keybase
diff --git a/‎go.mod‎
Lines changed: 2 additions & 0 deletions b/‎go.mod‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎go.sum‎
Lines changed: 4 additions & 0 deletions b/‎go.sum‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/keybaseca/sshutils/generate.go‎
Lines changed: 47 additions & 0 deletions b/‎src/keybaseca/sshutils/generate.go‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎src/keybaseca/sshutils/generate_unix.go‎
Lines changed: 0 additions & 21 deletions b/‎src/keybaseca/sshutils/generate_unix.go‎
Lines changed: 0 additions & 21 deletions
diff --git a/‎src/keybaseca/sshutils/generate_windows.go‎
Lines changed: 0 additions & 43 deletions b/‎src/keybaseca/sshutils/generate_windows.go‎
Lines changed: 0 additions & 43 deletions
@@ -3,6 +3,8 @@ module github.com/keybase/bot-sshca
 go 1.12
 
 require (
+	github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681
+	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
 	github.com/google/uuid v1.1.1
 	github.com/keybase/go-keybase-chat-bot v0.0.0-20190812134859-bc54fd9cf83b
 	github.com/sirupsen/logrus v1.4.2
 
@@ -1,8 +1,12 @@
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681 h1:JS2rl38kZmHgWa0xINSaSYH0Whtvem64/4+Ef0+Y5pE=
+github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681/go.mod h1:WfDateMPQ/55dPbZRp5Zxrux5WiEaHsjk9puUhz0KgY=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU=
+github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0=
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/keybase/go-keybase-chat-bot v0.0.0-20190812134859-bc54fd9cf83b h1:7Te2f9LQ/rd6XSzpntz6BaCBgglZ0uiCdv3/GdhX9VA=
 
@@ -0,0 +1,47 @@
+package sshutils
+
+import (
+	"crypto/rand"
+	"fmt"
+	"io/ioutil"
+
+	"github.com/ScaleFT/sshkeys"
+	"github.com/keybase/bot-sshca/src/shared"
+	"golang.org/x/crypto/ed25519"
+	"golang.org/x/crypto/ssh"
+)
+
+// Generate a new SSH key. Places the private key at filename and the public key at filename.pub.
+// We use ed25519 keys since they may be more secure (and are smaller). The go crypto ssh library
+// does not support marshalling ed25519 keys so we use ScaleFT/sshkeys to marshal them to the
+// correct on disk format for SSH
+func generateNewSSHKey(filename string) error {
+	// Generate the key
+	pub, private, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return fmt.Errorf("failed to generate ed25519 key: %v", err)
+	}
+
+	// Write the private key
+	bytes, err := sshkeys.Marshal(private, &sshkeys.MarshalOptions{Format: sshkeys.FormatOpenSSHv1})
+	if err != nil {
+		return fmt.Errorf("failed to marshal ed25519 key: %v", err)
+	}
+	err = ioutil.WriteFile(filename, bytes, 0600)
+	if err != nil {
+		return fmt.Errorf("failed to write ssh private key to %s: %v", filename, err)
+	}
+
+	// Write the public key
+	publicKey, err := ssh.NewPublicKey(pub)
+	if err != nil {
+		return fmt.Errorf("failed to create public key from ed25519 key: %v", err)
+	}
+	bytes = ssh.MarshalAuthorizedKey(publicKey)
+	err = ioutil.WriteFile(shared.KeyPathToPubKey(filename), bytes, 0600)
+	if err != nil {
+		return fmt.Errorf("failed to write ssh public key to %s: %v", shared.KeyPathToPubKey(filename), err)
+	}
+
+	return nil
+}