1 |
|
2 |
|
3 | import { BerReader, BerWriter } from "asn1";
|
4 | import crypto = require("crypto");
|
5 | import { Writable } from "stream";
|
6 |
|
7 | declare class SshPK {}
|
8 |
|
9 | declare namespace SshPK {
|
10 |
|
11 |
|
12 | type AlgorithmType = "dsa" | "rsa" | "ecdsa" | "ed25519";
|
13 | type AlgorithmTypeWithCurve = AlgorithmType | "curve25519";
|
14 | type ShaHashType = "sha1" | "sha256" | "sha384" | "sha512";
|
15 | type AlgorithmHashType = "md5" | ShaHashType;
|
16 | type CurveType = "nistp256" | "nistp384" | "nistp521";
|
17 | type AlgorithmPart = "p" | "q" | "g" | "y" | "x" | "n" | "e" | "d" | "iqmp" | "curve" | "Q" | "A" | "k";
|
18 | type KeyType = "public" | "private";
|
19 |
|
20 | class Algo {
|
21 | parts: string[];
|
22 | sizePart?: string | undefined;
|
23 | normalize?: boolean | undefined;
|
24 | }
|
25 |
|
26 | class algInfo {
|
27 | dsa: Algo;
|
28 | rsa: Algo;
|
29 | ecdsa: Algo;
|
30 | ed25519: Algo;
|
31 | curve25519: Algo;
|
32 | }
|
33 |
|
34 | class algPrivInfo {
|
35 | dsa: Algo;
|
36 | rsa: Algo;
|
37 | ecdsa: Algo;
|
38 | ed25519: Algo;
|
39 | curve25519: Algo;
|
40 | }
|
41 |
|
42 | class hashAlgs {
|
43 | md5: boolean;
|
44 | sha1: boolean;
|
45 | sha256: boolean;
|
46 | sha384: boolean;
|
47 | sha512: boolean;
|
48 | }
|
49 |
|
50 | class Curve {
|
51 | size: number;
|
52 | pkcs8oid: string;
|
53 | p: Buffer;
|
54 | a: Buffer;
|
55 | b: Buffer;
|
56 | s: Buffer;
|
57 | n: Buffer;
|
58 | G: Buffer;
|
59 | }
|
60 |
|
61 | class curves {
|
62 | nistp256: Curve;
|
63 | nistp384: Curve;
|
64 | nistp512: Curve;
|
65 | }
|
66 |
|
67 | class algs {
|
68 | info: algInfo;
|
69 | privInfo: algPrivInfo;
|
70 | hashAlgs: hashAlgs;
|
71 | curves: curves;
|
72 | }
|
73 |
|
74 |
|
75 |
|
76 | interface CertificateOptions {
|
77 | subjects: Identity[];
|
78 | subjectKey: Key;
|
79 | issuer: Identity;
|
80 | issuerKey?: Key;
|
81 |
|
82 | signatures: { x509: Signature; openssh: Signature };
|
83 | serial: Buffer;
|
84 | validFrom: Date;
|
85 | validUntil: Date;
|
86 |
|
87 | purposes?: string[];
|
88 | }
|
89 |
|
90 | interface CertificateCreateOptions {
|
91 | lifetime?: number;
|
92 | validFrom?: Date;
|
93 | validUntil?: Date;
|
94 | serial?: Buffer;
|
95 | purposes?: string[];
|
96 | ca?: boolean;
|
97 | }
|
98 |
|
99 | type CertificateFormat = "openssh" | "pem" | "x509";
|
100 |
|
101 | class Certificate {
|
102 | subjects: Identity[];
|
103 | issuer: Identity;
|
104 | subjectKey: Key;
|
105 | issuerKey?: Key;
|
106 | signatures: { x509?: Format.x509Signature; openssh?: Format.OpenSshSignature };
|
107 | serial: Buffer;
|
108 | validFrom: Date;
|
109 | validUntil: Date;
|
110 | purposes?: string[];
|
111 |
|
112 | static formats: { [key in CertificateFormat]: Format };
|
113 |
|
114 | constructor(opts: CertificateOptions);
|
115 |
|
116 | toBuffer(format: CertificateFormat, options?: Format.WriteOptions): Buffer;
|
117 |
|
118 | toString(format: CertificateFormat, options?: Format.WriteOptions): string;
|
119 |
|
120 | fingerprint(algo?: AlgorithmHashType): Fingerprint;
|
121 |
|
122 | hash(algo: AlgorithmHashType): string;
|
123 |
|
124 | isExpired(when?: Date): boolean;
|
125 |
|
126 | isSignedBy(issuerCert: Certificate): boolean;
|
127 |
|
128 | getExtension(keyOrOid: string): Format.OpenSshSignatureExt | Format.x509SignatureExt | undefined;
|
129 |
|
130 | getExtensions(): Array<Format.OpenSshSignatureExt | Format.x509SignatureExt>;
|
131 |
|
132 | isSignedByKey(issuerKey: Key): boolean;
|
133 |
|
134 | signWith(key: PrivateKey): void;
|
135 |
|
136 | static createSelfSigned(
|
137 | subjectOrSubjects: Identity | Identity[],
|
138 | key: PrivateKey,
|
139 | options?: CertificateCreateOptions,
|
140 | ): Certificate;
|
141 |
|
142 | static create(
|
143 | subjectOrSubjects: Identity | Identity[],
|
144 | key: Key | PrivateKey,
|
145 | issuer: Identity,
|
146 | issuerKey: PrivateKey,
|
147 | options?: CertificateCreateOptions,
|
148 | ): Certificate;
|
149 |
|
150 | static parse(data: string | Buffer, format: CertificateFormat, options?: string | KeyParseOptions): Certificate;
|
151 |
|
152 | static isCertificate(data: string | Buffer, ver: Version): boolean;
|
153 | }
|
154 |
|
155 | function parseCertificate(
|
156 | data: string | Buffer,
|
157 | format: CertificateFormat,
|
158 | options?: string | KeyParseOptions,
|
159 | ): Certificate;
|
160 |
|
161 | function createSelfSignedCertificate(
|
162 | subjectOrSubjects: Identity | Identity[],
|
163 | key: PrivateKey,
|
164 | options?: CertificateCreateOptions,
|
165 | ): Certificate;
|
166 |
|
167 | function createCertificate(
|
168 | subjectOrSubjects: Identity | Identity[],
|
169 | key: Key | PrivateKey,
|
170 | issuer: Identity,
|
171 | issuerKey: PrivateKey,
|
172 | options?: CertificateCreateOptions,
|
173 | ): Certificate;
|
174 |
|
175 | // == dhe.js == //
|
176 |
|
177 | class DiffieHellman {
|
178 | private constructor(key: Key | PrivateKey);
|
179 |
|
180 | getPublicKey(): Key;
|
181 | getPrivateKey(): PrivateKey | undefined;
|
182 | getKey(): PrivateKey | undefined;
|
183 | setKey(key: PrivateKey): void;
|
184 | setPrivateKey(key: PrivateKey): void;
|
185 |
|
186 | computeSecret(otherpk: Key): Buffer;
|
187 |
|
188 | generateKey(): PrivateKey;
|
189 | generateKeys(): PrivateKey;
|
190 | }
|
191 |
|
192 | // == ed-compat.js == //
|
193 |
|
194 | class Verifier extends Writable {
|
195 | constructor(key: Key, hashAlgo: "sha512");
|
196 |
|
197 | update(chunk: string | Buffer): void;
|
198 |
|
199 | verify(signature: Signature): boolean;
|
200 | }
|
201 |
|
202 | class Signer extends Writable {
|
203 | private constructor();
|
204 |
|
205 | update(data: crypto.BinaryLike): this;
|
206 | update(data: string, input_encoding: crypto.Encoding): this;
|
207 |
|
208 | sign(private_key: crypto.KeyLike | crypto.SignKeyObjectInput | crypto.SignPrivateKeyInput): Buffer;
|
209 | sign(
|
210 | private_key: crypto.KeyLike | crypto.SignKeyObjectInput | crypto.SignPrivateKeyInput,
|
211 | output_format: crypto.BinaryToTextEncoding,
|
212 | ): string;
|
213 | sign(): Signature;
|
214 | }
|
215 |
|
216 | // == errors.js == //
|
217 |
|
218 | class FingerprintFormatError implements Error {
|
219 | name: string;
|
220 | message: string;
|
221 | fingerprint?: Fingerprint;
|
222 | format?: string;
|
223 |
|
224 | constructor(fp?: Fingerprint, format?: string);
|
225 | }
|
226 |
|
227 | class InvalidAlgorithmError implements Error {
|
228 | name: string;
|
229 | message: string;
|
230 | algorithm: string;
|
231 |
|
232 | constructor(algo: string);
|
233 | }
|
234 |
|
235 | class KeyParseError implements Error {
|
236 | name: string;
|
237 | message: string;
|
238 | format: string;
|
239 | keyName: string;
|
240 | innerErr: Error;
|
241 |
|
242 | constructor(name: string, format: string, innerErr: Error);
|
243 | }
|
244 |
|
245 | class SignatureParseError implements Error {
|
246 | name: string;
|
247 | message: string;
|
248 | type: string;
|
249 | format: string;
|
250 | innerErr: Error;
|
251 |
|
252 | constructor(type: string, format: string, innerErr: Error);
|
253 | }
|
254 |
|
255 | class KeyEncryptedError implements Error {
|
256 | name: string;
|
257 | message: string;
|
258 | format: string;
|
259 | keyName: string;
|
260 |
|
261 | constructor(name: string, format: string);
|
262 | }
|
263 |
|
264 | class CertificateParseError implements Error {
|
265 | name: string;
|
266 | message: string;
|
267 | format: string;
|
268 | certName: string;
|
269 | innerErr: Error;
|
270 |
|
271 | constructor(name: string, format: string, innerErr: Error);
|
272 | }
|
273 |
|
274 | // == fingerprint.js == //
|
275 |
|
276 | type FingerprintType = "key" | "certificate";
|
277 | type FingerprintHashType = "ssh" | "spki";
|
278 |
|
279 | interface FingerprintOptions {
|
280 | type: FingerprintType;
|
281 | hash: Buffer;
|
282 | algorithm: AlgorithmHashType;
|
283 | hashType?: FingerprintHashType;
|
284 | }
|
285 |
|
286 | interface FingerprintParseOptions {
|
287 | enAlgs?: string[];
|
288 | algotirhms?: string[];
|
289 | type?: FingerprintType;
|
290 | hashType?: FingerprintHashType;
|
291 | }
|
292 |
|
293 | class Fingerprint {
|
294 | algorithm: AlgorithmHashType;
|
295 | hash: Buffer;
|
296 | type: FingerprintType;
|
297 | constructor(opts: FingerprintOptions);
|
298 |
|
299 | toString(format?: "hex" | "base64"): string;
|
300 | matches(other: Key | PrivateKey | Certificate): boolean;
|
301 |
|
302 | static parse(fp: string, options?: string[] | FingerprintParseOptions): Fingerprint;
|
303 |
|
304 | static isFingerprint(obj: any, ver: Version): boolean;
|
305 | }
|
306 |
|
307 | function parseFingerprint(fp: string, options?: string[] | FingerprintParseOptions): Fingerprint;
|
308 |
|
309 | // == formats/*.js == //
|
310 |
|
311 | interface Format {
|
312 | read(buf: string | Buffer, options?: Format.ReadOptions): Key | Certificate;
|
313 | write(keyOrCert: Key | PrivateKey | Certificate, options?: Format.WriteOptions): Buffer;
|
314 | }
|
315 |
|
316 | namespace Format {
|
317 | interface ReadOptions {
|
318 | passphrase?: string | Buffer;
|
319 | cipher?: SshPrivateCipher;
|
320 | }
|
321 |
|
322 | interface WriteOptions extends ReadOptions {
|
323 | hashAlgo?: "sha1" | "sha256" | "sha512";
|
324 | comment?: string;
|
325 | }
|
326 |
|
327 | interface Auto extends Format {
|
328 | read(buf: string | Buffer, options?: ReadOptions): Key;
|
329 | write(key: Key): Buffer;
|
330 | }
|
331 |
|
332 | interface DnsSec extends Format {
|
333 | read(buf: string | Buffer): Key;
|
334 | write(key: PrivateKey, options?: { hashAlgo?: "sha1" | "sha256" | "sha512" }): Buffer;
|
335 | }
|
336 |
|
337 | interface OpenSshSignatureExt {
|
338 | critical: boolean;
|
339 | name: string;
|
340 | data: Buffer;
|
341 | }
|
342 |
|
343 | interface OpenSshSignature {
|
344 | nonce: Buffer;
|
345 | keyId: string;
|
346 | exts: OpenSshSignatureExt[];
|
347 | signature: Signature;
|
348 | }
|
349 |
|
350 | interface OpenSshCert extends Format {
|
351 | read(buf: string | Buffer): Certificate;
|
352 | verify(): false;
|
353 | sign(cert: Certificate, key: PrivateKey): boolean;
|
354 | signAsync(
|
355 | cert: Certificate,
|
356 | signer: (blob: Buffer, done: (err: Error | undefined, signature: Signature) => void) => void,
|
357 | done: (err?: Error) => void,
|
358 | ): void;
|
359 | write(cert: Certificate, options?: { comment?: string }): Buffer;
|
360 | }
|
361 |
|
362 | interface Pem extends Format {
|
363 | read(buf: string | Buffer, options?: ReadOptions, forceType?: "pkcs1" | "pkcs8"): Key;
|
364 | write(key: Key, options?: any, type?: "pkcs1" | "pkcs8"): Buffer;
|
365 | }
|
366 |
|
367 | interface Pkcs1 extends Format {
|
368 | read(buf: string | Buffer, options?: ReadOptions): Key;
|
369 | readPkcs1(alg: "RSA" | "DSA" | "EC" | "ECDSA", type: "public", der: BerReader): Key;
|
370 | readPkcs1(
|
371 | alg: "RSA" | "DSA" | "EC" | "ECDSA" | "EDDSA" | "EdDSA",
|
372 | type: "private",
|
373 | der: BerReader,
|
374 | ): PrivateKey;
|
375 | write(key: Key): Buffer;
|
376 | writePkcs1(der: BerWriter, key: Key): void;
|
377 | }
|
378 |
|
379 | interface Pkcs8 extends Format {
|
380 | read(buf: string | Buffer, options?: ReadOptions): Key;
|
381 | readPkcs8(alg: any, type: KeyType, der: BerReader): Key;
|
382 | write(key: Key): Buffer;
|
383 | writePkcs8(der: BerWriter, key: Key): void;
|
384 | pkcs8ToBuffer(key: Key): Buffer;
|
385 |
|
386 | readECDSACurve(der: BerReader): CurveType;
|
387 | writeECDSACurve(key: Key, der: BerWriter): void;
|
388 | }
|
389 |
|
390 | interface Putty extends Format {
|
391 | read(buf: string | Buffer): Key;
|
392 | write(key: Key): Buffer;
|
393 | }
|
394 |
|
395 | type Rfc4253Algorithm =
|
396 | | "ssh-dss"
|
397 | | "ssh-rsa"
|
398 | | "ssh-ed25519"
|
399 | | "ssh-curve25519"
|
400 | | "ecdsa-sha2-nistp256"
|
401 | | "ecdsa-sha2-nistp384"
|
402 | | "ecdsa-sha2-nistp521";
|
403 |
|
404 | interface Rfc4253 extends Format {
|
405 | read(buf: string | Buffer): Key;
|
406 | readType(type: KeyType | undefined, buf: string | Buffer): Key;
|
407 | write(key: Key): Buffer;
|
408 |
|
409 | readPartial(type: KeyType | undefined, buf: string | Buffer): Key;
|
410 |
|
411 |
|
412 | readInternal(partial: boolean, type: KeyType | undefined, buf: string | Buffer): Key;
|
413 | keyTypeToAlg(key: Key): Rfc4253Algorithm;
|
414 | algToKeyType(alg: Rfc4253Algorithm): AlgorithmTypeWithCurve;
|
415 | }
|
416 |
|
417 | type SshPrivateCipher =
|
418 | | "3des-cbc"
|
419 | | "blowfish-cbc"
|
420 | | "aes128-cbc"
|
421 | | "aes128-ctr"
|
422 | | "aes128-gcm@openssh.com"
|
423 | | "aes192-cbc"
|
424 | | "aes192-ctr"
|
425 | | "aes192-gcm@openssh.com"
|
426 | | "aes256-cbc"
|
427 | | "aes256-ctr"
|
428 | | "aes256-gcm@openssh.com";
|
429 |
|
430 | interface SshPrivate extends Format {
|
431 | read(buf: string | Buffer, options?: ReadOptions, forceType?: "pkcs1" | "pkcs8"): Key;
|
432 | readSSHPrivate(type: KeyType, buf: Buffer, options: { passphrase: string | Buffer }): Key;
|
433 | write(key: Key, options?: ReadOptions): Buffer;
|
434 | }
|
435 |
|
436 | interface Ssh extends Format {
|
437 | read(buf: string | Buffer): Key;
|
438 | write(key: Key): Buffer;
|
439 | }
|
440 |
|
441 | interface x509Pem extends Format {
|
442 | read(buf: string | Buffer): Certificate;
|
443 | verify(cert: Certificate, key: Key): boolean;
|
444 | sign(cert: Certificate, key: PrivateKey): boolean;
|
445 | write(cert: Certificate): Buffer;
|
446 | }
|
447 |
|
448 | type x509SignAlgorithm =
|
449 | | "rsa-md5"
|
450 | | "rsa-sha1"
|
451 | | "rsa-sha256"
|
452 | | "rsa-sha384"
|
453 | | "rsa-sha512"
|
454 | | "dsa-sha1"
|
455 | | "dsa-sha256"
|
456 | | "ecdsa-sha1"
|
457 | | "ecdsa-sha256"
|
458 | | "ecdsa-sha384"
|
459 | | "ecdsa-sha512"
|
460 | | "ed25519-sha512";
|
461 |
|
462 | type x509ExtsOid = "2.5.29.35" | "2.5.29.17" | "2.5.29.19" | "2.5.29.15" | "2.5.29.37";
|
463 |
|
464 | interface x509SignatureExt {
|
465 | oid: x509ExtsOid;
|
466 | critical: boolean;
|
467 | pathLen?: number;
|
468 | bits?: string;
|
469 | data?: string;
|
470 | }
|
471 |
|
472 | interface x509Signature {
|
473 | signature: Signature;
|
474 | algo: x509SignAlgorithm;
|
475 | extras: { issuerUniqueID: Buffer; subjectUniqueID: Buffer; exts: x509SignatureExt[] };
|
476 | cache: Buffer;
|
477 | }
|
478 |
|
479 | interface x509 extends Format {
|
480 | read(buf: string | Buffer): Certificate;
|
481 | verify(cert: Certificate, key: Key): boolean;
|
482 | sign(cert: Certificate, key: PrivateKey): boolean;
|
483 | signAsync(
|
484 | cert: Certificate,
|
485 | signer: (blob: Buffer, done: (err: Error | undefined, signature: Signature) => void) => void,
|
486 | done: (err?: Error) => void,
|
487 | ): void;
|
488 | write(cert: Certificate): Buffer;
|
489 | }
|
490 | }
|
491 |
|
492 |
|
493 |
|
494 | type IndentityOidName =
|
495 | | "cn"
|
496 | | "o"
|
497 | | "ou"
|
498 | | "l"
|
499 | | "s"
|
500 | | "c"
|
501 | | "sn"
|
502 | | "postalCode"
|
503 | | "serialNumber"
|
504 | | "street"
|
505 | | "x500UniqueIdentifier"
|
506 | | "role"
|
507 | | "telephoneNumber"
|
508 | | "description"
|
509 | | "dc"
|
510 | | "uid"
|
511 | | "mail"
|
512 | | "title"
|
513 | | "gn"
|
514 | | "initials"
|
515 | | "pseudonym"
|
516 | | "emailAddress";
|
517 |
|
518 | type IdentityOidValue =
|
519 | | "2.5.4.3"
|
520 | | "2.5.4.10"
|
521 | | "2.5.4.11"
|
522 | | "2.5.4.7"
|
523 | | "2.5.4.8"
|
524 | | "2.5.4.6"
|
525 | | "2.5.4.4"
|
526 | | "2.5.4.17"
|
527 | | "2.5.4.5"
|
528 | | "2.5.4.9"
|
529 | | "2.5.4.45"
|
530 | | "2.5.4.72"
|
531 | | "2.5.4.20"
|
532 | | "2.5.4.13"
|
533 | | "0.9.2342.19200300.100.1.25"
|
534 | | "0.9.2342.19200300.100.1.1"
|
535 | | "0.9.2342.19200300.100.1.3"
|
536 | | "2.5.4.12"
|
537 | | "2.5.4.42"
|
538 | | "2.5.4.43"
|
539 | | "2.5.4.65"
|
540 | | "1.2.840.113549.1.9.1";
|
541 |
|
542 | type IdentityType = "host" | "user" | "email";
|
543 | type IdentityTypeWithUnknown = IdentityType | "unknown";
|
544 |
|
545 | interface IdentityComponent {
|
546 | name?: IndentityOidName;
|
547 | oid?: IdentityOidValue;
|
548 | asn1type?: number;
|
549 | value: Buffer | string;
|
550 | }
|
551 |
|
552 | interface IdentityNameComponent {
|
553 | name: IndentityOidName;
|
554 | value: Buffer | string;
|
555 | }
|
556 |
|
557 | class Identity {
|
558 | components: IdentityComponent[];
|
559 | componentLookup: { [key in IndentityOidName]: IdentityComponent[] };
|
560 | type: IdentityTypeWithUnknown;
|
561 |
|
562 | cn?: string;
|
563 | hostname?: string;
|
564 | uid?: string;
|
565 | email?: string;
|
566 |
|
567 | constructor(opts: {
|
568 | components: IdentityComponent[];
|
569 | type?: IdentityType;
|
570 | hostname?: string;
|
571 | uid?: string;
|
572 | email?: string;
|
573 | });
|
574 |
|
575 | toString(): string;
|
576 |
|
577 | get(name: IndentityOidName, asArray?: false): string;
|
578 | get(name: IndentityOidName, asArray: true): string[];
|
579 |
|
580 | toArray(): IdentityNameComponent[];
|
581 |
|
582 | toAsn1(der: BerWriter, tag?: number): void;
|
583 |
|
584 | equals(other: Identity): boolean;
|
585 |
|
586 | static forHost(hostname: string): Identity;
|
587 | static forUser(uid: string): Identity;
|
588 | static forEmail(email: string): Identity;
|
589 | static parseDN(dn: string): Identity;
|
590 | static fromArray(components: IdentityNameComponent[]): Identity;
|
591 | static parseAsn1(dn: BerReader, top?: number): Identity;
|
592 |
|
593 | static isIdentity(obj: any, ver: Version): boolean;
|
594 | }
|
595 |
|
596 | function identityFromDN(dn: string): Identity;
|
597 | function identityForHost(hostname: string): Identity;
|
598 | function identityForUser(uid: string): Identity;
|
599 | function identityForEmail(email: string): Identity;
|
600 | function identityFromArray(components: IdentityNameComponent[]): Identity;
|
601 |
|
602 | // == key.js == //
|
603 |
|
604 | type KeyFormatType =
|
605 | | "auto"
|
606 | | "pem"
|
607 | | "pkcs1"
|
608 | | "pkcs8"
|
609 | | "rfc4253"
|
610 | | "ssh"
|
611 | | "ssh-private"
|
612 | | "openssh"
|
613 | | "dnssec"
|
614 | | "putty"
|
615 | | "ppk";
|
616 |
|
617 | interface KeyPart {
|
618 | name: AlgorithmPart;
|
619 | data: Buffer;
|
620 | }
|
621 |
|
622 | interface KeyOptions {
|
623 | parts: KeyPart[];
|
624 | type: AlgorithmTypeWithCurve;
|
625 | comment?: string;
|
626 | source?: string;
|
627 | }
|
628 |
|
629 | interface KeyParseOptions extends Format.ReadOptions {
|
630 | filename?: string;
|
631 | }
|
632 |
|
633 |
|
634 | interface Verify {
|
635 | update(data: crypto.BinaryLike): Verify;
|
636 | update(data: string, input_encoding: crypto.Encoding): Verify;
|
637 |
|
638 | verify(signature: Signature): boolean;
|
639 | verify(signature: string | Buffer, fmt?: crypto.BinaryToTextEncoding): boolean;
|
640 | }
|
641 |
|
642 | class Key {
|
643 | type: AlgorithmTypeWithCurve;
|
644 | parts: KeyPart[];
|
645 | part: { [key in AlgorithmType]: KeyPart };
|
646 | comment?: string;
|
647 | source?: string;
|
648 | curve?: string;
|
649 | size: number;
|
650 | constructor(opts: KeyOptions);
|
651 |
|
652 | static formats: { [key in KeyFormatType]: Format };
|
653 |
|
654 | toBuffer(format: KeyFormatType, options?: Format.WriteOptions): Buffer;
|
655 | toString(format: KeyFormatType, options?: Format.WriteOptions): string;
|
656 | hash(algo: AlgorithmHashType, type?: FingerprintHashType): Buffer;
|
657 | fingerprint(algo?: AlgorithmHashType, type?: FingerprintHashType): Fingerprint;
|
658 | defaultHashAlgorithm(): ShaHashType;
|
659 | createVerify(algo?: AlgorithmHashType): Verify;
|
660 | createDiffieHellman(): DiffieHellman;
|
661 | createDH(): DiffieHellman;
|
662 |
|
663 | static parse(data: string | Buffer, format?: KeyFormatType, options?: string | KeyParseOptions): Key;
|
664 |
|
665 | static isKey(obj: any, ver: Version): boolean;
|
666 | }
|
667 |
|
668 | function parseKey(
|
669 | data: string | Buffer,
|
670 | format?: KeyFormatType,
|
671 | options?: string | (Format.ReadOptions & { filename?: string }),
|
672 | ): Key;
|
673 |
|
674 |
|
675 |
|
676 | type PrivateKeyFormatType =
|
677 | | "auto"
|
678 | | "pem"
|
679 | | "pkcs1"
|
680 | | "pkcs8"
|
681 | | "rfc4253"
|
682 | | "ssh"
|
683 | | "ssh-private"
|
684 | | "openssh"
|
685 | | "dnssec";
|
686 |
|
687 | class PrivateKey {
|
688 | type: AlgorithmTypeWithCurve;
|
689 | parts: KeyPart[];
|
690 | part: { [key in AlgorithmType]: KeyPart };
|
691 | comment?: string;
|
692 | source?: string;
|
693 | curve?: string;
|
694 | size: number;
|
695 | constructor(opts: KeyOptions);
|
696 |
|
697 | toBuffer(format: PrivateKeyFormatType, options?: Format.WriteOptions): Buffer;
|
698 | toString(format: PrivateKeyFormatType, options?: Format.WriteOptions): string;
|
699 | hash(algo: AlgorithmHashType, type?: FingerprintHashType): Buffer;
|
700 | fingerprint(algo?: AlgorithmHashType, type?: FingerprintHashType): Fingerprint;
|
701 | defaultHashAlgorithm(): ShaHashType;
|
702 | toPublic(): Key;
|
703 | derive(newType: "ed25519" | "curve25519"): PrivateKey;
|
704 | createVerify(algo?: AlgorithmHashType): Verify;
|
705 | createSign(hashAlgo: AlgorithmHashType): Signer;
|
706 | createDiffieHellman(): DiffieHellman;
|
707 | createDH(): DiffieHellman;
|
708 |
|
709 | static parse(
|
710 | data: string | Buffer,
|
711 | format?: PrivateKeyFormatType,
|
712 | options?: string | KeyParseOptions,
|
713 | ): PrivateKey;
|
714 |
|
715 | static isPrivateKey(data: any, ver: Version): boolean;
|
716 |
|
717 | static generate(type: "ecdsa", options?: { curve?: CurveType }): PrivateKey;
|
718 | static generate(type: "ed25519"): PrivateKey;
|
719 | }
|
720 |
|
721 | namespace PrivateKey {
|
722 | let formats: { [key in PrivateKeyFormatType]: Format };
|
723 | }
|
724 |
|
725 | function parsePrivateKey(
|
726 | data: string | Buffer,
|
727 | format?: PrivateKeyFormatType,
|
728 | options?: string | KeyParseOptions,
|
729 | ): PrivateKey;
|
730 |
|
731 | function generatePrivateKey(type: "ecdsa", options?: { curve?: CurveType }): PrivateKey;
|
732 | function generatePrivateKey(type: "ed25519"): PrivateKey;
|
733 |
|
734 |
|
735 |
|
736 | type SignatureFormatType = "asn1" | "ssh" | "raw";
|
737 | type SignaturePartType = "r" | "s" | "sig";
|
738 |
|
739 | interface SignaturePart {
|
740 | name: SignaturePartType;
|
741 | data: Buffer;
|
742 | }
|
743 |
|
744 | interface SignatureOptions {
|
745 | type: AlgorithmType;
|
746 | hashAlgo?: AlgorithmHashType;
|
747 | curve?: CurveType;
|
748 | parts: SignaturePart[];
|
749 | }
|
750 |
|
751 | class Signature {
|
752 | type: AlgorithmType;
|
753 | hashAlgorithm?: AlgorithmHashType;
|
754 | curve?: CurveType;
|
755 | parts: SignaturePart[];
|
756 | part: { [key in SignaturePartType]: SignaturePart };
|
757 |
|
758 | constructor(opts: SignatureOptions);
|
759 | toBuffer(format?: SignatureFormatType): Buffer;
|
760 | toString(format?: SignatureFormatType): string;
|
761 |
|
762 | static parse(data: string | Buffer, type: AlgorithmType, format: SignatureFormatType): Signature;
|
763 |
|
764 | static isSignature(obj: any, ver: Version): boolean;
|
765 | }
|
766 |
|
767 | function parseSignature(data: string | Buffer, type: AlgorithmType, format: SignatureFormatType): Signature;
|
768 |
|
769 | // == ssh-buffer.js == //
|
770 |
|
771 | class SSHPart {
|
772 | data: Buffer;
|
773 | }
|
774 |
|
775 | class SSHBuffer {
|
776 | constructor(opts: { buffer?: Buffer });
|
777 |
|
778 | toBuffer(): Buffer;
|
779 | atEnd(): boolean;
|
780 | remainder(): Buffer;
|
781 | skip(n: number): void;
|
782 | expand(): void;
|
783 | readPart(): SSHPart;
|
784 | readBuffer(): Buffer;
|
785 | readString(): string;
|
786 | readCString(): string;
|
787 | readInt(): number;
|
788 | readInt64(): Buffer;
|
789 | readChar(): string;
|
790 | writeBuffer(buf: Buffer): void;
|
791 | writeString(buf: string): void;
|
792 | writeCString(buf: string): void;
|
793 | writeInt(buf: number): void;
|
794 | writeInt64(buf: Buffer): void;
|
795 | writeChar(buf: string): void;
|
796 | writePart(buf: SSHPart): void;
|
797 | write(buf: Buffer): void;
|
798 | }
|
799 |
|
800 | // == utils.js == //
|
801 |
|
802 | type Version = [number, number];
|
803 |
|
804 | function bufferSplit(buf: Buffer, chr: string): Buffer[];
|
805 |
|
806 | function addRSAMissing(key: PrivateKey): void;
|
807 |
|
808 | function calculateDSAPublic(g: Buffer, p: Buffer, x: Buffer): Buffer;
|
809 |
|
810 | function calculateED25519Public(k: Buffer): Buffer;
|
811 |
|
812 | function calculateX25519Public(k: Buffer): Buffer;
|
813 |
|
814 | function mpNormalize(buf: Buffer): Buffer;
|
815 |
|
816 | function mpDenormalize(buf: Buffer): Buffer;
|
817 |
|
818 | function ecNormalize(buf: Buffer, addZero?: boolean): Buffer;
|
819 |
|
820 | function countZeros(buf: Buffer): number;
|
821 |
|
822 | function assertCompatible(obj: object, klass: any, needVer: Version, name?: string): void;
|
823 |
|
824 | function isCompatible(obj: object, klass: any, needVer: Version): boolean;
|
825 |
|
826 | interface OpenSslKeyDeriv {
|
827 | key: Buffer;
|
828 | iv: Buffer;
|
829 | }
|
830 |
|
831 | function opensslKeyDeriv(
|
832 | cipher: "des-ede3-cbc" | "aes-128-cbc" | "aes-256-cbc",
|
833 | salt: Buffer,
|
834 | passphrase: Buffer,
|
835 | count: number,
|
836 | ): OpenSslKeyDeriv;
|
837 |
|
838 | type OpenSshCipherName =
|
839 | | "des-ede3-cbc"
|
840 | | "bf-cbc"
|
841 | | "aes-128-cbc"
|
842 | | "aes-128-ctr"
|
843 | | "aes-128-gcm"
|
844 | | "aes-192-cbc"
|
845 | | "aes-192-ctr"
|
846 | | "aes-192-gcm"
|
847 | | "aes-256-cbc"
|
848 | | "aes-256-ctr"
|
849 | | "aes-256-gcm";
|
850 |
|
851 | class OpenSshCipherInfo {
|
852 | keySize: number;
|
853 | blockSize: number;
|
854 | opensslName: OpenSshCipherName;
|
855 | }
|
856 |
|
857 | function opensshCipherInfo(cipter: Format.SshPrivateCipher): OpenSshCipherInfo;
|
858 |
|
859 | function publicFromPrivateECDSA(curveName: CurveType, priv: Buffer): Key;
|
860 |
|
861 | function zeroPadToLength(buf: Buffer, len: number): Buffer;
|
862 |
|
863 | function writeBitString(der: BerWriter, buf: Buffer, tag?: number): void;
|
864 |
|
865 | function readBitString(der: BerReader, tag?: number): Buffer;
|
866 |
|
867 | function pbkdf2(
|
868 | hashAlg: string,
|
869 | salt: Buffer,
|
870 | iterations: number,
|
871 | size: number,
|
872 | passphrase: crypto.BinaryLike,
|
873 | ): Buffer;
|
874 | }
|
875 |
|
876 | export = SshPK;
|