Steffen Schwigon > Net-SSH-Perl > Net::SSH::Perl::Key



Annotate this POD



New  25
Open  34
Stalled  1
View/Report Bugs


Net::SSH::Perl::Key - Public or private key abstraction


    use Net::SSH::Perl::Key;
    my $key = Net::SSH::Perl::Key->new;


Net::SSH::Perl::Key implements an abstract base class interface to key objects (either DSA, RSA, or Ed25519 keys, currently). The underlying implementation for RSA is an internal, hash-reference implementation. The DSA implementation uses Crypt::DSA, and the Ed25519 implementation uses Crypt::Ed25519.


Net::SSH::Perl::Key->new($key_type [, $blob [, $compat_flag_ref ]])

Creates a new object of type Net::SSH::Perl::Key::$key_type, after loading the class implementing $key_type. $key_type should be DSA, RSA1, or Ed25519.

$blob, if present, should be a string representation of the key, from which the key object can be initialized. In fact, it should be the representation that is returned from the as_blob method, below.

$compat_flag_ref should be a reference to the SSH compatibility flag, which is generally stored inside of the Net::SSH::Perl object. This flag is used by certain key implementations (DSA) to work around differences between SSH2 protocol implementations.

Returns the new key object, which is blessed into the subclass.

Net::SSH::Perl::Key->read_private($key_type, $file [, $pass])

Reads a private key of type $key_type out of the key file $file. If the private key is encrypted, an attempt will be made to decrypt it using the passphrase $pass; if $pass is not provided, the empty string will be used. An empty passphrase can be a handy way of providing password-less access using publickey authentication.

If for any reason loading the key fails, returns undef; most of the time, if loading the key fails, it's because the passphrase is incorrect. If you first tried to read the key using an empty passphrase, this might be a good time to ask the user for the actual passphrase. :)

Returns the new key object, which is blessed into the subclass denoted by $key_type (either DSA, RSA1 or Ed25519).

Net::SSH::Perl::Key->keygen($key_type, $bits)

$key_type is either RSA or DSA. Generates a new DSA or RSA key and returns that key. The key returned is the private key, which (presumably) contains all of the public key data, as well. $bits is the number of bits in the key.

Your $key_type implementation may not support key generation; if not, calling this method is a fatal error.

Returns the new key object, which is blessed into the subclass denoted by $key_type (either DSA or RSA1).

Net::SSH::Perl::Key->keygen('Ed25519' [,$comment])

Generates a new Ed25519 key with an optional comment.

Returns the new key object, which is bless into the Ed25519 subclass.

Net::SSH::Perl::Key->extract_public($key_type, $key_string)

Given a key string $key_string, which should be a textual representation of the public portion of a key of $key_type, extracts the key attributes out of that string. This is used to extract public keys out of entries in known_hosts and public identity files.

Returns the new key object, which is blessed into the subclass denoted by $key_type (either DSA or RSA1).

$key->write_private([ $file [, $pass, $ciphername, $rounds] ])

Writes out the private key $key to $file, and encrypts it using the passphrase $pass. If $pass is not provided, the key is unencrypted, and the only security protection is through filesystem protections. For Ed25519 keys, optional parameters ciphername and rounds can be passed to specify the desired cipher to encrypt the key with and how many rounds of encryption to employ, respectively.

If $file is not provided, returns the content that would have been written to the key file.


Performs the inverse of extract_public: takes a key $key and dumps out a textual representation of the public portion of the key. This is used when writing public key entries to known_hosts and public identity files.

Returns the textual representation.


Returns a string representation of the public portion of the key; this is not the same as dump_public, which is intended to match the format used in known_hosts, etc. The return value of as_blob is used as an intermediary in computing other values: the key fingerprint, the known hosts representation, etc.


Returns true if the public portions of $key are equal to those of $key2, and false otherwise. This is used when comparing server host keys to keys in known_hosts.


Returns the size (in bits) of the key $key.

$key->fingerprint([ $type ])

Returns a fingerprint of $key. The default fingerprint is a hex representation; if $type is equal to bubblebabble, the Bubble Babble representation of the fingerprint is used instead. The former uses an MD5 digest of the public key, and the latter uses a SHA-1 digest.


Please see the Net::SSH::Perl manpage for author, copyright, and license information.

syntax highlighting: