-
Notifications
You must be signed in to change notification settings - Fork 1
Cryptography libraries
Keygrep performs several cryptographic operations, such as fingerprint calculation and derivation of public keys from private key files. These are handled via subprocess calls to ssh-keygen(1), which is typically present on the systems where Keygrep is run. However, in addition to performance issues, dependency on an unmanaged external tool is obviously not ideal. In particular, DSA support has been removed from current versions of OpenSSH, leading to inconsistent behavior. (On systems with the recent versions, DSA keys will be detected as unrecoverable "mangled" keys.)
I've investigated both cryptography and paramiko to perform Keygrep's cryptographic functions. DSA key support is slated for removal from future versions, but since it's also been removed from current versions of OpenSSH, it may be an alternative.
A second problem is that OpenSSH formatted keys may embed comment strings in private key blocks. Keygrep preserves this contextual information in its report, and it appears that neither paramiko nor cryptography currently have the ability to extract these comments.
Investigate openssh-key-parser as an alternative.