TODO.md

OpenSSL-SSH - Modernization for Ruby 3.x / OpenSSL 3.x

Parse OpenSSH format public keys (ssh-rsa AAAA...) and return OpenSSL::PKey objects.

Completed

Phase 1: Fix Core

• Replace property assignment with ASN.1 DER construction
• Update build_rsa method to build ASN.1 sequence
• Update build_dsa method to use SubjectPublicKeyInfo format
• Test with Ruby 3.x / OpenSSL 3.x
• Update specs

Phase 2: Add Key Types

• Ed25519 support (default for modern OpenSSH)

  OpenSSL::PKey.new_raw_public_key('ED25519', raw_key_bytes)

• ECDSA support (ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521)
• Keep RSA and DSA support

Phase 3: Modernize

• Update gemspec dependencies
  • bundler ~> 2.0
  • rake ~> 13.0
  • rspec ~> 3.12
  • simplecov ~> 0.22
  • base64 (runtime dependency for Ruby 3.4+)
• Add required Ruby version (>= 3.0)
• Add GitHub Actions workflow
• Update metadata URIs

Future Improvements

Phase 4: OpenSSH Private Key Format

• Support OpenSSH private key format (new format, not just PEM)
  • Ed25519 and ECDSA private keys use new format by default
  • Requires custom parser for -----BEGIN OPENSSH PRIVATE KEY-----
• Add fingerprint generation (MD5, SHA256)
• Add key comment extraction
• Better error messages

Supported Key Types

Type	Public Key	Private Key (PEM)	Private Key (OpenSSH)
RSA	✅	✅	❌
DSA	✅	✅	❌
Ed25519	✅	N/A	❌ (pending)
ECDSA	✅	✅	❌ (pending)

References

• OpenSSL::PKey docs
• RFC 4253 - SSH Transport - Key format
• RFC 8709 - Ed25519 for SSH