ssh-agent

Ssh-agent protocol parser and serialization implementation
IN THIS PACKAGE
Module Ssh_agent . Pubkey
type ssh_ed25519 = Mirage_crypto_ec.Ed25519.pub
type options = (string * string) list

options is a list of pairs of options used in critical_options and * extensions. The first element is the name of the option, and the second * is the option's data. * * The data seems to be always encoded as a ssh wire string inside this * string. The empty string would thus be "no data".

type ssh_rsa_cert_tbs = {
nonce : string;(*

CA-provided random bitstring.

*)
pubkey : ssh_rsa;(*

The public key this certificate is valid for.

*)
serial : int64;(*

Optional serial number set by the CA. Set to zero if unused.

*)
typ : Ssh_agent__Protocol_number.ssh_cert_type;(*

Whether this is a host key certificate or a user key certificate.

*)
key_id : string;(*

Free-form text filled by the CA. Used to help identify the identity * principal.

*)
valid_principals : string list;(*

valid_principals's semantics depends on the value of typ. * For Ssh_cert_type_user it's the valid usernames, while for * Ssh_cert_type_host it's the valid hostnames.

*)
valid_after : int64;(*

valid_after defines when the certificate is valid from. It's * represented as seconds since epoch.

*)
valid_before : int64;(*

valid_before defines when the certificate becomes invalid. It's * represented as seconds since epoch.

*)
critical_options : options;(*

Critical extensions. Must be sorted lexicographically.

*)
extensions : options;(*

Non-critical extensions. Must be sorted lexicographically.

*)
reserved : string;(*

reserved is always empty currently according to the specification

*)
signature_key : t;(*

Public key used for signing the signature

*)
}
and ssh_rsa_cert = {
to_be_signed : ssh_rsa_cert_tbs;(*

The data that is signed

*)
signature : string;(*

Signature of the serialized other fields

*)
}
and t =
| Ssh_dss of ssh_dss
| Ssh_rsa of ssh_rsa
| Ssh_rsa_cert of ssh_rsa_cert
| Ssh_ed25519 of ssh_ed25519
| Blob of {
key_type : string;
key_blob : string;
}
(*

Blob is an unknown ssh wire string-unwrapped public key of type * key_type.

*)
val equal : t -> t -> bool

equal pubkey pubkey' is true if pubkey and pubkey' represent the * same public key