micro-key-producer/ssh.d.ts

Produces secure passwords & keys for WebCrypto, SSH, PGP, SLIP10, OTP and many others

import * as P from 'micro-packed';
/**
 * SSH length-prefixed string coder.
 * @example
 * Encode the SSH string framing used by OpenSSH packets.
 * ```ts
 * import { SSHString } from 'micro-key-producer/ssh.js';
 * SSHString.encode('ssh-ed25519');
 * ```
 */
export declare const SSHString: P.CoderType<string>;
/**
 * SSH length-prefixed byte-string coder.
 * @example
 * Encode one SSH binary blob with the standard length prefix.
 * ```ts
 * import { SSHBuf } from 'micro-key-producer/ssh.js';
 * SSHBuf.encode(new Uint8Array([1, 2, 3]));
 * ```
 */
export declare const SSHBuf: P.CoderType<Uint8Array>;
/**
 * SSH key-type tag coder for `ssh-ed25519`.
 * @example
 * Encode the fixed OpenSSH key type tag for Ed25519 keys.
 * ```ts
 * import { SSHKeyType } from 'micro-key-producer/ssh.js';
 * SSHKeyType.encode(undefined);
 * ```
 */
export declare const SSHKeyType: P.CoderType<undefined>;
/**
 * SSH public-key blob coder.
 * @example
 * Encode the raw public-key blob that OpenSSH places after `ssh-ed25519`.
 * ```ts
 * import { randomBytes } from '@noble/hashes/utils.js';
 * import { PublicKey, getKeys } from 'micro-key-producer/ssh.js';
 * const seed = randomBytes(32);
 * PublicKey.encode({ pubKey: getKeys(seed).publicKeyBytes });
 * ```
 */
export declare const PublicKey: P.CoderType<P.StructInput<{
    keyType: undefined;
    pubKey: Uint8Array;
}>>;
/**
 * SSH agent user-auth request coder.
 * @example
 * Encode the payload that SSH agents sign during public-key authentication.
 * ```ts
 * import { randomBytes } from '@noble/hashes/utils.js';
 * import { AuthData, getKeys } from 'micro-key-producer/ssh.js';
 * const seed = randomBytes(32);
 * AuthData.encode({
 *   nonce: randomBytes(32),
 *   userAuthRequest: 50,
 *   user: 'alice',
 *   conn: 'ssh-connection',
 *   auth: 'publickey',
 *   haveSig: 1,
 *   pubKey: { pubKey: getKeys(seed).publicKeyBytes },
 * });
 * ```
 */
export declare const AuthData: P.CoderType<P.StructInput<{
    nonce: Uint8Array;
    userAuthRequest: number;
    user: string;
    conn: string;
    auth: string;
    haveSig: number;
    keyType: undefined;
    pubKey: P.StructInput<{
        keyType: undefined;
        pubKey: Uint8Array;
    }>;
}>>;
/** Decoded SSH agent authentication request. */
export type AuthDataType = P.UnwrapCoder<typeof AuthData>;
/**
 * OpenSSH private-key armor coder.
 * @example
 * Decode the armored private key text that `getKeys()` emits.
 * ```ts
 * import { randomBytes } from '@noble/hashes/utils.js';
 * import { PrivateExport, getKeys } from 'micro-key-producer/ssh.js';
 * const seed = randomBytes(32);
 * PrivateExport.decode(getKeys(seed, 'alice@example.com').privateKey);
 * ```
 */
export declare const PrivateExport: P.Coder<P.StructInput<{
    magic: undefined;
    ciphername: undefined;
    kdfname: undefined;
    kdfopts: undefined;
    keys: P.StructInput<{
        pubKey: any;
        privKey: any;
    }>[];
}>, string>;
/**
 * Encodes an OpenSSH public key line.
 * @param bytes - Raw ed25519 public key bytes.
 * @param comment - Optional trailing comment.
 * @returns `ssh-ed25519 ...` public key line.
 * @example
 * Render the OpenSSH public key line you can paste into `authorized_keys`.
 * ```ts
 * import { randomBytes } from '@noble/hashes/utils.js';
 * import { formatPublicKey, getKeys } from 'micro-key-producer/ssh.js';
 * const seed = randomBytes(32);
 * formatPublicKey(getKeys(seed).publicKeyBytes, 'alice@example.com');
 * ```
 */
export declare function formatPublicKey(bytes: Uint8Array, comment?: string): string;
/**
 * Computes the OpenSSH SHA-256 fingerprint for a public key.
 * @param bytes - Raw ed25519 public key bytes.
 * @returns SSH fingerprint string.
 * @example
 * Compute the fingerprint shown by `ssh-keygen -l`.
 * ```ts
 * import { randomBytes } from '@noble/hashes/utils.js';
 * import { getFingerprint, getKeys } from 'micro-key-producer/ssh.js';
 * const seed = randomBytes(32);
 * getFingerprint(getKeys(seed).publicKeyBytes);
 * ```
 */
export declare function getFingerprint(bytes: Uint8Array): string;
/**
 * Derives deterministic OpenSSH key material from an ed25519 secret key.
 * @param privateKey - 32-byte ed25519 secret key.
 * @param comment - Optional key comment.
 * @param checkBytes - Optional repeated check bytes for the private-key block.
 * @returns Public key bytes, public key text, fingerprint, and armored private key.
 * @example
 * Export both the public and private OpenSSH key material from one seed.
 * ```ts
 * import { randomBytes } from '@noble/hashes/utils.js';
 * import { getKeys } from 'micro-key-producer/ssh.js';
 * const seed = randomBytes(32);
 * getKeys(seed, 'alice@example.com').privateKey;
 * ```
 */
export declare function getKeys(privateKey: Uint8Array, comment?: string, checkBytes?: Uint8Array): {
    publicKeyBytes: Uint8Array;
    publicKey: string;
    fingerprint: string;
    privateKey: string;
};
/**
 * Signs SSH agent authentication data with an ed25519 private key.
 * @param privateKey - 32-byte ed25519 secret key.
 * @param data - SSH agent authentication payload.
 * @returns Detached signature bytes.
 * @example
 * Sign the SSH agent payload that will be verified against the exported public key.
 * ```ts
 * import { randomBytes } from '@noble/hashes/utils.js';
 * import { authSign, getKeys } from 'micro-key-producer/ssh.js';
 * const seed = randomBytes(32);
 * const keys = getKeys(seed);
 * authSign(seed, {
 *   nonce: randomBytes(32),
 *   userAuthRequest: 50,
 *   user: 'alice',
 *   conn: 'ssh-connection',
 *   auth: 'publickey',
 *   haveSig: 1,
 *   pubKey: { pubKey: keys.publicKeyBytes },
 * });
 * ```
 */
export declare function authSign(privateKey: Uint8Array, data: AuthDataType): Uint8Array;
export default getKeys;
//# sourceMappingURL=ssh.d.ts.map