Skip to content

Latest commit

 

History

History
88 lines (56 loc) · 2.86 KB

README.md

File metadata and controls

88 lines (56 loc) · 2.86 KB

ssh-keydgen Go Report Card Build Status Github All Releases

Generate Deterministic SSH keys

NAME:
   ssh-keydgen - deterministic authentication key generation

USAGE:
   ssh-keydgen [[-t <type>] [-b <bits>] [-c <curve>] [-f <filename>] [-a <rounds>] [--at <time>] [--am <memory>] [--as <seedphrase>] [--aa]]

AUTHOR:
   cornfeedhobo

GLOBAL OPTIONS:
   -t type          Specifies the type of key to create. The possible values are "dsa", "ecdsa", "rsa", or "ed25519". (default: "rsa")
   -b bits          Specifies the number of bits in the key to create. Possible values are restricted by key type. (default: 2048)
   -c curve         Specifies the elliptic curve to use. The possible values are 256, 384, or 521. (default: 256)
   -f filename      Specifies the filename of the key file.
   -a rounds        Specifies the number of hashing rounds applied during key generation. (default: 1000)
   --at time        Specifies the time parameter for the Argon2 function. (default: 3)
   --am memory      Specifies the memory parameter for the Argon2 function. (default: 16384)
   --ap threads     Specifies the threads or parallelism for the Argon2 function. (default: 1)
   --as seedphrase  Provides the deterministic seedphrase.
   --aa             Add the generated key to the running ssh-agent.

COPYRIGHT:
   (c) 2018 cornfeedhobo

Usage

  1. Generate your keys

    keydgen -f path/to/deterministic_key
    ls -lh path/to/deterministic_key*
  2. Allow time to pass, hoping an emergency does not arise when you have no access to your keys ...

    If the time comes where you need access but can't get to your keys, you can then obtain this utility and re-generate, or even directly add your key to a running ssh-agent.

    ssh-keydgen --aa
  3. Profit!

FAQ

What Go versions are supported?

Go 1.9 or later

How can I verify the generated key is valid?

Until there are more implementations of this generation scheme, you can at least verify the private key is usable and the public key matches what openssh generates.

cat path/to/deterministic_key.pub
ssh-keygen -y -f path/to/deterministic_key

If the above outputs don't match, the public key was not generated properly. If you are prompted for a password, the private key was not generated properly.

How can I encrypt my key after generation?

ssh-keygen -p -f path/to/deterministic_key

Is it any good?

Yes