Class: SshTresor::AgentKey

Inherits:

Struct

• Object
• Struct
• SshTresor::AgentKey

Defined in:

lib/ssh_tresor/agent.rb

Overview

Public key identity returned by an SSH agent.

The key object stores the SSH public-key blob and comment exactly as returned by the agent. Fingerprints are derived from the public blob and are safe to store in tresor metadata.

Instance Attribute Summary

• #blob ⇒ String

  SSH wire-format public-key blob.

• #comment ⇒ String

  Agent-provided key comment.

Instance Method Summary

• #fingerprint ⇒ String

  OpenSSH-style SHA-256 fingerprint.

• #fingerprint_bytes ⇒ String

  Raw SHA-256 fingerprint bytes used inside SSHTRESR key slots.

• #key_type ⇒ String

  Human-readable key type.

• #matches_fingerprint?(prefix) ⇒ Boolean

  Checks whether the key's SHA-256 fingerprint matches a full fingerprint or unambiguous prefix.

• #md5_fingerprint ⇒ String

  Legacy MD5 fingerprint formatted as colon-separated hex.

• #security_key? ⇒ Boolean

  Whether this is an OpenSSH security-key backed identity.

• #ssh_type ⇒ String

  SSH wire key type from the public-key blob.

• #to_s ⇒ String

  CLI-friendly key summary.

Instance Attribute Details

#blob ⇒ String

SSH wire-format public-key blob.

Returns:

• (String) —

  the current value of blob

# File 'lib/ssh_tresor/agent.rb', line 19

def blob
  @blob
end

#comment ⇒ String

Agent-provided key comment.

Returns:

• (String) —

  the current value of comment

# File 'lib/ssh_tresor/agent.rb', line 19

def comment
  @comment
end

Instance Method Details

#fingerprint ⇒ String

OpenSSH-style SHA-256 fingerprint.

Returns:

• (String) —

  fingerprint such as SHA256:abc....

# File 'lib/ssh_tresor/agent.rb', line 30

def fingerprint
  "SHA256:#{Base64.strict_encode64(fingerprint_bytes).delete("=")}"
end

#fingerprint_bytes ⇒ String

Raw SHA-256 fingerprint bytes used inside SSHTRESR key slots.

Returns:

• (String) —

  32-byte SHA-256 digest of the public-key blob.

# File 'lib/ssh_tresor/agent.rb', line 23

def fingerprint_bytes
  @fingerprint_bytes ||= Digest::SHA256.digest(blob)
end

#key_type ⇒ String

Human-readable key type.

Returns:

• (String) —

  formatted key type such as ED25519 or RSA-3072.

# File 'lib/ssh_tresor/agent.rb', line 51

def key_type
  @key_type ||= Agent.format_key_type(blob)
end

#matches_fingerprint?(prefix) ⇒ Boolean

Checks whether the key's SHA-256 fingerprint matches a full fingerprint or unambiguous prefix.

Parameters:

• prefix (String) —

  fingerprint with or without the SHA256: prefix.

Returns:

• (Boolean)

# File 'lib/ssh_tresor/agent.rb', line 67

def matches_fingerprint?(prefix)
  normalized_prefix = prefix.delete_prefix("SHA256:")
  normalized_fingerprint = fingerprint.delete_prefix("SHA256:")
  normalized_fingerprint.start_with?(normalized_prefix)
end

#md5_fingerprint ⇒ String

Legacy MD5 fingerprint formatted as colon-separated hex.

Returns:

• (String) —

  MD5 fingerprint text.

# File 'lib/ssh_tresor/agent.rb', line 37

def md5_fingerprint
  Digest::MD5.digest(blob).bytes.map { |byte| "%02x" % byte }.join(":")
end

#security_key? ⇒ Boolean

Whether this is an OpenSSH security-key backed identity.

Returns:

• (Boolean)

# File 'lib/ssh_tresor/agent.rb', line 58

def security_key?
  ssh_type.start_with?("sk-")
end

#ssh_type ⇒ String

SSH wire key type from the public-key blob.

Returns:

• (String) —

  SSH key type, for example ssh-ed25519 or ssh-rsa.

# File 'lib/ssh_tresor/agent.rb', line 44

def ssh_type
  @ssh_type ||= SSHEncoding::Reader.new(blob).string
end

#to_s ⇒ String

Returns CLI-friendly key summary.

Returns:

• (String) —

  CLI-friendly key summary.

# File 'lib/ssh_tresor/agent.rb', line 74

def to_s
  "#{fingerprint} #{key_type} #{comment}"
end