class Net::SSH::Authentication::KeyManager
def sign(identity, data, sig_alg = nil)
will always return the signature in an SSH2-specified "signature
Regardless of the identity's origin or who does the signing, this
been loaded already) and will then be used to sign the data.
private key for the identity will be loaded from disk (if it hasn't
then the ssh-agent will be used to sign the data, otherwise the
identity. If the identity was originally obtained from an ssh-agent,
Sign the given data, using the corresponding private key of the given
def sign(identity, data, sig_alg = nil) info = known_identities[identity] or raise KeyManagerError, "the given identity is unknown to the key manager" if info[:key].nil? && info[:from] == :file begin info[:key] = KeyFactory.load_private_key(info[:file], options[:passphrase], !options[:non_interactive], options[:password_prompt]) rescue OpenSSL::OpenSSLError, Exception => e raise KeyManagerError, "the given identity is known, but the private key could not be loaded: #{e.class} (#{e.message})" end end if info[:key] if sig_alg.nil? signed = info[:key].ssh_do_sign(data.to_s) sig_alg = identity.ssh_signature_type else signed = info[:key].ssh_do_sign(data.to_s, sig_alg) end return Net::SSH::Buffer.from(:string, sig_alg, :mstring, signed).to_s end if info[:from] == :agent raise KeyManagerError, "the agent is no longer available" unless agent case sig_alg when "rsa-sha2-512" return agent.sign(info[:identity], data.to_s, Net::SSH::Authentication::Agent::SSH_AGENT_RSA_SHA2_512) when "rsa-sha2-256" return agent.sign(info[:identity], data.to_s, Net::SSH::Authentication::Agent::SSH_AGENT_RSA_SHA2_256) else return agent.sign(info[:identity], data.to_s) end end raise KeyManagerError, "[BUG] can't determine identity origin (#{info.inspect})" end