Understanding SSH Certificate signatures

Brian Candler b.candler at pobox.com
Tue Feb 9 19:22:27 AEDT 2021


On 09/02/2021 06:20, Digant Kasundra wrote:
> I haven't found a good Rust library to verify that a presented OpenSSH
> public certificate is valid.  My plan is to compare the signature_key to my
> trusted CA certs and verify the signature in the user's public certificate.

I can't help you with a Rust library, but maybe it's worth going through 
what Go's x/crypto/ssh package does?

https://github.com/golang/crypto/blob/eec23a3978ad/ssh/certs.go#L410




More information about the openssh-unix-dev mailing list