ssh-cert-parser


Namessh-cert-parser JSON
Version 0.1.post3817469255 PyPI version JSON
download
home_pagehttps://github.com/scheibling/ssh-cert-parser
SummaryA python module for parsing OpenSSH certificates
upload_time2023-01-01 15:14:31
maintainer
docs_urlNone
authorLars Scheibling
requires_python>=3.6
licenseGnuPG 3.0
keywords python openssh ssh-certificate certificate parser decoder
VCS
bugtrack_url
requirements click
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # Notice
This repository is not actively maintained, as this was only intended as a POC for the complete library [scheiblingco/sshkey-tools](https://github.com/scheiblingco/sshkey-tools). Leaving it archived here since it gives an easier/better understanding of the inner workings of the protocol.CERTKEYS certificates. 

Any code in this repository should be thoroughly tested before implementing any of it close to any production context.

# OpenSSH Certificate Parser
A python-based OpenSSH certificate parser. Based on the gist by [@corny](https://gist.github.com/corny/8264b74a130eb663dbf3d3f0fe0e0ec9)

# Limitations
- DSA parsing is currently broken, will be fixed in a future release
- Signature, signature key, public key and nonce parsing has not been implemented yet

## Installation
### From PyPi
```bash
python3 -m pip install ssh_cert_parser
```

### From source
```bash
git clone https://github.com/scheibling/ssh-cert-parser.git
cd ssh-cert-parser
python3 setup.py install
```

## Usage
### CLI
```bash
# Output to stdout as test
ssh_cert_parser.py -f /path/to/ssh/certificate

# Result:
# nonce: 8Å+c♥©¡%|ÜÂ××~♂♥íÖ°À `Ø↔¬$z
# curve: nistp256
# public_key: ♦à²÷xÒd¤r♠Ðc½§$íw▲RrwVOê∟Mç↑í»±Ãa»£¡cD↑fôæF?ê☺ëØâ↨Òþ
# serial: 123
# type: 1
# key id: ecdsa_256_ecdsa_256_serial
# valid principals:
#         principal_1
#         principal_2
#         principal_3
# valid after: 1644245220
# valid before: 1644331703
# critical options:
# extensions:
#         permit-X11-forwarding
#         permit-agent-forwarding
#         permit-port-forwarding
#         permit-pty
#         permit-user-rc
# reserved:
# signature key:
#         ecdsa-sha2-nistp256
#         nistp256
#         ♦ M0ËݵWFÝO♣5ySUw☻h▬4Õbû>üÞ♣½#>í¹þL´
# Ý*%5O!ÒhLÀgómMþûË
# signature:
#         ecdsa-sha2-nistp256
#         !¹"ºlÕ(ÄÐÐ♀↓º¤▲Klܤ}¡6vÙ ☺é04×P¥
#                                         ↑→zujÇú« õ%[ïl¬öuhR°♂

# Output to stdout as json
ssh_cert_parser.py -f /path/to/ssh/certificate --json

# Result:
# {
#     "nonce": "8\u00c5+c\u0003\u00a9\u00a1%\u008e|\u00dc\u0086\u00c2\u00d7\u00d7~\u000b\u0003\u00ed\u00d6\u0099\u0081\u00b0\u00c0\t`\u00d8\u001d\u00ac\u009a$z",
#     "curve": "nistp256",
#     "public_key": "\u0004\u00e0\u00b2\u009a\u00f7x\u00d2d\u00a4r\u0006\u00d0\u0087\u0004\bc\u0097\u009a\u00bd\u00a7$\u0097\u00edw\u001eRrwVO\u0091\u00ea\u001c\u009e?z\u00caM\u00e7\u0018\u00ed\u00bb\u00b1\u00c3a\u00bb\u00a3\u00a1cD\u0018f\u00f4\u00e6F?\u00ea\u0001\u0087\u00eb\u00d8\u00e2\u0017\u00d2\u00fe",
#     "serial": 123,
#     "type": 1,
#     "key id": "ecdsa_256_ecdsa_256_serial",
#     "valid principals": [
#         "principal_1",
#         "principal_2",
#         "principal_3"
#     ],
#     "valid after": 1644245220,
#     "valid before": 1644331703,
#     "critical options": "",
#     "extensions": [
#         "permit-X11-forwarding",
#         "permit-agent-forwarding",
#         "permit-port-forwarding",
#         "permit-pty",
#         "permit-user-rc"
#     ],
#     "reserved": "",
#     "signature key": [
#         "ecdsa-sha2-nistp256",
#         "nistp256",
#         "\u0004\u00a0M0\u00cb\u00dd\u00b5WF\u00ddO\u00055ySUw\u0002h\u00164\u008a\u00d5b\u00fb>\u00fc\u00de\u0005\u00bd#\u009e\u00c2>\u00ed\u00b9\u00feL\u00b4\u009f4\u00ef\u0085\u00dd*%5O!\u00d2h\u0099\u0090\u0083L\u00c0g\u00f3mM\u00fe\u00fb\u00cb\u009f\u00b7"
#     ],
#     "signature": [
#         "ecdsa-sha2-nistp256",
#         "\u0000\u0000\u0000!\u0000\u00b9\u008c\"\u00ba\u0007l\u00d5(\u00c4\u00d0\u00d0\f\u0019\u00ba\u00a4\u001eK\u0097l\u009en8&\u00e2\u00dc\u00a4}\u00a16\u008ev\u00d9\u0000\u0000\u0000 \u0001\u00e904\u00d7P\u00a5\u0084\u0018\u001azuj\u00c7\u00fa\u00ab\u00a0\u00f5%[\u00efl\u0096\u00ac\u00f6\u0099uhR\u00b0\u0091\u000b"
#     ]
# }

# Output to file as json
ssh_cert_parser.py -f /path/to/ssh/certificate --output /path/to/output/file.json

# Overwrite existing file if exists
ssh_cert_parser.py -f /path/to/ssh/certificate --output /path/to/output/file.json --overwrite

```

### In scripts
```python
from ssh_cert_parser.core import parse_from_string, parse_from_file, parse_from_bytes

cert_1 = parse_from_file('/path/to/ssh/certificate')

cert_2 = parse_from_string('ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAA....')

cert_3 = parse_from_bytes('ecdsa-sha2-nistp521-cert-v01', b'AAAAA....')

# To print the readable contents of a certificate
print(cert_1)

# To convert to string
str_cert2 = str(cert_1)

# To get a dict
dict_cert3 = cert_1.to_dict()

```

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/scheibling/ssh-cert-parser",
    "name": "ssh-cert-parser",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.6",
    "maintainer_email": "",
    "keywords": "python openssh ssh-certificate certificate parser decoder",
    "author": "Lars Scheibling",
    "author_email": "lars@scheibling.se",
    "download_url": "https://files.pythonhosted.org/packages/08/b5/d093c4bcd7bc23520587ad185b01bf923b0274b4428ecb409cdb28bc510e/ssh-cert-parser-0.1.post3817469255.tar.gz",
    "platform": null,
    "description": "# Notice\nThis repository is not actively maintained, as this was only intended as a POC for the complete library [scheiblingco/sshkey-tools](https://github.com/scheiblingco/sshkey-tools). Leaving it archived here since it gives an easier/better understanding of the inner workings of the protocol.CERTKEYS certificates. \n\nAny code in this repository should be thoroughly tested before implementing any of it close to any production context.\n\n# OpenSSH Certificate Parser\nA python-based OpenSSH certificate parser. Based on the gist by [@corny](https://gist.github.com/corny/8264b74a130eb663dbf3d3f0fe0e0ec9)\n\n# Limitations\n- DSA parsing is currently broken, will be fixed in a future release\n- Signature, signature key, public key and nonce parsing has not been implemented yet\n\n## Installation\n### From PyPi\n```bash\npython3 -m pip install ssh_cert_parser\n```\n\n### From source\n```bash\ngit clone https://github.com/scheibling/ssh-cert-parser.git\ncd ssh-cert-parser\npython3 setup.py install\n```\n\n## Usage\n### CLI\n```bash\n# Output to stdout as test\nssh_cert_parser.py -f /path/to/ssh/certificate\n\n# Result:\n# nonce: 8\u00c5+c\u2665\u00a9\u00a1%|\u00dc\u00c2\u00d7\u00d7~\u2642\u2665\u00ed\u00d6\u00b0\u00c0 `\u00d8\u2194\u00ac$z\n# curve: nistp256\n# public_key: \u2666\u00e0\u00b2\u00f7x\u00d2d\u00a4r\u2660\u00d0c\u00bd\u00a7$\u00edw\u25b2RrwVO\u00ea\u221fM\u00e7\u2191\u00ed\u00bb\u00b1\u00c3a\u00bb\u00a3\u00a1cD\u2191f\u00f4\u00e6F?\u00ea\u263a\u00eb\u00d8\u00e2\u21a8\u00d2\u00fe\n# serial: 123\n# type: 1\n# key id: ecdsa_256_ecdsa_256_serial\n# valid principals:\n#         principal_1\n#         principal_2\n#         principal_3\n# valid after: 1644245220\n# valid before: 1644331703\n# critical options:\n# extensions:\n#         permit-X11-forwarding\n#         permit-agent-forwarding\n#         permit-port-forwarding\n#         permit-pty\n#         permit-user-rc\n# reserved:\n# signature key:\n#         ecdsa-sha2-nistp256\n#         nistp256\n#         \u2666 M0\u00cb\u00dd\u00b5WF\u00ddO\u26635ySUw\u263bh\u25ac4\u00d5b\u00fb>\u00fc\u00de\u2663\u00bd#>\u00ed\u00b9\u00feL\u00b4\n# \u00dd*%5O!\u00d2hL\u00c0g\u00f3mM\u00fe\u00fb\u00cb\n# signature:\n#         ecdsa-sha2-nistp256\n#         !\u00b9\"\u00bal\u00d5(\u00c4\u00d0\u00d0\u2640\u2193\u00ba\u00a4\u25b2Kl\u00dc\u00a4}\u00a16v\u00d9 \u263a\u00e904\u00d7P\u00a5\n#                                         \u2191\u2192zuj\u00c7\u00fa\u00ab \u00f5%[\u00efl\u00ac\u00f6uhR\u00b0\u2642\n\n# Output to stdout as json\nssh_cert_parser.py -f /path/to/ssh/certificate --json\n\n# Result:\n# {\n#     \"nonce\": \"8\\u00c5+c\\u0003\\u00a9\\u00a1%\\u008e|\\u00dc\\u0086\\u00c2\\u00d7\\u00d7~\\u000b\\u0003\\u00ed\\u00d6\\u0099\\u0081\\u00b0\\u00c0\\t`\\u00d8\\u001d\\u00ac\\u009a$z\",\n#     \"curve\": \"nistp256\",\n#     \"public_key\": \"\\u0004\\u00e0\\u00b2\\u009a\\u00f7x\\u00d2d\\u00a4r\\u0006\\u00d0\\u0087\\u0004\\bc\\u0097\\u009a\\u00bd\\u00a7$\\u0097\\u00edw\\u001eRrwVO\\u0091\\u00ea\\u001c\\u009e?z\\u00caM\\u00e7\\u0018\\u00ed\\u00bb\\u00b1\\u00c3a\\u00bb\\u00a3\\u00a1cD\\u0018f\\u00f4\\u00e6F?\\u00ea\\u0001\\u0087\\u00eb\\u00d8\\u00e2\\u0017\\u00d2\\u00fe\",\n#     \"serial\": 123,\n#     \"type\": 1,\n#     \"key id\": \"ecdsa_256_ecdsa_256_serial\",\n#     \"valid principals\": [\n#         \"principal_1\",\n#         \"principal_2\",\n#         \"principal_3\"\n#     ],\n#     \"valid after\": 1644245220,\n#     \"valid before\": 1644331703,\n#     \"critical options\": \"\",\n#     \"extensions\": [\n#         \"permit-X11-forwarding\",\n#         \"permit-agent-forwarding\",\n#         \"permit-port-forwarding\",\n#         \"permit-pty\",\n#         \"permit-user-rc\"\n#     ],\n#     \"reserved\": \"\",\n#     \"signature key\": [\n#         \"ecdsa-sha2-nistp256\",\n#         \"nistp256\",\n#         \"\\u0004\\u00a0M0\\u00cb\\u00dd\\u00b5WF\\u00ddO\\u00055ySUw\\u0002h\\u00164\\u008a\\u00d5b\\u00fb>\\u00fc\\u00de\\u0005\\u00bd#\\u009e\\u00c2>\\u00ed\\u00b9\\u00feL\\u00b4\\u009f4\\u00ef\\u0085\\u00dd*%5O!\\u00d2h\\u0099\\u0090\\u0083L\\u00c0g\\u00f3mM\\u00fe\\u00fb\\u00cb\\u009f\\u00b7\"\n#     ],\n#     \"signature\": [\n#         \"ecdsa-sha2-nistp256\",\n#         \"\\u0000\\u0000\\u0000!\\u0000\\u00b9\\u008c\\\"\\u00ba\\u0007l\\u00d5(\\u00c4\\u00d0\\u00d0\\f\\u0019\\u00ba\\u00a4\\u001eK\\u0097l\\u009en8&\\u00e2\\u00dc\\u00a4}\\u00a16\\u008ev\\u00d9\\u0000\\u0000\\u0000 \\u0001\\u00e904\\u00d7P\\u00a5\\u0084\\u0018\\u001azuj\\u00c7\\u00fa\\u00ab\\u00a0\\u00f5%[\\u00efl\\u0096\\u00ac\\u00f6\\u0099uhR\\u00b0\\u0091\\u000b\"\n#     ]\n# }\n\n# Output to file as json\nssh_cert_parser.py -f /path/to/ssh/certificate --output /path/to/output/file.json\n\n# Overwrite existing file if exists\nssh_cert_parser.py -f /path/to/ssh/certificate --output /path/to/output/file.json --overwrite\n\n```\n\n### In scripts\n```python\nfrom ssh_cert_parser.core import parse_from_string, parse_from_file, parse_from_bytes\n\ncert_1 = parse_from_file('/path/to/ssh/certificate')\n\ncert_2 = parse_from_string('ecdsa-sha2-nistp521-cert-v01@openssh.com AAAAA....')\n\ncert_3 = parse_from_bytes('ecdsa-sha2-nistp521-cert-v01', b'AAAAA....')\n\n# To print the readable contents of a certificate\nprint(cert_1)\n\n# To convert to string\nstr_cert2 = str(cert_1)\n\n# To get a dict\ndict_cert3 = cert_1.to_dict()\n\n```\n",
    "bugtrack_url": null,
    "license": "GnuPG 3.0",
    "summary": "A python module for parsing OpenSSH certificates",
    "version": "0.1.post3817469255",
    "split_keywords": [
        "python",
        "openssh",
        "ssh-certificate",
        "certificate",
        "parser",
        "decoder"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "a554423fb7655d49bdf9fd4d7f53044a",
                "sha256": "0c1cb37683efa566c7e4ca76fabe9b5bf4ed5b892129b22b653d2be747a747df"
            },
            "downloads": -1,
            "filename": "ssh_cert_parser-0.1.post3817469255-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "a554423fb7655d49bdf9fd4d7f53044a",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.6",
            "size": 19803,
            "upload_time": "2023-01-01T15:14:30",
            "upload_time_iso_8601": "2023-01-01T15:14:30.562689Z",
            "url": "https://files.pythonhosted.org/packages/38/d6/7d02600689f4bae8f4a806bdf7b0ce715f59f822893a3a5735d04f06a834/ssh_cert_parser-0.1.post3817469255-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "md5": "905fe9c7cab64e8e239786afeb0ea054",
                "sha256": "e93bff42914b6d716b51fdc8b4017dca784bd41a2cd6c57f7fac9a5854a375aa"
            },
            "downloads": -1,
            "filename": "ssh-cert-parser-0.1.post3817469255.tar.gz",
            "has_sig": false,
            "md5_digest": "905fe9c7cab64e8e239786afeb0ea054",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.6",
            "size": 20411,
            "upload_time": "2023-01-01T15:14:31",
            "upload_time_iso_8601": "2023-01-01T15:14:31.949162Z",
            "url": "https://files.pythonhosted.org/packages/08/b5/d093c4bcd7bc23520587ad185b01bf923b0274b4428ecb409cdb28bc510e/ssh-cert-parser-0.1.post3817469255.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-01-01 15:14:31",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "github_user": "scheibling",
    "github_project": "ssh-cert-parser",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "requirements": [
        {
            "name": "click",
            "specs": []
        }
    ],
    "lcname": "ssh-cert-parser"
}
        
Elapsed time: 0.02571s