class Cryptorecord::Sshfp

Cryptorecord::Sshfp-class generates sshfp-dns-records. The ssh-host-keys are read from files @!attribute [r] cipher

@return [Integer]the cipher. ssh-rsa = 1, ssh-dss = 2,
  ecdsa = 3 and ed25519 = 4

@!attribute [r] digest

@return [Integer] sha1 = 1, sha256 = 2

@!attribute [r] key

@return [String] the ssh-host-key, without the type and comment

@!attribute [r] rectype

@return [String] "SSHFP"

@!attribute host

@return [String] the fqdn-host

Attributes

cipher[R]
digest[R]
host[RW]
key[R]
rectype[R]

Public Class Methods

new(args = {}) click to toggle source

This constructor initializes cipher, key, digest, host and keyfile If keyfile was provided, the key will automatically read from file

@param [Hash] args the options to initialize the object with @option args [Integer] digest sha1 = 1, sha256 = 2 @option args [String] host fqdn of the host @option args [String] keyfile path to the keyfile

# File lib/cryptorecord/sshfp.rb, line 51
def initialize(args = {})
  @cipher = nil
  @key = nil
  self.digest = args.fetch(:digest, 2)
  @host = args.fetch(:host, 'localhost')
  keyfile = args.fetch(:keyfile, nil)
  @rectype = 'SSHFP'
  read_file(keyfile) unless keyfile.nil?
end

Public Instance Methods

cipher=(val) click to toggle source

This setter initializes cipher

@param [Integer] val the key-cipher. ssh-rsa = 1, ssh-dss = 2, ecdsa = 3 and ed25519 = 4 @raise Cryptorecord::ArgumentError

# File lib/cryptorecord/sshfp.rb, line 66
def cipher=(val)
  if val.to_i < 1 || val.to_i > 4
    raise ArgumentError, 'Invalid cipher. Has to be 0,1,2,3 or 4'
  end

  @cipher = val
end
digest=(val) click to toggle source

This setter initializes the hash-algo

@param [Integer] val digest. sha1 = 1, sha256 = 2 @raise Cryptorecord::ArgumentError

# File lib/cryptorecord/sshfp.rb, line 78
def digest=(val)
  unless val.to_i == 1 || val.to_i == 2
    raise ArgumentError, 'Invalid digest. Has to be 1 or 2'
  end
  @digest = val
end
fingerprint() click to toggle source

this function creates a Hash-String

@return [String] Hash-string of the key @raise Cryptorecord::KeyError

# File lib/cryptorecord/sshfp.rb, line 101
def fingerprint
  raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?

  case @digest.to_i
  when 1
    return OpenSSL::Digest::SHA1.new(Base64.strict_decode64(@key)).to_s
  when 2
    return OpenSSL::Digest::SHA256.new(Base64.strict_decode64(@key)).to_s
  end
end
left() click to toggle source

This method returns the left-hand name of a dns-record @return [String] left-hand name of a dns-record

# File lib/cryptorecord/sshfp.rb, line 114
def left
  "#{@host}."
end
read_file(keyfile) click to toggle source

This function reads in the key from file and initializes the cipher- and key-variable @param [String] keyfile path to the ssh-hostkey-file @raise Cryptorecord::ArgumentError

# File lib/cryptorecord/sshfp.rb, line 89
def read_file(keyfile)
  raise ArgumentError, 'No hostkey-file defined' if keyfile.nil?

  data = File.read(keyfile)
  (type, @key) = data.split(' ')
  cipher_by_type(type)
end
right() click to toggle source

This method returns the right-hand content of a dns-record @return [String] right-hand content of a dns-record

# File lib/cryptorecord/sshfp.rb, line 120
def right
  "#{@cipher} #{@digest} #{fingerprint}"
end
to_s() click to toggle source

This method concats the sshfp-record

@return [String] sshfp dns-record as defined in rfc4255 @raise Cryptorecord::KeyError

# File lib/cryptorecord/sshfp.rb, line 128
def to_s
  raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?
  "#{left} IN #{@rectype} #{right}"
end

Private Instance Methods

cipher_by_type(type) click to toggle source

This helper-function selects the cipher using the given type

@param [String] type ssh-rsa = 1, ssh-dss = 2, ecdsa-sha2-nistp256 = 3, ssh-ed25519 = 4 @raise Cryptorecord::CipherError @return [Integer] integer value of the cipher

# File lib/cryptorecord/sshfp.rb, line 142
def cipher_by_type(type)
  case type
  when 'ssh-rsa'
    self.cipher = 1
  when 'ssh-dss'
    self.cipher = 2
  when 'ecdsa-sha2-nistp256'
    self.cipher = 3
  when 'ssh-ed25519'
    self.cipher = 4
  else
    raise Cryptorecord::CipherError, 'Unsupported cipher'
  end
end