def blob_for_add(priv_key)
def blob_for_add(priv_key)
# Ideally we'd have something like `to_private_blob` on the various key types, but the
# nuances with encoding (e.g. `n` and `e` are reversed for RSA keys) make this impractical.
case priv_key.ssh_type
when /^ssh-dss$/
Net::SSH::Buffer.from(:bignum, priv_key.p, :bignum, priv_key.q, :bignum, priv_key.g,
:bignum, priv_key.pub_key, :bignum, priv_key.priv_key).to_s
when /^ssh-dss-cert-v01@openssh\.com$/
Net::SSH::Buffer.from(:string, priv_key.to_blob, :bignum, priv_key.key.priv_key).to_s
when /^ecdsa\-sha2\-(\w*)$/
curve_name = OpenSSL::PKey::EC::CurveNameAliasInv[priv_key.group.curve_name]
Net::SSH::Buffer.from(:string, curve_name, :mstring, priv_key.public_key.to_bn.to_s(2),
:bignum, priv_key.private_key).to_s
when /^ecdsa\-sha2\-(\w*)-cert-v01@openssh\.com$/
Net::SSH::Buffer.from(:string, priv_key.to_blob, :bignum, priv_key.key.private_key).to_s
when /^ssh-ed25519$/
Net::SSH::Buffer.from(:string, priv_key.public_key.verify_key.to_bytes,
:string, priv_key.sign_key.keypair).to_s
when /^ssh-ed25519-cert-v01@openssh\.com$/
# Unlike the other certificate types, the public key is included after the certifiate.
Net::SSH::Buffer.from(:string, priv_key.to_blob,
:string, priv_key.key.public_key.verify_key.to_bytes,
:string, priv_key.key.sign_key.keypair).to_s
when /^ssh-rsa$/
# `n` and `e` are reversed compared to the ordering in `OpenSSL::PKey::RSA#to_blob`.
Net::SSH::Buffer.from(:bignum, priv_key.n, :bignum, priv_key.e, :bignum, priv_key.d,
:bignum, priv_key.iqmp, :bignum, priv_key.p, :bignum, priv_key.q).to_s
when /^ssh-rsa-cert-v01@openssh\.com$/
Net::SSH::Buffer.from(:string, priv_key.to_blob, :bignum, priv_key.key.d,
:bignum, priv_key.key.iqmp, :bignum, priv_key.key.p,
:bignum, priv_key.key.q).to_s
end
end