internal/agessh: new package

Move the SSH recipient types out of the main package to declutter the godoc. This also allows us to drop the x/crypto/ssh build dependency entirely from the age package import tree.
2026-01-09 05:13:07 +00:00 · 2020-05-18 01:18:42 -04:00
parent b32ea4c1f6
commit 292c3aaeea
5 changed files with 177 additions and 133 deletions
--- a/cmd/age/encrypted_keys.go
+++ b/cmd/age/encrypted_keys.go
@@ -14,6 +14,7 @@ import (
 	"os"

 	"filippo.io/age/internal/age"
+	"filippo.io/age/internal/agessh"
 	"filippo.io/age/internal/format"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/terminal"
@@ -62,9 +63,9 @@ func (i *EncryptedSSHIdentity) Unwrap(block *format.Recipient) (fileKey []byte,

 	switch k := k.(type) {
 	case *ed25519.PrivateKey:
-		i.decrypted, err = age.NewSSHEd25519Identity(*k)
+		i.decrypted, err = agessh.NewEd25519Identity(*k)
 	case *rsa.PrivateKey:
-		i.decrypted, err = age.NewSSHRSAIdentity(k)
+		i.decrypted, err = agessh.NewRSAIdentity(k)
 	default:
 		return nil, fmt.Errorf("unexpected SSH key type: %T", k)
 	}
--- a/cmd/age/parse.go
+++ b/cmd/age/parse.go
@@ -16,6 +16,7 @@ import (
 	"strings"

 	"filippo.io/age/internal/age"
+	"filippo.io/age/internal/agessh"
 	"golang.org/x/crypto/ssh"
 )

@@ -24,7 +25,7 @@ func parseRecipient(arg string) (age.Recipient, error) {
 	case strings.HasPrefix(arg, "age1"):
 		return age.ParseX25519Recipient(arg)
 	case strings.HasPrefix(arg, "ssh-"):
-		return age.ParseSSHRecipient(arg)
+		return agessh.ParseRecipient(arg)
 	}

 	return nil, fmt.Errorf("unknown recipient type: %q", arg)
@@ -82,7 +83,7 @@ func parseIdentitiesFile(name string) ([]age.Identity, error) {
 }

 func parseSSHIdentity(name string, pemBytes []byte) ([]age.Identity, error) {
-	id, err := age.ParseSSHIdentity(pemBytes)
+	id, err := agessh.ParseIdentity(pemBytes)
 	if sshErr, ok := err.(*ssh.PassphraseMissingError); ok {
 		pubKey := sshErr.PublicKey
 		if pubKey == nil {