Categories: None [Edit]
ssh_sig
# SshSig - SSH signature verification in pure ruby
SshSig is a Ruby gem which can be used to verify signatures signed created by `ssh-keygen`.
This capability was [first added](https://github.com/openssh/openssh-portable/commit/2a9c9f7272c1e8665155118fe6536bebdafb6166) in OpenSSH 8.0
allows SSH keys to be used for GPG-like signing capabilities, [including signing git commits](https://github.com/git/git/pull/1041).
## Installation
Add this line to your application's Gemfile:
```ruby
gem 'ssh_sig'
```
And then execute:
$ bundle install
Or install it yourself as:
$ gem install ssh_sig
## Usage
Version 1 of [the SSH signature format](https://github.com/openssh/openssh-portable/blob/b7ffbb17e37f59249c31f1ff59d6c5d80888f689/PROTOCOL.sshsig)
supports `ed25519` and `rsa` keys. It is recommended that you use `ed25519` over `rsa` where possible (`ssh-keygen -t ed25519`).
In order to verify a signature you need:
1. The public key of the sender
1. The signature file
1. The message to be verified.
```ruby
require 'ssh_sig'
armored_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILXPkJPI4TMFWZP4xRBQjNeizUG99KuZCt9G23rX48kz"
blob = ::SshSig::Blob.from_armor(
<<~EOF
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgtc+Qk8jhMwVZk/jFEFCM16LNQb
30q5kK30bbetfjyTMAAAAEZmlsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQyNTUx
OQAAAECJITeYJIlEeydsCTh1DkfdhlDJFBa73ojfWe0MbrIzoJKd9THd9WeQrhygSRGsNG
cU/stk3/919nykg67yG2gN
-----END SSH SIGNATURE-----
EOF
)
message = "This message was definitely sent by Brian Williams"
valid = ::SshSig::Verifier
.from_armored_pubkey(armored_pubkey)
.verify(blob, message)
if valid
puts 'Signature is valid'
else
puts 'Signature is not valid'
end
```
Signatures can be created using `ssh-keygen -Y sign -n file -f ~/.ssh/ed_25519 message.txt`
and will be outputted in `message.txt.sig`.
Public keys can be found in a variety of places, including:
- Your `~/.ssh/id_.pub` file
- `authorized_keys` files on servers
- `https://gitlab.com/....
Total
Ranking: 156,495 of 180,554
Downloads: 2,860
Daily
Ranking: 93,573 of 180,543
Downloads: 1
Downloads Trends
Ranking Trends
Num of Versions Trends
Popular Versions (Major)
Popular Versions (Major.Minor)
Depended by
Rank | Downloads | Name |
---|
Depends on
Rank | Downloads | Name |
---|---|---|
82 | 352,366,182 | zeitwerk |
113 | 268,051,207 | net-ssh |
668 | 56,947,505 | ed25519 |
753 | 49,201,615 | bcrypt_pbkdf |
814 | 43,018,435 | rspec-parameterized |
1,138 | 25,709,340 | gitlab-styles |
Owners
# | Gravatar | Handle |
---|---|---|
1 | bwill |