From 34fa2f82e91b0d620941d6886eda2dd3cf961135 Mon Sep 17 00:00:00 2001
From: jrenaud <jeremy.renaud@merjer.ch>
Date: Sun, 19 Oct 2025 17:33:58 +0200
Subject: [PATCH] Add passphrase option for ssh key generation

---
 src/collection.py | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/collection.py b/src/collection.py
index 1b1781f..2c7202b 100644
--- a/src/collection.py
+++ b/src/collection.py
@@ -1,7 +1,9 @@
 # pylint: disable=line-too-long, C0114
 from pathlib import Path
 from os import chmod
-from Crypto.PublicKey import RSA
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives import serialization
 import yaml
 from encryptor import Encryptor
 
@@ -37,12 +39,34 @@ class Collection:
         self.collection_path = Path.home().joinpath(".sshkeymanager", self.collection_name)
         self.encryptor = Encryptor(password)
 
-    def generate_ssh_key(self, name: str, key_type: str):
+    def generate_ssh_key(self, name: str, key_type: str, passphrase: str| None = None):
         """
         public class to generate a ssh key
         """
-        key = RSA.generate(2048)
-        my_ssh_key = SshKey(name=name, key_type=key_type, private=key.exportKey('PEM'), public=key.publickey().exportKey('OpenSSH'))
+        key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=2048,
+            backend=default_backend()
+        )
+        if passphrase:
+            private_ssh_key = key.private_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.TraditionalOpenSSL,
+                encryption_algorithm=serialization.BestAvailableEncryption(passphrase.encode())
+            )
+        else:
+            private_ssh_key = key.private_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.TraditionalOpenSSL,
+                encryption_algorithm=serialization.NoEncryption()
+            )
+        public_key = key.public_key()
+        public_pem = public_key.public_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PublicFormat.SubjectPublicKeyInfo
+        )
+
+        my_ssh_key = SshKey(name=name, key_type=key_type, private=private_ssh_key, public=public_pem)
         self.save_ssh_key(my_ssh_key=my_ssh_key)
 
     def save_ssh_key(self, my_ssh_key: SshKey):