/conditions.lisppackage.lisp (file).
core (module).
key-type-mismatch-error (condition).
unsupported-key-error (condition).
base-error (condition).
error-description (reader method).
error-expected-key-type (reader method).
error-found-key-type (reader method).
invalid-key-error (condition).
cl-ssh-keys/core/key-types.lisppackage.lisp (file).
core (module).
*key-types* (special variable).
get-key-type (function).
get-key-type-or-lose (function).
cl-ssh-keys/core/signature.lisppackage.lisp (file).
core (module).
encode (method).
get-signature-type (function).
get-signature-type-or-lose (function).
signature (class).
signature-blob (reader method).
signature-type (reader method).
*signature-types* (special variable).
cl-ssh-keys/core/ciphers.lisppackage.lisp (file).
core (module).
*ciphers* (special variable).
*default-cipher-name* (special variable).
get-all-cipher-names (function).
get-cipher-by-name (function).
get-cipher-by-name-or-lose (function).
get-cipher-for-encryption/decryption (function).
cl-ssh-keys/keys/rsa.lispkeys (module).
encode (method).
encode (method).
generate-key-pair (method).
key-bits (method).
key-bits (method).
rsa-private-key (class).
rsa-public-key (class).
verify-signature (method).
cl-ssh-keys/keys/dsa.lispkeys (module).
dsa-private-key (class).
dsa-public-key (class).
encode (method).
encode (method).
generate-key-pair (method).
key-bits (method).
key-bits (method).
verify-signature (method).
cl-ssh-keys/keys/ed25519.lispkeys (module).
ed25519-private-key (class).
ed25519-public-key (class).
encode (method).
encode (method).
generate-key-pair (method).
key-bits (method).
key-bits (method).
verify-signature (method).
+ed25519-public-key-bytes+ (constant).
+ed25519-secret-key-bytes+ (constant).
cl-ssh-keys/keys/ecdsa-nistp256.lispkeys (module).
+nistp256-identifier+ (constant).
ecdsa-nistp256-private-key (class).
ecdsa-nistp256-public-key (class).
encode (method).
encode (method).
generate-key-pair (method).
key-bits (method).
key-bits (method).
verify-signature (method).
cl-ssh-keys/keys/ecdsa-nistp384.lispkeys (module).
+nistp384-identifier+ (constant).
ecdsa-nistp384-private-key (class).
ecdsa-nistp384-public-key (class).
encode (method).
encode (method).
generate-key-pair (method).
key-bits (method).
key-bits (method).
cl-ssh-keys/keys/ecdsa-nistp521.lispkeys (module).
+nistp521-identifier+ (constant).
ecdsa-nistp521-private-key (class).
ecdsa-nistp521-public-key (class).
encode (method).
encode (method).
generate-key-pair (method).
key-bits (method).
key-bits (method).
cl-ssh-keys/keys/cert-key.lispkeys (module).
+ssh-cert-max-valid-to+ (constant).
+ssh-cert-type-host+ (constant).
+ssh-cert-type-user+ (constant).
cert-critical-options (reader method).
(setf cert-critical-options) (writer method).
cert-extensions (reader method).
(setf cert-extensions) (writer method).
cert-key (reader method).
cert-key-id (reader method).
(setf cert-key-id) (writer method).
cert-nonce (reader method).
(setf cert-nonce) (writer method).
cert-reserved (reader method).
cert-serial (reader method).
(setf cert-serial) (writer method).
cert-signature (reader method).
(setf cert-signature) (writer method).
cert-signature-key (reader method).
(setf cert-signature-key) (writer method).
cert-type (reader method).
(setf cert-type) (writer method).
cert-valid-after (reader method).
(setf cert-valid-after) (writer method).
cert-valid-before (reader method).
(setf cert-valid-before) (writer method).
cert-valid-principals (reader method).
(setf cert-valid-principals) (writer method).
certificate (class).
describe-cert-option (function).
encode (method).
fingerprint (method).
fingerprint (method).
fingerprint (method).
get-bytes-for-signing (method).
get-cert-critical-options (function).
get-supported-cert-options (function).
*ssh-cert-options* (special variable).
Packages are listed by definition order.
cl-ssh-keysssh-keys
common-lisp.
*ciphers* (special variable).
*default-cipher-name* (special variable).
*default-kdf-rounds* (special variable).
*emsa-pkcs1-v1_5-digest-info* (special variable).
*key-types* (special variable).
+kdf-salt-size+ (constant).
+nistp256-identifier+ (constant).
+nistp384-identifier+ (constant).
+nistp521-identifier+ (constant).
+private-key-auth-magic+ (constant).
+private-key-mark-begin+ (constant).
+private-key-mark-end+ (constant).
+ssh-cert-max-valid-to+ (constant).
+ssh-cert-type-host+ (constant).
+ssh-cert-type-user+ (constant).
base-ecdsa-nistp-key (class).
base-ecdsa-nistp-private-key (class).
base-ecdsa-nistp-public-key (class).
base-key (class).
base-private-key (class).
base-public-key (class).
cert-critical-options (generic reader).
(setf cert-critical-options) (generic writer).
cert-extensions (generic reader).
(setf cert-extensions) (generic writer).
cert-key (generic reader).
cert-key-id (generic reader).
(setf cert-key-id) (generic writer).
cert-nonce (generic reader).
(setf cert-nonce) (generic writer).
cert-reserved (generic reader).
cert-serial (generic reader).
(setf cert-serial) (generic writer).
cert-signature (generic reader).
(setf cert-signature) (generic writer).
cert-signature-key (generic reader).
(setf cert-signature-key) (generic writer).
cert-type (generic reader).
(setf cert-type) (generic writer).
cert-valid-after (generic reader).
(setf cert-valid-after) (generic writer).
cert-valid-before (generic reader).
(setf cert-valid-before) (generic writer).
cert-valid-principals (generic reader).
(setf cert-valid-principals) (generic writer).
certificate (class).
describe-cert-option (function).
dsa-private-key (class).
dsa-public-key (class).
ecdsa-curve-identifier (generic reader).
ecdsa-nistp256-private-key (class).
ecdsa-nistp256-public-key (class).
ecdsa-nistp384-private-key (class).
ecdsa-nistp384-public-key (class).
ecdsa-nistp521-private-key (class).
ecdsa-nistp521-public-key (class).
ed25519-private-key (class).
ed25519-public-key (class).
embedded-public-key (generic reader).
emsa-pkcs1-v1_5-encode (function).
extract-private-key (function).
extract-private-key-from-file (function).
fingerprint (generic function).
generate-key-pair (generic function).
get-all-cipher-names (function).
get-bytes-for-signing (generic function).
get-cert-critical-options (function).
get-cipher-by-name (function).
get-cipher-by-name-or-lose (function).
get-key-type (function).
get-key-type-or-lose (function).
get-signature-type (function).
get-signature-type-or-lose (function).
get-supported-cert-options (function).
i2osp (function).
key-bits (generic function).
key-checksum-int (generic reader).
key-cipher-name (generic reader).
(setf key-cipher-name) (generic function).
key-comment (generic reader).
(setf key-comment) (generic writer).
key-kdf-name (generic reader).
(setf key-kdf-name) (generic function).
key-kdf-rounds (generic reader).
(setf key-kdf-rounds) (generic writer).
key-kdf-salt (generic reader).
key-kind (generic reader).
key-passphrase (generic reader).
(setf key-passphrase) (generic function).
key-type-mismatch-error (condition).
os2ip (function).
parse-private-key (function).
parse-private-key-file (function).
parse-public-key (function).
parse-public-key-file (function).
private-key-padding-is-correct-p (function).
rsa-private-key (class).
rsa-public-key (class).
rsasp1 (function).
rsassa-pkcs1-v1_5-sign (function).
rsassa-pkcs1-v1_5-verify (function).
rsavp1 (function).
signature (class).
signature-blob (generic reader).
signature-type (generic reader).
unsupported-key-error (condition).
verify-signature (generic function).
with-private-key (macro).
with-private-key-file (macro).
with-public-key (macro).
with-public-key-file (macro).
write-key (generic function).
write-key-to-path (function).
*signature-types* (special variable).
*ssh-cert-options* (special variable).
*supported-kdf-names* (special variable).
+ed25519-public-key-bytes+ (constant).
+ed25519-secret-key-bytes+ (constant).
base-error (condition).
decrypt-private-key (function).
encrypt-private-key (function).
error-description (generic reader).
error-expected-key-type (generic reader).
error-found-key-type (generic reader).
get-cipher-for-encryption/decryption (function).
invalid-key-error (condition).
Definitions are sorted by export status, category, package, and then by lexicographic order.
Salt size in bytes
NIST name of the curve
NIST name of the curve
NIST name of the curve
OpenSSH private key AUTH_MAGIC header
Beginning marker for OpenSSH private keys
Ending marker for OpenSSH private keys
Max expiry date for a certificate
Indicates a host certificate
Indicates a user certificate
Various ciphers used by OpenSSH that are supported
Default cipher to use when encrypting a private key
Default number of iterations to use when deriving a key
DigestInfo DER encoding of the known hash functions. See RFC 8017, section 9.2, notes 1.
OpenSSH key types
Parses a private key from the given TEXT and evaluates the BODY with VAR bound to the decoded private key
Parses a private key from the given PATH and evaluates the BODY with VAR bound to the decoded private key
Parses a public key from the given TEXT and evaluates the BODY with VAR bound to the decoded public key
Parses a public key from the given PATH and evaluates the BODY with VAR bound to the decoded public key
Describe the OpenSSH certificate option with the given NAME
EMSA-PKCS1-v1_5 encoding method. See RFC 8017, section 9.2
Extracts the private key contents from the given stream
Extracts the private key contents from the given path
Returns a list of all supported cipher names
Returns the list of certificate critical options
Get a cipher by its name
Get the key type identified by the given value and property
Get the signature type with name identified by VALUE
Returns a list of the supported certificate options
Integer-to-Octet-String primitive. See RFC 8017, section 4.1
Octet-String-to-Integer primitive. See RFC 8017, section 4.2
Parses an OpenSSH private key from the given plain-text string
Parses an OpenSSH private key from the given path
Parses an OpenSSH public key from the given plain-text string
Parses an OpenSSH public key from the given path
Predicate for deterministic check of padding after private key
RSA signature primitive. See RFC 8017, section 5.2.1
RSASSA-PKCS1-v1_5 signature generation. See RFC 8017, section 8.2.1
RSASSA-PKCS1-v1_5 signature verification. See RFC 8017, section 8.2.2
RSA verification primitive. See RFC 8017, section 5.2.2
Writes the given KEY to the destination PATH
certificate)) ¶certificate)) ¶Certificate critical options
certificate)) ¶certificate)) ¶Certificate extensions
certificate)) ¶The public key of the user/host
key.
certificate)) ¶certificate)) ¶Key identity filled in by the CA at the time of signing
certificate)) ¶certificate)) ¶CA-provided nonce
certificate)) ¶Currently unused and ignored in this version of the protocol
certificate)) ¶certificate)) ¶Optional certificate serial number set by the CA
certificate)) ¶certificate)) ¶The certificate signature
certificate)) ¶certificate)) ¶The public key of the CA that signed the certificate
certificate)) ¶certificate)) ¶Certificate type. Must be either +SSH-CERT-TYPE-USER+ or +SSH-CERT-TYPE-HOST+
type.
certificate)) ¶certificate)) ¶The validity period after which the certificate is valid
certificate)) ¶certificate)) ¶The validity period before which the certificate is valid
certificate)) ¶certificate)) ¶List of usernames/hostnames for which this certificate is valid
base-ecdsa-nistp-key)) ¶Identifier of the elliptic curve domain parameters
base-private-key)) ¶Public key embedded in the private key
Computes the fingerprint of the given KEY using the HASH-SPEC
(eql :sha256)) (key certificate) &key) ¶Computes the SHA256 fingerprint of the embedded client public key
(eql :sha1)) (key certificate) &key) ¶Computes the SHA1 fingerprint of the embedded client public key
(eql :md5)) (key certificate) &key) ¶Computes the MD5 fingerprint of the embedded client public key
(eql :sha256)) (key base-private-key) &key) ¶Computes the SHA-256 fingerprint of the embedded public key
(eql :sha1)) (key base-private-key) &key) ¶Computes the SHA-1 fingerprint of the embedded public key
(eql :md5)) (key base-private-key) &key) ¶Computes the MD5 fingerprint of the embedded public key
(eql :sha256)) (key base-public-key) &key) ¶Computes the SHA-256 fingerprint of the given public key
(eql :sha1)) (key base-public-key) &key) ¶Computes the SHA-1 fingerprint of the given public key
(eql :md5)) (key base-public-key) &key) ¶Computes the MD5 fingerprint of the given public key
Generates a new pair of public and private keys
(eql :ecdsa-nistp521)) &key comment passphrase) ¶Generates a new pair of ECDSA NIST P-521 public and private keys
(eql :ecdsa-nistp384)) &key comment passphrase) ¶Generates a new pair of ECDSA NIST P-384 public and private keys
(eql :ecdsa-nistp256)) &key comment passphrase) ¶Generates a new pair of ECDSA NIST P-256 public and private keys
(eql :ed25519)) &key comment passphrase) ¶Generates a new pair of Ed25519 public and private keys
(eql :dsa)) &key comment passphrase) ¶Generates a new pair of DSA public and private keys
Returns the bytes of the key which will be signed
certificate) &key) ¶Returns the portion of the certificate key which will be signed. The bytes for signing represent everything up to the signature.
Returns the number of bits for the key
ecdsa-nistp521-private-key)) ¶Returns the number of bits of the embedded public key
ecdsa-nistp521-public-key)) ¶Returns the number of bits for the ECDSA NIST P-521 public key
ecdsa-nistp384-private-key)) ¶Returns the number of bits of the embedded public key
ecdsa-nistp384-public-key)) ¶Returns the number of bits for the ECDSA NIST P-384 public key
ecdsa-nistp256-private-key)) ¶Returns the number of bits of the embedded public key
ecdsa-nistp256-public-key)) ¶Returns the number of bits for the ECDSA NIST P-256 public key
ed25519-private-key)) ¶Returns the number of bits of the embedded public key
ed25519-public-key)) ¶Returns the number of bits for the Ed25519 public key
dsa-private-key)) ¶Returns the number of bits of the embedded public key
dsa-public-key)) ¶Returns the number of bits for the DSA public key
rsa-private-key)) ¶Returns the number of bits of the embedded public key
rsa-public-key)) ¶Returns the number of bits for the RSA public key
base-private-key)) ¶Checksum integer for private keys
base-private-key)) ¶Private key cipher name
base-private-key)) ¶Set cipher name to use for encryption of the private key
base-private-key)) ¶Private key cipher name
base-private-key)) ¶Private key KDF name
base-private-key)) ¶Set KDF name for the private key
base-private-key)) ¶Private key KDF name
base-private-key)) ¶base-private-key)) ¶Number of iterations used to derive the key
base-private-key)) ¶Salt used by the KDF function
base-private-key)) ¶Passphrase used to encrypt the private key
base-private-key)) ¶Reset or remove passphrase for the private key.
If NIL is provided then encryption will be removed for the private key.
base-private-key)) ¶Passphrase used to encrypt the private key
Verifies the signature of the given message using the public key
base-ecdsa-nistp-public-key) message (signature signature) &key) ¶Verifies the signature of the message according to RFC 5656
ed25519-public-key) message (signature signature) &key) ¶Verifies the SIGNATURE of MESSAGE according to RFC 8032, section 5.1.7
dsa-public-key) message (signature signature) &key) ¶Verifies the SIGNATURE of MESSAGE according to RFC 4253, section 6.6
rsa-public-key) message (signature signature) &key) ¶Verifies the message using the signature as described in RFC 4253, section 6.6
Writes the key to the given stream in its text representation
base-private-key) &optional stream) ¶Writes the private key in its text representation
base-public-key) &optional stream) ¶Writes the public key in its text representation
(eql :ssh-cert-key)) (cert certificate) stream &key) ¶Encodes the OpenSSH certificate key into the given binary stream
cl-rfc4251.encoder.
(eql :cert-signature)) (value signature) stream &key) ¶Encode certificate signature into the given stream
cl-rfc4251.encoder.
(eql :ecdsa-nistp256-public-key)) (key ecdsa-nistp256-public-key) stream &key) ¶Encodes the ECDSA NIST P-256 public key into the given binary stream.
cl-rfc4251.encoder.
(eql :ecdsa-nistp521-private-key)) (key ecdsa-nistp521-private-key) stream &key) ¶Encodes the ECDSA NIST P-521 private key into the given binary stream
cl-rfc4251.encoder.
(eql :dsa-public-key)) (key dsa-public-key) stream &key) ¶Encodes the DSA public key into the given binary stream.
cl-rfc4251.encoder.
(eql :ecdsa-nistp384-private-key)) (key ecdsa-nistp384-private-key) stream &key) ¶Encodes the ECDSA NIST P-384 private key into the given binary stream
cl-rfc4251.encoder.
(eql :rsa-private-key)) (key rsa-private-key) stream &key) ¶Encodes the RSA private key into the given binary stream
cl-rfc4251.encoder.
(eql :ecdsa-nistp384-public-key)) (key ecdsa-nistp384-public-key) stream &key) ¶Encodes the ECDSA NIST P-384 public key into the given binary stream.
cl-rfc4251.encoder.
(eql :ecdsa-nistp521-public-key)) (key ecdsa-nistp521-public-key) stream &key) ¶Encodes the ECDSA NIST P-521 public key into the given binary stream.
cl-rfc4251.encoder.
(eql :rsa-public-key)) (key rsa-public-key) stream &key) ¶Encodes the RSA public key into the given binary stream.
cl-rfc4251.encoder.
(eql :ecdsa-nistp256-private-key)) (key ecdsa-nistp256-private-key) stream &key) ¶Encodes the ECDSA NIST P-256 private key into the given binary stream
cl-rfc4251.encoder.
(eql :public-key)) (key base-public-key) stream &key encode-key-type-p) ¶Encodes the public key into the binary stream according to RFC 4253, section 6.6.
If ENCODE-KEY-TYPE-P is T, then the key type name (e.g. ssh-rsa) is
encoded in the stream as well, before the actual public key components.
Some key types (e.g. OpenSSH certificate keys) do not encode the key
type name, when being embedded within a certificate.
cl-rfc4251.encoder.
(eql :ed25519-private-key)) (key ed25519-private-key) stream &key) ¶Encodes the Ed25519 private key into the given binary stream
cl-rfc4251.encoder.
(eql :ed25519-public-key)) (key ed25519-public-key) stream &key) ¶Encodes the Ed25519 public key into the given binary stream.
cl-rfc4251.encoder.
(eql :private-key)) (key base-private-key) stream &key) ¶Encodes the private key in OpenSSH private key format
cl-rfc4251.encoder.
(eql :dsa-private-key)) (key dsa-private-key) stream &key) ¶Encodes the DSA private key into the given binary stream
cl-rfc4251.encoder.
Signaled when there is a mismatch between the known key type and the encoded key type
Signaled when attempting to perform an operation on keys that are not supported
Base class for representing an OpenSSH ECDSA key
Identifier of the elliptic curve domain parameters
(error "must specify curve identifier")
:identifier
This slot is read-only.
Base class for representing an OpenSSH ECDSA private key
Base class for representing an OpenSSH ECDSA public key
Base class for representing an OpenSSH key
Base class for representing an OpenSSH private key
embedded-public-key.
encode.
fingerprint.
fingerprint.
fingerprint.
key-checksum-int.
(setf key-cipher-name).
(setf key-cipher-name).
key-cipher-name.
(setf key-kdf-name).
(setf key-kdf-name).
key-kdf-name.
(setf key-kdf-rounds).
key-kdf-rounds.
key-kdf-salt.
(setf key-passphrase).
(setf key-passphrase).
key-passphrase.
write-key.
Public key embedded in the private key
(error "must specify public key")
:public-key
This slot is read-only.
Private key cipher name
(error "must specify cipher name")
:cipher-name
Private key KDF name
(error "must specify kdf name")
:kdf-name
Salt used by the KDF function
(ironclad:random-data cl-ssh-keys:+kdf-salt-size+)
:kdf-salt
This slot is read-only.
Number of iterations used to derive the key
cl-ssh-keys:*default-kdf-rounds*
:kdf-rounds
Checksum integer for private keys
(error "must specify checksum integer")
:checksum-int
This slot is read-only.
Passphrase used to encrypt the private key
:passphrase
Base class for representing an OpenSSH public key
An OpenSSH certificate key
(setf cert-critical-options).
cert-critical-options.
(setf cert-extensions).
cert-extensions.
cert-key.
(setf cert-key-id).
cert-key-id.
(setf cert-nonce).
cert-nonce.
cert-reserved.
(setf cert-serial).
cert-serial.
(setf cert-signature).
cert-signature.
(setf cert-signature-key).
cert-signature-key.
(setf cert-type).
cert-type.
(setf cert-valid-after).
cert-valid-after.
(setf cert-valid-before).
cert-valid-before.
(setf cert-valid-principals).
cert-valid-principals.
encode.
fingerprint.
fingerprint.
fingerprint.
get-bytes-for-signing.
CA-provided nonce
(error "must provide nonce")
:nonce
The public key of the user/host
(error "must specify certificate public key")
:key
This slot is read-only.
Optional certificate serial number set by the CA
0
:serial
Certificate type. Must be either +SSH-CERT-TYPE-USER+ or +SSH-CERT-TYPE-HOST+
common-lisp.
(error "must specify certificate type")
:type
Key identity filled in by the CA at the time of signing
:key-id
List of usernames/hostnames for which this certificate is valid
:valid-principals
The validity period after which the certificate is valid
0
:valid-after
The validity period before which the certificate is valid
cl-ssh-keys:+ssh-cert-max-valid-to+
:valid-before
Certificate critical options
:critical-options
Certificate extensions
:extensions
Currently unused and ignored in this version of the protocol
:reserved
This slot is read-only.
The public key of the CA that signed the certificate
(error "must specify signature key")
:signature-key
The certificate signature
(error "must specify signature")
:signature
Represents an OpenSSH DSA private key
base-private-key.
dsa-private-key.
Represents an OpenSSH DSA public key
base-public-key.
dsa-public-key.
Represents an OpenSSH ECDSA NIST P-256 private key
base-ecdsa-nistp-private-key.
secp256r1-private-key.
Represents an OpenSSH ECDSA NIST P-256 public key
base-ecdsa-nistp-public-key.
secp256r1-public-key.
Represents an OpenSSH ECDSA NIST P-384 private key
base-ecdsa-nistp-private-key.
secp384r1-private-key.
Represents an OpenSSH ECDSA NIST P-384 public key
base-ecdsa-nistp-public-key.
secp384r1-public-key.
Represents an OpenSSH ECDSA NIST P-521 private key
base-ecdsa-nistp-private-key.
secp521r1-private-key.
Represents an OpenSSH ECDSA NIST P-521 public key
base-ecdsa-nistp-public-key.
secp521r1-public-key.
Represents an OpenSSH Ed25519 private key
base-private-key.
ed25519-private-key.
Represents an OpenSSH Ed25519 public key
base-public-key.
ed25519-public-key.
Represents an OpenSSH RSA private key
base-private-key.
rsa-private-key.
Represents an OpenSSH RSA public key
base-public-key.
rsa-public-key.
Certificate signature
Signature type
common-lisp.
(error "must specify signature type")
:type
This slot is read-only.
Computed signature blob
(error "must specify signature blob")
:blob
This slot is read-only.
Number of bytes for an Ed25519 public key
Number of bytes for an Ed25519 secret key
OpenSSH certificate signature types
Supported OpenSSH certificate options
Known and supported KDF names
Returns a cipher that can be used for encryption/decryption of a private key
base-error)) ¶key-type-mismatch-error)) ¶key-type-mismatch-error)) ¶Base error condition
simple-error.
:description
This slot is read-only.
Signaled when a key is detected as invalid
| Jump to: | (
C D E F G I K M O P R S V W |
|---|
| Jump to: | (
C D E F G I K M O P R S V W |
|---|
| Jump to: | *
+
B C D E F I K N P R S T V |
|---|
| Jump to: | *
+
B C D E F I K N P R S T V |
|---|
| Jump to: | B C D E F G I K M P R S U |
|---|
| Jump to: | B C D E F G I K M P R S U |
|---|