mirror of
https://github.com/hashicorp/vault.git
synced 2025-11-24 12:11:11 +01:00
42b90ff691
* Ensure we can issue against generated SSH CA keys This adds a test to ensure that we can issue leaf SSH certificates using the newly generated SSH CA keys. Presently this fails because the ed25519 key private is stored using PKIX's PKCS8 PrivateKey object format rather than using OpenSSH's desired private key format: > path_config_ca_test.go:211: bad case 12: err: failed to parse stored CA private key: ssh: invalid openssh private key format, resp: <nil> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add dependency on edkey for OpenSSH ed25519 keys As mentioned in various terraform-provider-tls discussions, OpenSSH doesn't understand the standard OpenSSL/PKIX ed25519 key structure (as generated by PKCS8 marshalling). Instead, we need to place it into the OpenSSH RFC 8709 format. As mentioned in this dependency's README, support in golang.org/x/crypto/ssh is presently lacking for this. When the associated CL is merged, we should be able to remove this dep and rely on the (extended) standard library, however, no review progress appears to have been made since the CL was opened by the author. See also: https://go-review.googlesource.com/c/crypto/+/218620/ Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>