Ssh-agent protocol parser and serialization implementation
Module Ssh_agent . Pubkey
type ssh_ed25519 =
type options = (string * string) list

options is a list of pairs of options used in critical_options and * extensions. The first element is the name of the option, and the second * is the option's data. * * The data seems to be always encoded as a ssh wire string inside this * string. The empty string would thus be "no data".

type ssh_rsa_cert_tbs = {
nonce : string;(*

CA-provided random bitstring.

pubkey : ssh_rsa;(*

The public key this certificate is valid for.

serial : int64;(*

Optional serial number set by the CA. Set to zero if unused.

typ : Ssh_agent__Protocol_number.ssh_cert_type;(*

Whether this is a host key certificate or a user key certificate.

key_id : string;(*

Free-form text filled by the CA. Used to help identify the identity * principal.

valid_principals : string list;(*

valid_principals's semantics depends on the value of typ. * For Ssh_cert_type_user it's the valid usernames, while for * Ssh_cert_type_host it's the valid hostnames.

valid_after : int64;(*

valid_after defines when the certificate is valid from. It's * represented as seconds since epoch.

valid_before : int64;(*

valid_before defines when the certificate becomes invalid. It's * represented as seconds since epoch.

critical_options : options;(*

Critical extensions. Must be sorted lexicographically.

extensions : options;(*

Non-critical extensions. Must be sorted lexicographically.

reserved : string;(*

reserved is always empty currently according to the specification

signature_key : t;(*

Public key used for signing the signature

and ssh_rsa_cert = {
to_be_signed : ssh_rsa_cert_tbs;(*

The data that is signed

signature : string;(*

Signature of the serialized other fields

and t =
| Ssh_dss of ssh_dss
| Ssh_rsa of ssh_rsa
| Ssh_rsa_cert of ssh_rsa_cert
| Ssh_ed25519 of ssh_ed25519
| Blob of {
key_type : string;
key_blob : string;

Blob is an unknown ssh wire string-unwrapped public key of type * key_type.

val equal : t -> t -> bool

equal pubkey pubkey' is true if pubkey and pubkey' represent the * same public key