Add passphrase option for ssh key generation

2025-10-19 17:33:58 +02:00
parent 86c378fa61
commit 34fa2f82e9
1 changed files with 28 additions and 4 deletions
--- a/src/collection.py
+++ b/src/collection.py
@@ -1,7 +1,9 @@
 # pylint: disable=line-too-long, C0114
 from pathlib import Path
 from os import chmod
-from Crypto.PublicKey import RSA
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives import serialization
 import yaml
 from encryptor import Encryptor

@@ -37,12 +39,34 @@ class Collection:
        self.collection_path = Path.home().joinpath(".sshkeymanager", self.collection_name)
        self.encryptor = Encryptor(password)

-    def generate_ssh_key(self, name: str, key_type: str):
+    def generate_ssh_key(self, name: str, key_type: str, passphrase: str| None = None):
        """
        public class to generate a ssh key
        """
-        key = RSA.generate(2048)
-        my_ssh_key = SshKey(name=name, key_type=key_type, private=key.exportKey('PEM'), public=key.publickey().exportKey('OpenSSH'))
+        key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=2048,
+            backend=default_backend()
+        )
+        if passphrase:
+            private_ssh_key = key.private_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.TraditionalOpenSSL,
+                encryption_algorithm=serialization.BestAvailableEncryption(passphrase.encode())
+            )
+        else:
+            private_ssh_key = key.private_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.TraditionalOpenSSL,
+                encryption_algorithm=serialization.NoEncryption()
+            )
+        public_key = key.public_key()
+        public_pem = public_key.public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo
+        )
+
+        my_ssh_key = SshKey(name=name, key_type=key_type, private=private_ssh_key, public=public_pem)
        self.save_ssh_key(my_ssh_key=my_ssh_key)

    def save_ssh_key(self, my_ssh_key: SshKey):