Encryption keys

I don’t know anything about encryption, but I have the following code that shells out to ssh-keygen to create a public and private key:

make_keys(ssh_keygen_file = settings("ssh_keygen_file")) = mktempdir() do temp
    cd(temp) do
        info("Generating ssh key")
        filename = ".documenter"
            run(`$ssh_keygen_file -f $filename -N ""`)
        catch x
            if isa(x, Base.UVError)
                error("Cannot find $ssh_keygen_file")
        string(filename, ".pub") |> readstring,
            filename |> readstring |> base64encode

Is there a way to do this without a binary dependency? SHA.jl seems like the place to start?

ssh-keygen isn’t provided by julia - if you intend to recreate its functionality in julia, I’d firstly advise against it since there are just so many different ways stuff can go wrong and secondly REALLY advise against it since this is probably much harder than you initially think.

For creating crypto-applications/libraries, the common approach is to use a trusted library providing the cryptographic functions necessary (like NaCl, for some reading). Even if you were to use that library, there are still ways stuff can go sideways (and you’d still be left with a dependency). In general it’s better to keep the binary dependency.

SHA.jl is a package providing SHA-hash functionality - but (again) this isn’t the whole story. Here and here are some basic reasons by people much more qualified than I am as to why using existing stuff is good. The posts are more about inventing your own algorithms, but they generally apply to reimplementing existing tools too (especially if you’re a novice in the field). They’ve just been tested over time and can be said to be pretty reliable and secure (and even they muck it up on occasion - these examples aren’t necessarily ssh-keygen related, but they’re here to illustrate the point).

That said, should you still want to make ssh-keygen native to julia, start with the links above, read some more about OpenSSL, PGP/GPG, read about the history of those things and why they look like they look now, go back to those posts and read them again, internalizing if it’s really what you want to do and maybe then give it a try after playing around with some basic reverse engineering and crypto skills (this or this should get you started). I’m not saying it’s impossible - just that there’s so much (pretty much) required background knowledge that you’re better off just using what’s already there.

Good luck.


Oh, I’m absolutely not going to reverse engineer ssh-keygen. Would it be worth trying to put it up with BinaryBuilder?

It depends on what you want to do with it, but it would be a possibility, yes. Pretty much every Linux/Unix/BSD nowadays has some flavor of OpenSSH already installed. In my opinion it would be easiest to check for a minimum version of and decide what to do based on that. If you decide to manage those dependencies manually, be sure to check for licensing conflicts (I think OpenSSH has a BSD-style license). Also note that you don’t necessarily know the environment the code is going to run in and thus may need to provide a different binary based on the platform (especially since julia is running on all big platforms and each has a different library for this stuff).

Eh, nope I give up