1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 | import { BerWriter, BerReader } from 'asn1';
|
11 | import crypto = require('crypto');
|
12 | import { Writable } from 'stream';
|
13 |
|
14 | declare class SshPK {}
|
15 |
|
16 | declare namespace SshPK {
|
17 |
|
18 |
|
19 | type AlgorithmType = 'dsa' | 'rsa' | 'ecdsa' | 'ed25519';
|
20 | type AlgorithmTypeWithCurve = AlgorithmType | 'curve25519';
|
21 | type ShaHashType = 'sha1' | 'sha256' | 'sha384' | 'sha512';
|
22 | type AlgorithmHashType = 'md5' | ShaHashType;
|
23 | type CurveType = 'nistp256' | 'nistp384' | 'nistp521';
|
24 | type AlgorithmPart = 'p' | 'q' | 'g' | 'y' | 'x' | 'n' | 'e' | 'd' | 'iqmp' | 'curve' | 'Q' | 'A' | 'k';
|
25 | type KeyType = 'public' | 'private';
|
26 |
|
27 | class Algo {
|
28 | parts: string[];
|
29 | sizePart?: string | undefined;
|
30 | normalize?: boolean | undefined;
|
31 | }
|
32 |
|
33 | class algInfo {
|
34 | dsa: Algo;
|
35 | rsa: Algo;
|
36 | ecdsa: Algo;
|
37 | ed25519: Algo;
|
38 | curve25519: Algo;
|
39 | }
|
40 |
|
41 | class algPrivInfo {
|
42 | dsa: Algo;
|
43 | rsa: Algo;
|
44 | ecdsa: Algo;
|
45 | ed25519: Algo;
|
46 | curve25519: Algo;
|
47 | }
|
48 |
|
49 | class hashAlgs {
|
50 | md5: boolean;
|
51 | sha1: boolean;
|
52 | sha256: boolean;
|
53 | sha384: boolean;
|
54 | sha512: boolean;
|
55 | }
|
56 |
|
57 | class Curve {
|
58 | size: number;
|
59 | pkcs8oid: string;
|
60 | p: Buffer;
|
61 | a: Buffer;
|
62 | b: Buffer;
|
63 | s: Buffer;
|
64 | n: Buffer;
|
65 | G: Buffer;
|
66 | }
|
67 |
|
68 | class curves {
|
69 | nistp256: Curve;
|
70 | nistp384: Curve;
|
71 | nistp512: Curve;
|
72 | }
|
73 |
|
74 | class algs {
|
75 | info: algInfo;
|
76 | privInfo: algPrivInfo;
|
77 | hashAlgs: hashAlgs;
|
78 | curves: curves;
|
79 | }
|
80 |
|
81 |
|
82 |
|
83 | interface CertificateOptions {
|
84 | subjects: Identity[];
|
85 | subjectKey: Key;
|
86 | issuer: Identity;
|
87 | issuerKey?: Key;
|
88 |
|
89 | signatures: { x509: Signature; openssh: Signature };
|
90 | serial: Buffer;
|
91 | validFrom: Date;
|
92 | validUntil: Date;
|
93 |
|
94 | purposes?: string[];
|
95 | }
|
96 |
|
97 | interface CertificateCreateOptions {
|
98 | lifetime?: number;
|
99 | validFrom?: Date;
|
100 | validUntil?: Date;
|
101 | serial?: Buffer;
|
102 | purposes?: string[];
|
103 | ca?: boolean;
|
104 | }
|
105 |
|
106 | type CertificateFormat = 'openssh' | 'pem' | 'x509';
|
107 |
|
108 | class Certificate {
|
109 | subjects: Identity[];
|
110 | issuer: Identity;
|
111 | subjectKey: Key;
|
112 | issuerKey?: Key;
|
113 | signatures: { x509?: Format.x509Signature; openssh?: Format.OpenSshSignature };
|
114 | serial: Buffer;
|
115 | validFrom: Date;
|
116 | validUntil: Date;
|
117 | purposes?: string[];
|
118 |
|
119 | static formats: { [key in CertificateFormat]: Format };
|
120 |
|
121 | constructor(opts: CertificateOptions);
|
122 |
|
123 | toBuffer(format: CertificateFormat, options?: Format.WriteOptions): Buffer;
|
124 |
|
125 | toString(format: CertificateFormat, options?: Format.WriteOptions): string;
|
126 |
|
127 | fingerprint(algo?: AlgorithmHashType): Fingerprint;
|
128 |
|
129 | hash(algo: AlgorithmHashType): string;
|
130 |
|
131 | isExpired(when?: Date): boolean;
|
132 |
|
133 | isSignedBy(issuerCert: Certificate): boolean;
|
134 |
|
135 | getExtension(keyOrOid: string): Format.OpenSshSignatureExt | Format.x509SignatureExt | undefined;
|
136 |
|
137 | getExtensions(): Array<Format.OpenSshSignatureExt | Format.x509SignatureExt>;
|
138 |
|
139 | isSignedByKey(issuerKey: Key): boolean;
|
140 |
|
141 | signWith(key: PrivateKey): void;
|
142 |
|
143 | static createSelfSigned(
|
144 | subjectOrSubjects: Identity | Identity[],
|
145 | key: PrivateKey,
|
146 | options?: CertificateCreateOptions,
|
147 | ): Certificate;
|
148 |
|
149 | static create(
|
150 | subjectOrSubjects: Identity | Identity[],
|
151 | key: Key | PrivateKey,
|
152 | issuer: Identity,
|
153 | issuerKey: PrivateKey,
|
154 | options?: CertificateCreateOptions,
|
155 | ): Certificate;
|
156 |
|
157 | static parse(data: string | Buffer, format: CertificateFormat, options?: string | KeyParseOptions): Certificate;
|
158 |
|
159 | static isCertificate(data: string | Buffer, ver: Version): boolean;
|
160 | }
|
161 |
|
162 | function parseCertificate(
|
163 | data: string | Buffer,
|
164 | format: CertificateFormat,
|
165 | options?: string | KeyParseOptions,
|
166 | ): Certificate;
|
167 |
|
168 | function createSelfSignedCertificate(
|
169 | subjectOrSubjects: Identity | Identity[],
|
170 | key: PrivateKey,
|
171 | options?: CertificateCreateOptions,
|
172 | ): Certificate;
|
173 |
|
174 | function createCertificate(
|
175 | subjectOrSubjects: Identity | Identity[],
|
176 | key: Key | PrivateKey,
|
177 | issuer: Identity,
|
178 | issuerKey: PrivateKey,
|
179 | options?: CertificateCreateOptions,
|
180 | ): Certificate;
|
181 |
|
182 | // == dhe.js == //
|
183 |
|
184 | class DiffieHellman {
|
185 | private constructor(key: Key | PrivateKey);
|
186 |
|
187 | getPublicKey(): Key;
|
188 | getPrivateKey(): PrivateKey | undefined;
|
189 | getKey(): PrivateKey | undefined;
|
190 | setKey(key: PrivateKey): void;
|
191 | setPrivateKey(key: PrivateKey): void;
|
192 |
|
193 | computeSecret(otherpk: Key): Buffer;
|
194 |
|
195 | generateKey(): PrivateKey;
|
196 | generateKeys(): PrivateKey;
|
197 | }
|
198 |
|
199 | // == ed-compat.js == //
|
200 |
|
201 | class Verifier extends Writable {
|
202 | constructor(key: Key, hashAlgo: 'sha512');
|
203 |
|
204 | update(chunk: string | Buffer): void;
|
205 |
|
206 | verify(signature: Signature): boolean;
|
207 | }
|
208 |
|
209 | class Signer extends Writable {
|
210 | private constructor();
|
211 |
|
212 | update(data: crypto.BinaryLike): this;
|
213 | update(data: string, input_encoding: crypto.Encoding): this;
|
214 |
|
215 | sign(private_key: crypto.KeyLike | crypto.SignKeyObjectInput | crypto.SignPrivateKeyInput): Buffer;
|
216 | sign(
|
217 | private_key: crypto.KeyLike | crypto.SignKeyObjectInput | crypto.SignPrivateKeyInput,
|
218 | output_format: crypto.BinaryToTextEncoding,
|
219 | ): string;
|
220 | sign(): Signature;
|
221 | }
|
222 |
|
223 | // == errors.js == //
|
224 |
|
225 | class FingerprintFormatError implements Error {
|
226 | name: string;
|
227 | message: string;
|
228 | fingerprint?: Fingerprint;
|
229 | format?: string;
|
230 |
|
231 | constructor(fp?: Fingerprint, format?: string);
|
232 | }
|
233 |
|
234 | class InvalidAlgorithmError implements Error {
|
235 | name: string;
|
236 | message: string;
|
237 | algorithm: string;
|
238 |
|
239 | constructor(algo: string);
|
240 | }
|
241 |
|
242 | class KeyParseError implements Error {
|
243 | name: string;
|
244 | message: string;
|
245 | format: string;
|
246 | keyName: string;
|
247 | innerErr: Error;
|
248 |
|
249 | constructor(name: string, format: string, innerErr: Error);
|
250 | }
|
251 |
|
252 | class SignatureParseError implements Error {
|
253 | name: string;
|
254 | message: string;
|
255 | type: string;
|
256 | format: string;
|
257 | innerErr: Error;
|
258 |
|
259 | constructor(type: string, format: string, innerErr: Error);
|
260 | }
|
261 |
|
262 | class KeyEncryptedError implements Error {
|
263 | name: string;
|
264 | message: string;
|
265 | format: string;
|
266 | keyName: string;
|
267 |
|
268 | constructor(name: string, format: string);
|
269 | }
|
270 |
|
271 | class CertificateParseError implements Error {
|
272 | name: string;
|
273 | message: string;
|
274 | format: string;
|
275 | certName: string;
|
276 | innerErr: Error;
|
277 |
|
278 | constructor(name: string, format: string, innerErr: Error);
|
279 | }
|
280 |
|
281 | // == fingerprint.js == //
|
282 |
|
283 | type FingerprintType = 'key' | 'certificate';
|
284 | type FingerprintHashType = 'ssh' | 'spki';
|
285 |
|
286 | interface FingerprintOptions {
|
287 | type: FingerprintType;
|
288 | hash: Buffer;
|
289 | algorithm: AlgorithmHashType;
|
290 | hashType?: FingerprintHashType;
|
291 | }
|
292 |
|
293 | interface FingerprintParseOptions {
|
294 | enAlgs?: string[];
|
295 | algotirhms?: string[];
|
296 | type?: FingerprintType;
|
297 | hashType?: FingerprintHashType;
|
298 | }
|
299 |
|
300 | class Fingerprint {
|
301 | algorithm: AlgorithmHashType;
|
302 | hash: Buffer;
|
303 | type: FingerprintType;
|
304 | constructor(opts: FingerprintOptions);
|
305 |
|
306 | toString(format?: 'hex' | 'base64'): string;
|
307 | matches(other: Key | PrivateKey | Certificate): boolean;
|
308 |
|
309 | static parse(fp: string, options?: string[] | FingerprintParseOptions): Fingerprint;
|
310 |
|
311 | static isFingerprint(obj: any, ver: Version): boolean;
|
312 | }
|
313 |
|
314 | function parseFingerprint(fp: string, options?: string[] | FingerprintParseOptions): Fingerprint;
|
315 |
|
316 | // == formats/*.js == //
|
317 |
|
318 | interface Format {
|
319 | read(buf: string | Buffer, options?: Format.ReadOptions): Key | Certificate;
|
320 | write(keyOrCert: Key | PrivateKey | Certificate, options?: Format.WriteOptions): Buffer;
|
321 | }
|
322 |
|
323 | namespace Format {
|
324 | interface ReadOptions {
|
325 | passphrase?: string | Buffer;
|
326 | cipher?: SshPrivateCipher;
|
327 | }
|
328 |
|
329 | interface WriteOptions extends ReadOptions {
|
330 | hashAlgo?: 'sha1' | 'sha256' | 'sha512';
|
331 | comment?: string;
|
332 | }
|
333 |
|
334 | interface Auto extends Format {
|
335 | read(buf: string | Buffer, options?: ReadOptions): Key;
|
336 | write(key: Key): Buffer;
|
337 | }
|
338 |
|
339 | interface DnsSec extends Format {
|
340 | read(buf: string | Buffer): Key;
|
341 | write(key: PrivateKey, options?: { hashAlgo?: 'sha1' | 'sha256' | 'sha512' }): Buffer;
|
342 | }
|
343 |
|
344 | interface OpenSshSignatureExt {
|
345 | critical: boolean;
|
346 | name: string;
|
347 | data: Buffer;
|
348 | }
|
349 |
|
350 | interface OpenSshSignature {
|
351 | nonce: Buffer;
|
352 | keyId: string;
|
353 | exts: OpenSshSignatureExt[];
|
354 | signature: Signature;
|
355 | }
|
356 |
|
357 | interface OpenSshCert extends Format {
|
358 | read(buf: string | Buffer): Certificate;
|
359 | verify(): false;
|
360 | sign(cert: Certificate, key: PrivateKey): boolean;
|
361 | signAsync(
|
362 | cert: Certificate,
|
363 | signer: (blob: Buffer, done: (err: Error | undefined, signature: Signature) => void) => void,
|
364 | done: (err?: Error) => void,
|
365 | ): void;
|
366 | write(cert: Certificate, options?: { comment?: string }): Buffer;
|
367 | }
|
368 |
|
369 | interface Pem extends Format {
|
370 | read(buf: string | Buffer, options?: ReadOptions, forceType?: 'pkcs1' | 'pkcs8'): Key;
|
371 | write(key: Key, options?: any, type?: 'pkcs1' | 'pkcs8'): Buffer;
|
372 | }
|
373 |
|
374 | interface Pkcs1 extends Format {
|
375 | read(buf: string | Buffer, options?: ReadOptions): Key;
|
376 | readPkcs1(alg: 'RSA' | 'DSA' | 'EC' | 'ECDSA', type: 'public', der: BerReader): Key;
|
377 | readPkcs1(
|
378 | alg: 'RSA' | 'DSA' | 'EC' | 'ECDSA' | 'EDDSA' | 'EdDSA',
|
379 | type: 'private',
|
380 | der: BerReader,
|
381 | ): PrivateKey;
|
382 | write(key: Key): Buffer;
|
383 | writePkcs1(der: BerWriter, key: Key): void;
|
384 | }
|
385 |
|
386 | interface Pkcs8 extends Format {
|
387 | read(buf: string | Buffer, options?: ReadOptions): Key;
|
388 | readPkcs8(alg: any, type: KeyType, der: BerReader): Key;
|
389 | write(key: Key): Buffer;
|
390 | writePkcs8(der: BerWriter, key: Key): void;
|
391 | pkcs8ToBuffer(key: Key): Buffer;
|
392 |
|
393 | readECDSACurve(der: BerReader): CurveType;
|
394 | writeECDSACurve(key: Key, der: BerWriter): void;
|
395 | }
|
396 |
|
397 | interface Putty extends Format {
|
398 | read(buf: string | Buffer): Key;
|
399 | write(key: Key): Buffer;
|
400 | }
|
401 |
|
402 | type Rfc4253Algorithm =
|
403 | | 'ssh-dss'
|
404 | | 'ssh-rsa'
|
405 | | 'ssh-ed25519'
|
406 | | 'ssh-curve25519'
|
407 | | 'ecdsa-sha2-nistp256'
|
408 | | 'ecdsa-sha2-nistp384'
|
409 | | 'ecdsa-sha2-nistp521';
|
410 |
|
411 | interface Rfc4253 extends Format {
|
412 | read(buf: string | Buffer): Key;
|
413 | readType(type: KeyType | undefined, buf: string | Buffer): Key;
|
414 | write(key: Key): Buffer;
|
415 |
|
416 | readPartial(type: KeyType | undefined, buf: string | Buffer): Key;
|
417 |
|
418 |
|
419 | readInternal(partial: boolean, type: KeyType | undefined, buf: string | Buffer): Key;
|
420 | keyTypeToAlg(key: Key): Rfc4253Algorithm;
|
421 | algToKeyType(alg: Rfc4253Algorithm): AlgorithmTypeWithCurve;
|
422 | }
|
423 |
|
424 | type SshPrivateCipher =
|
425 | | '3des-cbc'
|
426 | | 'blowfish-cbc'
|
427 | | 'aes128-cbc'
|
428 | | 'aes128-ctr'
|
429 | | 'aes128-gcm@openssh.com'
|
430 | | 'aes192-cbc'
|
431 | | 'aes192-ctr'
|
432 | | 'aes192-gcm@openssh.com'
|
433 | | 'aes256-cbc'
|
434 | | 'aes256-ctr'
|
435 | | 'aes256-gcm@openssh.com';
|
436 |
|
437 | interface SshPrivate extends Format {
|
438 | read(buf: string | Buffer, options?: ReadOptions, forceType?: 'pkcs1' | 'pkcs8'): Key;
|
439 | readSSHPrivate(type: KeyType, buf: Buffer, options: { passphrase: string | Buffer }): Key;
|
440 | write(key: Key, options?: ReadOptions): Buffer;
|
441 | }
|
442 |
|
443 | interface Ssh extends Format {
|
444 | read(buf: string | Buffer): Key;
|
445 | write(key: Key): Buffer;
|
446 | }
|
447 |
|
448 | interface x509Pem extends Format {
|
449 | read(buf: string | Buffer): Certificate;
|
450 | verify(cert: Certificate, key: Key): boolean;
|
451 | sign(cert: Certificate, key: PrivateKey): boolean;
|
452 | write(cert: Certificate): Buffer;
|
453 | }
|
454 |
|
455 | type x509SignAlgorithm =
|
456 | | 'rsa-md5'
|
457 | | 'rsa-sha1'
|
458 | | 'rsa-sha256'
|
459 | | 'rsa-sha384'
|
460 | | 'rsa-sha512'
|
461 | | 'dsa-sha1'
|
462 | | 'dsa-sha256'
|
463 | | 'ecdsa-sha1'
|
464 | | 'ecdsa-sha256'
|
465 | | 'ecdsa-sha384'
|
466 | | 'ecdsa-sha512'
|
467 | | 'ed25519-sha512';
|
468 |
|
469 | type x509ExtsOid = '2.5.29.35' | '2.5.29.17' | '2.5.29.19' | '2.5.29.15' | '2.5.29.37';
|
470 |
|
471 | interface x509SignatureExt {
|
472 | oid: x509ExtsOid;
|
473 | critical: boolean;
|
474 | pathLen?: number;
|
475 | bits?: string;
|
476 | data?: string;
|
477 | }
|
478 |
|
479 | interface x509Signature {
|
480 | signature: Signature;
|
481 | algo: x509SignAlgorithm;
|
482 | extras: { issuerUniqueID: Buffer; subjectUniqueID: Buffer; exts: x509SignatureExt[] };
|
483 | cache: Buffer;
|
484 | }
|
485 |
|
486 | interface x509 extends Format {
|
487 | read(buf: string | Buffer): Certificate;
|
488 | verify(cert: Certificate, key: Key): boolean;
|
489 | sign(cert: Certificate, key: PrivateKey): boolean;
|
490 | signAsync(
|
491 | cert: Certificate,
|
492 | signer: (blob: Buffer, done: (err: Error | undefined, signature: Signature) => void) => void,
|
493 | done: (err?: Error) => void,
|
494 | ): void;
|
495 | write(cert: Certificate): Buffer;
|
496 | }
|
497 | }
|
498 |
|
499 |
|
500 |
|
501 | type IndentityOidName =
|
502 | | 'cn'
|
503 | | 'o'
|
504 | | 'ou'
|
505 | | 'l'
|
506 | | 's'
|
507 | | 'c'
|
508 | | 'sn'
|
509 | | 'postalCode'
|
510 | | 'serialNumber'
|
511 | | 'street'
|
512 | | 'x500UniqueIdentifier'
|
513 | | 'role'
|
514 | | 'telephoneNumber'
|
515 | | 'description'
|
516 | | 'dc'
|
517 | | 'uid'
|
518 | | 'mail'
|
519 | | 'title'
|
520 | | 'gn'
|
521 | | 'initials'
|
522 | | 'pseudonym'
|
523 | | 'emailAddress';
|
524 |
|
525 | type IdentityOidValue =
|
526 | | '2.5.4.3'
|
527 | | '2.5.4.10'
|
528 | | '2.5.4.11'
|
529 | | '2.5.4.7'
|
530 | | '2.5.4.8'
|
531 | | '2.5.4.6'
|
532 | | '2.5.4.4'
|
533 | | '2.5.4.17'
|
534 | | '2.5.4.5'
|
535 | | '2.5.4.9'
|
536 | | '2.5.4.45'
|
537 | | '2.5.4.72'
|
538 | | '2.5.4.20'
|
539 | | '2.5.4.13'
|
540 | | '0.9.2342.19200300.100.1.25'
|
541 | | '0.9.2342.19200300.100.1.1'
|
542 | | '0.9.2342.19200300.100.1.3'
|
543 | | '2.5.4.12'
|
544 | | '2.5.4.42'
|
545 | | '2.5.4.43'
|
546 | | '2.5.4.65'
|
547 | | '1.2.840.113549.1.9.1';
|
548 |
|
549 | type IdentityType = 'host' | 'user' | 'email';
|
550 | type IdentityTypeWithUnknown = IdentityType | 'unknown';
|
551 |
|
552 | interface IdentityComponent {
|
553 | name?: IndentityOidName;
|
554 | oid?: IdentityOidValue;
|
555 | asn1type?: number;
|
556 | value: Buffer | string;
|
557 | }
|
558 |
|
559 | interface IdentityNameComponent {
|
560 | name: IndentityOidName;
|
561 | value: Buffer | string;
|
562 | }
|
563 |
|
564 | class Identity {
|
565 | components: IdentityComponent[];
|
566 | componentLookup: { [key in IndentityOidName]: IdentityComponent[] };
|
567 | type: IdentityTypeWithUnknown;
|
568 |
|
569 | cn?: string;
|
570 | hostname?: string;
|
571 | uid?: string;
|
572 | email?: string;
|
573 |
|
574 | constructor(opts: {
|
575 | components: IdentityComponent[];
|
576 | type?: IdentityType;
|
577 | hostname?: string;
|
578 | uid?: string;
|
579 | email?: string;
|
580 | });
|
581 |
|
582 | toString(): string;
|
583 |
|
584 | get(name: IndentityOidName, asArray?: false): string;
|
585 | get(name: IndentityOidName, asArray: true): string[];
|
586 |
|
587 | toArray(): IdentityNameComponent[];
|
588 |
|
589 | toAsn1(der: BerWriter, tag?: number): void;
|
590 |
|
591 | equals(other: Identity): boolean;
|
592 |
|
593 | static forHost(hostname: string): Identity;
|
594 | static forUser(uid: string): Identity;
|
595 | static forEmail(email: string): Identity;
|
596 | static parseDN(dn: string): Identity;
|
597 | static fromArray(components: IdentityNameComponent[]): Identity;
|
598 | static parseAsn1(dn: BerReader, top?: number): Identity;
|
599 |
|
600 | static isIdentity(obj: any, ver: Version): boolean;
|
601 | }
|
602 |
|
603 | function identityFromDN(dn: string): Identity;
|
604 | function identityForHost(hostname: string): Identity;
|
605 | function identityForUser(uid: string): Identity;
|
606 | function identityForEmail(email: string): Identity;
|
607 | function identityFromArray(components: IdentityNameComponent[]): Identity;
|
608 |
|
609 | // == key.js == //
|
610 |
|
611 | type KeyFormatType =
|
612 | | 'auto'
|
613 | | 'pem'
|
614 | | 'pkcs1'
|
615 | | 'pkcs8'
|
616 | | 'rfc4253'
|
617 | | 'ssh'
|
618 | | 'ssh-private'
|
619 | | 'openssh'
|
620 | | 'dnssec'
|
621 | | 'putty'
|
622 | | 'ppk';
|
623 |
|
624 | interface KeyPart {
|
625 | name: AlgorithmPart;
|
626 | data: Buffer;
|
627 | }
|
628 |
|
629 | interface KeyOptions {
|
630 | parts: KeyPart[];
|
631 | type: AlgorithmTypeWithCurve;
|
632 | comment?: string;
|
633 | source?: string;
|
634 | }
|
635 |
|
636 | interface KeyParseOptions extends Format.ReadOptions {
|
637 | filename?: string;
|
638 | }
|
639 |
|
640 |
|
641 | interface Verify {
|
642 | update(data: crypto.BinaryLike): Verify;
|
643 | update(data: string, input_encoding: crypto.Encoding): Verify;
|
644 |
|
645 | verify(signature: Signature): boolean;
|
646 | verify(signature: string | Buffer, fmt?: crypto.BinaryToTextEncoding): boolean;
|
647 | }
|
648 |
|
649 | class Key {
|
650 | type: AlgorithmTypeWithCurve;
|
651 | parts: KeyPart[];
|
652 | part: { [key in AlgorithmType]: KeyPart };
|
653 | comment?: string;
|
654 | source?: string;
|
655 | curve?: string;
|
656 | size: number;
|
657 | constructor(opts: KeyOptions);
|
658 |
|
659 | static formats: { [key in KeyFormatType]: Format };
|
660 |
|
661 | toBuffer(format: KeyFormatType, options?: Format.WriteOptions): Buffer;
|
662 | toString(format: KeyFormatType, options?: Format.WriteOptions): string;
|
663 | hash(algo: AlgorithmHashType, type?: FingerprintHashType): Buffer;
|
664 | fingerprint(algo?: AlgorithmHashType, type?: FingerprintHashType): Fingerprint;
|
665 | defaultHashAlgorithm(): ShaHashType;
|
666 | createVerify(algo?: AlgorithmHashType): Verify;
|
667 | createDiffieHellman(): DiffieHellman;
|
668 | createDH(): DiffieHellman;
|
669 |
|
670 | static parse(data: string | Buffer, format?: KeyFormatType, options?: string | KeyParseOptions): Key;
|
671 |
|
672 | static isKey(obj: any, ver: Version): boolean;
|
673 | }
|
674 |
|
675 | function parseKey(
|
676 | data: string | Buffer,
|
677 | format?: KeyFormatType,
|
678 | options?: string | (Format.ReadOptions & { filename?: string }),
|
679 | ): Key;
|
680 |
|
681 |
|
682 |
|
683 | type PrivateKeyFormatType =
|
684 | | 'auto'
|
685 | | 'pem'
|
686 | | 'pkcs1'
|
687 | | 'pkcs8'
|
688 | | 'rfc4253'
|
689 | | 'ssh'
|
690 | | 'ssh-private'
|
691 | | 'openssh'
|
692 | | 'dnssec';
|
693 |
|
694 | class PrivateKey {
|
695 | type: AlgorithmTypeWithCurve;
|
696 | parts: KeyPart[];
|
697 | part: { [key in AlgorithmType]: KeyPart };
|
698 | comment?: string;
|
699 | source?: string;
|
700 | curve?: string;
|
701 | size: number;
|
702 | constructor(opts: KeyOptions);
|
703 |
|
704 | toBuffer(format: PrivateKeyFormatType, options?: Format.WriteOptions): Buffer;
|
705 | toString(format: PrivateKeyFormatType, options?: Format.WriteOptions): string;
|
706 | hash(algo: AlgorithmHashType, type?: FingerprintHashType): Buffer;
|
707 | fingerprint(algo?: AlgorithmHashType, type?: FingerprintHashType): Fingerprint;
|
708 | defaultHashAlgorithm(): ShaHashType;
|
709 | toPublic(): Key;
|
710 | derive(newType: 'ed25519' | 'curve25519'): PrivateKey;
|
711 | createVerify(algo?: AlgorithmHashType): Verify;
|
712 | createSign(hashAlgo: AlgorithmHashType): Signer;
|
713 | createDiffieHellman(): DiffieHellman;
|
714 | createDH(): DiffieHellman;
|
715 |
|
716 | static parse(
|
717 | data: string | Buffer,
|
718 | format?: PrivateKeyFormatType,
|
719 | options?: string | KeyParseOptions,
|
720 | ): PrivateKey;
|
721 |
|
722 | static isPrivateKey(data: any, ver: Version): boolean;
|
723 |
|
724 | static generate(type: 'ecdsa', options?: { curve?: CurveType }): PrivateKey;
|
725 | static generate(type: 'ed25519'): PrivateKey;
|
726 | }
|
727 |
|
728 | namespace PrivateKey {
|
729 | let formats: { [key in PrivateKeyFormatType]: Format };
|
730 | }
|
731 |
|
732 | function parsePrivateKey(
|
733 | data: string | Buffer,
|
734 | format?: PrivateKeyFormatType,
|
735 | options?: string | KeyParseOptions,
|
736 | ): PrivateKey;
|
737 |
|
738 | function generatePrivateKey(type: 'ecdsa', options?: { curve?: CurveType }): PrivateKey;
|
739 | function generatePrivateKey(type: 'ed25519'): PrivateKey;
|
740 |
|
741 |
|
742 |
|
743 | type SignatureFormatType = 'asn1' | 'ssh' | 'raw';
|
744 | type SignaturePartType = 'r' | 's' | 'sig';
|
745 |
|
746 | interface SignaturePart {
|
747 | name: SignaturePartType;
|
748 | data: Buffer;
|
749 | }
|
750 |
|
751 | interface SignatureOptions {
|
752 | type: AlgorithmType;
|
753 | hashAlgo?: AlgorithmHashType;
|
754 | curve?: CurveType;
|
755 | parts: SignaturePart[];
|
756 | }
|
757 |
|
758 | class Signature {
|
759 | type: AlgorithmType;
|
760 | hashAlgorithm?: AlgorithmHashType;
|
761 | curve?: CurveType;
|
762 | parts: SignaturePart[];
|
763 | part: { [key in SignaturePartType]: SignaturePart };
|
764 |
|
765 | constructor(opts: SignatureOptions);
|
766 | toBuffer(format?: SignatureFormatType): Buffer;
|
767 | toString(format?: SignatureFormatType): string;
|
768 |
|
769 | static parse(data: string | Buffer, type: AlgorithmType, format: SignatureFormatType): Signature;
|
770 |
|
771 | static isSignature(obj: any, ver: Version): boolean;
|
772 | }
|
773 |
|
774 | function parseSignature(data: string | Buffer, type: AlgorithmType, format: SignatureFormatType): Signature;
|
775 |
|
776 | // == ssh-buffer.js == //
|
777 |
|
778 | class SSHPart {
|
779 | data: Buffer;
|
780 | }
|
781 |
|
782 | class SSHBuffer {
|
783 | constructor(opts: { buffer?: Buffer });
|
784 |
|
785 | toBuffer(): Buffer;
|
786 | atEnd(): boolean;
|
787 | remainder(): Buffer;
|
788 | skip(n: number): void;
|
789 | expand(): void;
|
790 | readPart(): SSHPart;
|
791 | readBuffer(): Buffer;
|
792 | readString(): string;
|
793 | readCString(): string;
|
794 | readInt(): number;
|
795 | readInt64(): Buffer;
|
796 | readChar(): string;
|
797 | writeBuffer(buf: Buffer): void;
|
798 | writeString(buf: string): void;
|
799 | writeCString(buf: string): void;
|
800 | writeInt(buf: number): void;
|
801 | writeInt64(buf: Buffer): void;
|
802 | writeChar(buf: string): void;
|
803 | writePart(buf: SSHPart): void;
|
804 | write(buf: Buffer): void;
|
805 | }
|
806 |
|
807 | // == utils.js == //
|
808 |
|
809 | type Version = [number, number];
|
810 |
|
811 | function bufferSplit(buf: Buffer, chr: string): Buffer[];
|
812 |
|
813 | function addRSAMissing(key: PrivateKey): void;
|
814 |
|
815 | function calculateDSAPublic(g: Buffer, p: Buffer, x: Buffer): Buffer;
|
816 |
|
817 | function calculateED25519Public(k: Buffer): Buffer;
|
818 |
|
819 | function calculateX25519Public(k: Buffer): Buffer;
|
820 |
|
821 | function mpNormalize(buf: Buffer): Buffer;
|
822 |
|
823 | function mpDenormalize(buf: Buffer): Buffer;
|
824 |
|
825 | function ecNormalize(buf: Buffer, addZero?: boolean): Buffer;
|
826 |
|
827 | function countZeros(buf: Buffer): number;
|
828 |
|
829 | function assertCompatible(obj: object, klass: any, needVer: Version, name?: string): void;
|
830 |
|
831 | function isCompatible(obj: object, klass: any, needVer: Version): boolean;
|
832 |
|
833 | interface OpenSslKeyDeriv {
|
834 | key: Buffer;
|
835 | iv: Buffer;
|
836 | }
|
837 |
|
838 | function opensslKeyDeriv(
|
839 | cipher: 'des-ede3-cbc' | 'aes-128-cbc' | 'aes-256-cbc',
|
840 | salt: Buffer,
|
841 | passphrase: Buffer,
|
842 | count: number,
|
843 | ): OpenSslKeyDeriv;
|
844 |
|
845 | type OpenSshCipherName =
|
846 | | 'des-ede3-cbc'
|
847 | | 'bf-cbc'
|
848 | | 'aes-128-cbc'
|
849 | | 'aes-128-ctr'
|
850 | | 'aes-128-gcm'
|
851 | | 'aes-192-cbc'
|
852 | | 'aes-192-ctr'
|
853 | | 'aes-192-gcm'
|
854 | | 'aes-256-cbc'
|
855 | | 'aes-256-ctr'
|
856 | | 'aes-256-gcm';
|
857 |
|
858 | class OpenSshCipherInfo {
|
859 | keySize: number;
|
860 | blockSize: number;
|
861 | opensslName: OpenSshCipherName;
|
862 | }
|
863 |
|
864 | function opensshCipherInfo(cipter: Format.SshPrivateCipher): OpenSshCipherInfo;
|
865 |
|
866 | function publicFromPrivateECDSA(curveName: CurveType, priv: Buffer): Key;
|
867 |
|
868 | function zeroPadToLength(buf: Buffer, len: number): Buffer;
|
869 |
|
870 | function writeBitString(der: BerWriter, buf: Buffer, tag?: number): void;
|
871 |
|
872 | function readBitString(der: BerReader, tag?: number): Buffer;
|
873 |
|
874 | function pbkdf2(
|
875 | hashAlg: string,
|
876 | salt: Buffer,
|
877 | iterations: number,
|
878 | size: number,
|
879 | passphrase: crypto.BinaryLike,
|
880 | ): Buffer;
|
881 | }
|
882 |
|
883 | export = SshPK;
|