Class: Cryptorecord::Sshfp

Inherits:
Object
  • Object
show all
Defined in:
lib/cryptorecord/sshfp.rb

Overview

Cryptorecord::Sshfp-class generates sshfp-dns-records. The ssh-host-keys are read from files

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(args = {}) ⇒ Sshfp

This constructor initializes cipher, key, digest, host and keyfile If keyfile was provided, the key will automatically read from file

Parameters:

  • digest (Integer)

    sha1 = 1, sha256 = 2

  • host (String)

    fqdn of the host

  • keyfile (String)

    path to the keyfile


50
51
52
53
54
55
56
57
58
# File 'lib/cryptorecord/sshfp.rb', line 50

def initialize(args = {})
  @cipher = nil
  @key = nil
  self.digest = args.fetch(:digest, 2)
  @host = args.fetch(:host, 'localhost')
  @keyfile = args.fetch(:keyfile, nil)

  read_sshkeyfile unless @keyfile.nil?
end

Instance Attribute Details

#cipherObject

stores the cipher. ssh-rsa = 1, ssh-dss = 2, ecdsa = 3 and ed25519 = 4


37
38
39
# File 'lib/cryptorecord/sshfp.rb', line 37

def cipher
  @cipher
end

#digestObject

stores the digest. sha1 = 1, sha256 = 2


37
# File 'lib/cryptorecord/sshfp.rb', line 37

attr_reader :cipher, :digest, :key

#hostObject

stores the fqdn-host


42
43
44
# File 'lib/cryptorecord/sshfp.rb', line 42

def host
  @host
end

#hostkeyfileObject

stores the path to the hostkeyfile


42
# File 'lib/cryptorecord/sshfp.rb', line 42

attr_accessor :host, :hostkeyfile

#keyObject (readonly)

Returns the value of attribute key


37
# File 'lib/cryptorecord/sshfp.rb', line 37

attr_reader :cipher, :digest, :key

Instance Method Details

#bin_to_hex(str) ⇒ Object

This helper-function converts binary data into hex

Parameters:

  • s (String)

    Binary-string


86
87
88
# File 'lib/cryptorecord/sshfp.rb', line 86

def bin_to_hex(str)
  str.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
end

#cipher_by_type(type) ⇒ Object

This helper-function selects the cipher using the given type

ecdsa-sha2-nistp256 = 3, ssh-ed25519 = 4


95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/cryptorecord/sshfp.rb', line 95

def cipher_by_type(type)
  case type
  when 'ssh-rsa'
    self.cipher = 1
  when 'ssh-dss'
    self.cipher = 2
  when 'ecdsa-sha2-nistp256'
    self.cipher = 3
  when 'ssh-ed25519'
    self.cipher = 4
  else
    raise Cryptorecord::ArgumentError, 'Unsupported cipher'
  end
end

#fingerprintObject

this function creates a Hash-String


123
124
125
126
127
128
129
130
131
132
133
134
# File 'lib/cryptorecord/sshfp.rb', line 123

def fingerprint
  read_sshkeyfile if @key.nil?

  case @digest.to_i
  when 1
    return OpenSSL::Digest::SHA1.new(Base64.strict_decode64(@key)).to_s
  when 2
    return OpenSSL::Digest::SHA256.new(Base64.strict_decode64(@key)).to_s
  else
    raise 'Invalid digest. Has to be 1 or 2'
  end
end

This method prints the sshfp-record to stdout


137
138
139
# File 'lib/cryptorecord/sshfp.rb', line 137

def print
  puts self
end

#read_sshkeyfileObject

This function reads in the key from file and initializes the cipher- and key-variable


112
113
114
115
116
117
118
# File 'lib/cryptorecord/sshfp.rb', line 112

def read_sshkeyfile
  raise 'No hostkey-file defined' if @keyfile.nil?

  data = File.read(@keyfile)
  (type, @key) = data.split(' ')
  cipher_by_type(type)
end

#to_sObject

This method concats the sshfp-record


144
145
146
147
# File 'lib/cryptorecord/sshfp.rb', line 144

def to_s
  read_sshkeyfile if @cipher.nil?
  "#{@host}. IN SSHFP #{@cipher} #{@digest} #{fingerprint}"
end