Skip to content

Instantly share code, notes, and snippets.

@lukateras

lukateras/ssh-agent-signify.py

Last active March 16, 2020 14:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lukateras/cc357746d925688f19384a1477c8c8bb to your computer and use it in GitHub Desktop.
Save lukateras/cc357746d925688f19384a1477c8c8bb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssh-agent-signify.py
# SPDX-License-Identifier: 0BSD
from base64 import b64encode
from hashlib import blake2b
from paramiko.agent import Agent
from paramiko.message import Message
from sys import stdin
import click
@click.group()
@click.option('--index', default=0, help='Set SSH key index. (default: 0)')
@click.pass_context
def cli(ctx, index):
ctx.obj['index'] = index
def get_key(ctx):
return Agent().get_keys()[ctx.obj['index']]
def get_msg_data(msg):
msg = Message(msg)
return {
'type': msg.get_text(),
'blob': msg.get_binary()
}
def get_key_id(key_blob):
return blake2b(key_blob, digest_size=8).digest()
def fmt_signify(key, data_type=None, data=None):
key_data = get_msg_data(key.asbytes())
if key_data['type'] != 'ssh-ed25519':
raise ValueError('not an Ed25519 key')
if data_type is None:
data_type = 'pubkey'
data = key_data['blob']
return '\n'.join([
f"untrusted comment: {data_type}: {key_data['type']} {key.get_base64()}",
b64encode(b'Ed' + get_key_id(key_data['blob']) + data).decode()
])
@cli.command()
@click.pass_context
def pubkey(ctx):
"""Print signify public key."""
print(fmt_signify(get_key(ctx)))
@cli.command()
@click.pass_context
def sign(ctx):
"""Print signify signature for stdin."""
key = get_key(ctx)
sig = get_msg_data(key.sign_ssh_data(stdin.read()))
print(fmt_signify(key, 'sig', sig['blob']))
if __name__ == '__main__':
cli(obj={})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment