3e6137110b
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys for issuing ssh certificates signed by a key managed by a ssh-agent. It uses the golang.org/x/crypto package to get a native Go implementation to talk to a ssh-agent. This was primarly written to be able to use gpg-agent to provide the keys stored in a YubiKeys openpgp interface, but can be used for other setups like proxying a ssh-agent over network. That way the signing key for ssh certificates can be kept in a "sign-only" hsm. This code was written for my employer Intinor AB, but for simplicity sake gifted to me to contribute upstream. Signed-off-by: Anton Lundin <glance@acc.umu.se>
11 lines
635 B
Text
11 lines
635 B
Text
-----BEGIN CERTIFICATE-----
|
|
MIIBpzCCAU2gAwIBAgIQWaY8KIDAfak8aYljelf8eTAKBggqhkjOPQQDAjAdMRsw
|
|
GQYDVQQDExJ0ZXN0LnNtYWxsc3RlcC5jb20wHhcNMjAwMTE2MDAwNDU4WhcNMjAw
|
|
MTE3MDAwNDU4WjAdMRswGQYDVQQDExJ0ZXN0LnNtYWxsc3RlcC5jb20wWTATBgcq
|
|
hkjOPQIBBggqhkjOPQMBBwNCAATlU8P9blFefSWuzYx2g215NJn6yHW95PXeFqQ9
|
|
kX1jNo1VmC6Oord3We37iM8QJT4QP9ZDUaAVmJUZSjd+W8H/o28wbTAOBgNVHQ8B
|
|
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW
|
|
BBTn0wonKkm2lLRNYZrKhUukiynvqzAdBgNVHREEFjAUghJ0ZXN0LnNtYWxsc3Rl
|
|
cC5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAJ5XqryBIY1X4fl/9l0isV69eQfA0Qo5
|
|
1mjervUcEnOWAiBsmN4frz5YVw7i4UXChVBeZLZfJOKvn5eyh2gEzoq1+w==
|
|
-----END CERTIFICATE-----
|