NAME

Net::SSH::Perl::Key - Public or private key abstraction

SYNOPSIS

use Net::SSH::Perl::Key;
my $key = Net::SSH::Perl::Key->new;

DESCRIPTION

Net::SSH::Perl::Key implements an abstract base class interface to key objects (either DSA or RSA keys, currently). The underlying implementation for RSA is an internal, hash-reference implementation; the DSA implementation uses Crypt::DSA.

USAGE

Net::SSH::Perl::Key->new($key_type [, $blob [, $compat_flag_ref ]])

Creates a new object of type Net::SSH::Perl::Key::$key_type, after loading the class implementing $key_type. $key_type should be either DSA or RSA, currently; these are the only supported key implementations at the moment.

$blob, if present, should be a string representation of the key, from which the key object can be initialized. In fact, it should be the representation that is returned from the as_blob method, below.

$compat_flag_ref should be a reference to the SSH compatibility flag, which is generally stored inside of the Net::SSH::Perl object. This flag is used by certain key implementations (DSA) to work around differences between SSH2 protocol implementations.

Returns the new key object, which is blessed into the subclass.

Net::SSH::Perl::Key->read_private($key_type, $file [, $pass])

Reads a private key of type $key_type out of the key file $file. If the private key is encrypted, an attempt will be made to decrypt it using the passphrase $pass; if $pass is not provided, the empty string will be used. An empty passphrase can be a handy way of providing password-less access using publickey authentication.

If for any reason loading the key fails, returns undef; most of the time, if loading the key fails, it's because the passphrase is incorrect. If you first tried to read the key using an empty passphrase, this might be a good time to ask the user for the actual passphrase. :)

Returns the new key object, which is blessed into the subclass denoted by $key_type (either DSA or RSA).

Net::SSH::Perl::Key->keygen($key_type, $bits)

Generates a new key and returns that key. The key returned is the private key, which (presumably) contains all of the public key data, as well. $bits is the number of bits in the key.

Your $key_type implementation may not support key generation; if not, calling this method is a fatal error.

Returns the new key object, which is blessed into the subclass denoted by $key_type (either DSA or RSA).

Net::SSH::Perl::Key->extract_public($key_type, $key_string)

Given a key string $key_string, which should be a textual representation of the public portion of a key of $key_type, extracts the key attributes out of that string. This is used to extract public keys out of entries in known_hosts and public identity files.

Returns the new key object, which is blessed into the subclass denoted by $key_type (either DSA or RSA).

$key->write_private([ $file [, $pass] ])

Writes out the private key $key to $file, and encrypts it using the passphrase $pass. If $pass is not provided, the key is unencrypted, and the only security protection is through filesystem protections.

If $file is not provided, returns the content that would have been written to the key file.

$key->dump_public

Performs the inverse of extract_public: takes a key $key and dumps out a textual representation of the public portion of the key. This is used when writing public key entries to known_hosts and public identity files.

Returns the textual representation.

$key->as_blob

Returns a string representation of the public portion of the key; this is not the same as dump_public, which is intended to match the format used in known_hosts, etc. The return value of as_blob is used as an intermediary in computing other values: the key fingerprint, the known hosts representation, etc.

$key->equal($key2)

Returns true if the public portions of $key are equal to those of $key2, and false otherwise. This is used when comparing server host keys to keys in known_hosts.

$key->size

Returns the size (in bits) of the key $key.

$key->fingerprint([ $type ])

Returns a fingerprint of $key. The default fingerprint is a hex representation; if $type is equal to bubblebabble, the Bubble Babble representation of the fingerprint is used instead. The former uses an MD5 digest of the public key, and the latter uses a SHA-1 digest.

AUTHOR & COPYRIGHTS

Please see the Net::SSH::Perl manpage for author, copyright, and license information.