add sample code and test SSH keys

ddebin · ddebin · commit 6ea4163a4cdb · 2026-04-14T15:11:19.000+02:00
diff --git a/.github/codecov.yml b/.github/codecov.yml
@@ -1,4 +1,5 @@
-codecov:
-  parsers:
-    lcov:
-      partials_as_hits: true
+parsers:
+  lcov:
+    partials_as_hits: true
+  javascript:
+    enable_partials: true
diff --git a/.gitignore b/.gitignore
@@ -6,5 +6,4 @@ mise.toml
 /*.tgz
 /.nyc_output
 /coverage
-id_*
 *.local.*
diff --git a/README.md b/README.md
@@ -32,7 +32,7 @@ A seed is used to generate the secret, it's recommended you don't use the same s
 ## ⚠️ Limitations
 
 - Can't use ECDSA keys, they always give different signatures
-- [RFC8332](https://www.rfc-editor.org/info/rfc8332) compatible agent (e.g. OpenSSH 7.6+) mandatory to use SHA2-512 signature scheme. You can still use deprecated SHA1 signatures with `rsaSignatureFlag:0` option in `SSHAgentClient` constructor.
+- [RFC8332](https://www.rfc-editor.org/info/rfc8332) compatible agent (e.g. OpenSSH 7.6+) is mandatory to use SHA2-512 signature scheme. You can still use deprecated SHA1 signatures with `rsaSignatureFlag:0` option in `SSHAgentClient` constructor.
 
 ## 💻 CLI usage
 
@@ -67,7 +67,7 @@ Options:
 npm i ssh-agent-secrets
 ```
 
-### Sample
+### [Sample](/example/test.js)
 
 ```javascript
 import { SSHAgentClient } from 'ssh-agent-secrets'
@@ -77,7 +77,7 @@ const agent = new SSHAgentClient()
 const identities = await agent.getIdentities()
 console.log(identities)
 
-const identity = await agent.getIdentity('AWS')
+const identity = await agent.getIdentity('ED25519')
 
 const encrypted = await agent.encrypt(
   identity,
@@ -96,9 +96,10 @@ const decrypted = await agent.decrypt(
 console.log('Decrypted data:', decrypted.toString('utf8'))
 ```
 
-## Local test
+### Local test
 
 ```bash
 ssh-agent -D
-SSH_AUTH_SOCK= ssh-add id_ecdsa id_ed25519 id_rsa
+SSH_AUTH_SOCK="[...]" ssh-add test/ssh_keys/*
+SSH_AUTH_SOCK="[...]" npm run test
 ```
diff --git a/codecov.yml b/codecov.yml
diff --git a/example/test.js b/example/test.js
@@ -0,0 +1,20 @@
+import { SSHAgentClient } from '../dist/src/lib/index.js'
+
+const agent = new SSHAgentClient()
+
+const identities = await agent.getIdentities()
+console.log(`${identities.length} identities found in the SSH agent`)
+
+// replace "AWS" with the actual comment of your SSH key
+const identity = await agent.getIdentity('ED25519')
+
+const encrypted = await agent.encrypt(
+  identity,
+  'not_a_secret_but_a_seed',
+  Buffer.from('Lorem ipsum dolor', 'utf8'),
+  'hex',
+)
+console.log('Encrypted data:', encrypted)
+
+const decrypted = await agent.decrypt(identity, 'not_a_secret_but_a_seed', encrypted, 'hex')
+console.log('Decrypted data:', decrypted.toString('utf8'))
diff --git a/src/lib/parse_utils.ts b/src/lib/parse_utils.ts
@@ -2,13 +2,13 @@ import * as crypto from 'crypto'
 import { type SSHKey, type SSHSignature } from './ssh_agent_client.ts'
 
 /** Read a length-prefixed string (uint32 BE length + bytes) from a buffer. */
-const readString = function readString(buffer: Buffer, offset: number): Buffer {
+const readString = (buffer: Buffer, offset: number): Buffer => {
   const len = buffer.readUInt32BE(offset)
   return buffer.subarray(offset + 4, offset + 4 + len)
 }
 
 /** Write a length-prefixed string into `target` at `offset`, return next offset. */
-const writeString = function writeString(target: Buffer, src: Buffer, offset: number): number {
+const writeString = (target: Buffer, src: Buffer, offset: number): number => {
   target.writeUInt32BE(src.length, offset)
   src.copy(target, offset + 4)
   return offset + 4 + src.length
@@ -19,7 +19,7 @@ const writeString = function writeString(target: Buffer, src: Buffer, offset: nu
  * into `request` and return the next write offset (5).
  * The length field is the total buffer length minus the 4-byte length field itself.
  */
-const writeHeader = function writeHeader(request: Buffer, tag: number): number {
+const writeHeader = (request: Buffer, tag: number): number => {
   request.writeUInt32BE(request.length - 4, 0)
   request.writeUInt8(tag, 4)
   return 5
diff --git a/src/lib/ssh_agent_client.ts b/src/lib/ssh_agent_client.ts
@@ -72,6 +72,7 @@ export class SSHAgentClient {
     this.cipherAlgo = options.cipherAlgo ?? 'aes-256-cbc'
     this.digestAlgo = options.digestAlgo ?? 'sha256'
 
+    /** Default to SHA2-512 signature when using RSA keys */
     this.rsaSignatureFlag = options.rsaSignatureFlag ?? RsaSignatureFlag.SSH_AGENT_RSA_SHA2_512
 
     const sockFile = options.sockFile ?? process.env.SSH_AUTH_SOCK
diff --git a/test/ssh_keys/id_ecdsa_256 b/test/ssh_keys/id_ecdsa_256
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQREWz6lU6g0r40iDfQfSN5SyHN4V2e5
+LQ9PMbb7q7DjjlpntLj1YyiJ2kI1qk8S3HfaavQrlZ393ZQcgwCh6WWnAAAAqGEJ5shhCe
+bIAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBERbPqVTqDSvjSIN
+9B9I3lLIc3hXZ7ktD08xtvursOOOWme0uPVjKInaQjWqTxLcd9pq9CuVnf3dlByDAKHpZa
+cAAAAgX/s0aZuGMVwDFqed0dZP6sLPG1OGwmLfzr18cNHO8F4AAAANa2V5X2VjZHNhXzI1
+NgECAw==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/test/ssh_keys/id_ecdsa_384 b/test/ssh_keys/id_ecdsa_384
@@ -0,0 +1,10 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQTyrUrtyMWCsVSZSxaMsHqxsApl2I6h
+umUukiarodoeR44S+da4Jn+uQ7vXHU3LErYokIBwa+pI0WESGKDmKv46DJQ2z1/duoYNCT
+vfz+veP/72yh5G3KrQjCYZLqAByfkAAADY/EEPT/xBD08AAAATZWNkc2Etc2hhMi1uaXN0
+cDM4NAAAAAhuaXN0cDM4NAAAAGEE8q1K7cjFgrFUmUsWjLB6sbAKZdiOobplLpImq6HaHk
+eOEvnWuCZ/rkO71x1NyxK2KJCAcGvqSNFhEhig5ir+OgyUNs9f3bqGDQk738/r3j/+9soe
+Rtyq0IwmGS6gAcn5AAAAMQC8tlMq4ZYm+TYf7be2DT2fUTtHgNkS3xPcpj9A2EFkVUX3Pq
+yaaFe4gyJYSbHGCLcAAAANa2V5X2VjZHNhXzM4NAEC
+-----END OPENSSH PRIVATE KEY-----
diff --git a/test/ssh_keys/id_ecdsa_521 b/test/ssh_keys/id_ecdsa_521
@@ -0,0 +1,12 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
+1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQAgsJlchCqyHPx2cYZOnNEOvoUx4K6
+RXFJQ7y/K/UH5YgD034nFFKsjBsycEiaM3Apf4ugcg4FVPqH4c6gF1h4LpoBafJFGSdi2+
+mjjM1EqtltG/30WQrI9/Vl+L+00CzQES6HWFp+phnSi6nsfhQQAp2gZ43/G/Pdd3xSSoKr
+lAVYfEgAAAEQn6hql5+oapcAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
+AAAIUEAILCZXIQqshz8dnGGTpzRDr6FMeCukVxSUO8vyv1B+WIA9N+JxRSrIwbMnBImjNw
+KX+LoHIOBVT6h+HOoBdYeC6aAWnyRRknYtvpo4zNRKrZbRv99FkKyPf1Zfi/tNAs0BEuh1
+hafqYZ0oup7H4UEAKdoGeN/xvz3Xd8UkqCq5QFWHxIAAAAQXCDeTwGofULiUsEMK29UJ0L
+1xxTDBAkCK1zjPQWHDov8cf/DxB8nspWZVXNYLc+tnwDrzx0TFdF2sMR1uW7KJtvAAAADW
+tleV9lY2RzYV81MjEBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/test/ssh_keys/id_ed25519 b/test/ssh_keys/id_ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBaT305MthrbCwNnt3EcemPL04N6Rrg45q2pl6Y2AES4gAAAJAtmnf0LZp3
+9AAAAAtzc2gtZWQyNTUxOQAAACBaT305MthrbCwNnt3EcemPL04N6Rrg45q2pl6Y2AES4g
+AAAEAKnaAAkzXPLl4fXW4hoWjE/S+SPQCq6YKoqvAEeNLcrFpPfTky2GtsLA2e3cRx6Y8v
+Tg3pGuDjmramXpjYARLiAAAAC2tleV9lZDI1NTE5AQI=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/test/ssh_keys/id_rsa b/test/ssh_keys/id_rsa
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA3bl04hiMCygQ6+FXvMMTA02tzfUJ2A7brrOBclme/zjc4AWYspAm
+Y60FuRF9GeF05gMGlvoDMOfVAKGVWK4WqI6eMBOygqZXbIIM4AEEO2Klv46hOrL7Z2That
+FhdtBkmKaEUuxmLste4sUIby1yZrnMKn15x5QxfjwtdrvrxS2DSVdOCly9qVryKN66axwu
+fIYGF7djux2ctgtCRRvWRexiEbuMycfAc65OgFuhb2ntaEFqWAb1eg/X9I1boYdB+mBwFO
+c7MIfRY+UbJN5+zDTCpjsojnKCgsrKjJ6P0E0XY9IrAj4pBc3/LTniDZRJcWVMam730Fsq
+Twf0Y2b6ZIxtkaKD8IM6K+T7REVHtNlRvyeWu0bWQk5vIDA/0iXSI62hpkVLcRyL7mEYwg
+0xqCP5CCQexILe0grQCFQLx5g2q8iICIeMkMIXoi2Eh/zSuUXt+V4qm8KBOPzBX4+CBfHE
+jp96k8ghgcSZ0kKC16su0rO3BP/8iHHXt0manE8FAAAFgC5j2douY9naAAAAB3NzaC1yc2
+EAAAGBAN25dOIYjAsoEOvhV7zDEwNNrc31CdgO266zgXJZnv843OAFmLKQJmOtBbkRfRnh
+dOYDBpb6AzDn1QChlViuFqiOnjATsoKmV2yCDOABBDtipb+OoTqy+2dk4WrRYXbQZJimhF
+LsZi7LXuLFCG8tcma5zCp9eceUMX48LXa768Utg0lXTgpcvala8ijeumscLnyGBhe3Y7sd
+nLYLQkUb1kXsYhG7jMnHwHOuToBboW9p7WhBalgG9XoP1/SNW6GHQfpgcBTnOzCH0WPlGy
+Tefsw0wqY7KI5ygoLKyoyej9BNF2PSKwI+KQXN/y054g2USXFlTGpu99BbKk8H9GNm+mSM
+bZGig/CDOivk+0RFR7TZUb8nlrtG1kJObyAwP9Il0iOtoaZFS3Eci+5hGMINMagj+QgkHs
+SC3tIK0AhUC8eYNqvIiAiHjJDCF6IthIf80rlF7fleKpvCgTj8wV+PggXxxI6fepPIIYHE
+mdJCgterLtKztwT//Ihx17dJmpxPBQAAAAMBAAEAAAGBAJKf0N6vkvTRwxbpxwaKDimyFc
+zMTX02nioShPjksVNf/BidOtRipTBnPBCdsxgJUy/EMnhmzvNpbB9lu4iQX2WKIqvyaqsh
+a1DTU8ZShcTrwGZD4PUbZUuDl9n2qrhSqSOVgo3/zLcHQDFAUQqMiEnMdmpm3cCQjIZJL1
+uEfC7BoT8/39jUaYv0G43RdH/efBNW4fKPEQGtXHO6UFG5TeKhplzJpRnO4cLeMwWJEuHF
+r/ywva2GtJDKp2oOjNjtwwW/0BB4fkBjZEY2vxbsMNx+xEjvgTak0DPopBp1eJVebpXLtO
+yKSmpu9wvJoM8yIgNvI72PlgFKsBb37RZj0DIXu5ocGcz6n8Z0ywjXS5e6K79oDLOqWTt8
+1LImWbhuE8HlVfecHFu4iEY++y48R5mXe6KehOs17/UyfVDo+ZJPUirlqb49RBQYBzYFx3
+G6CA3LplraiBlVJMYF1m9k11BRko5zI6moWUSfXP3tKIUZWn2YLn8PI6BPLsWfK4O05QAA
+AMBRRB3ONnJACqBiFumh1m7ZSUxpZreVSsE1r9yUZKSj1nu5rHxvkho5SvxDde3EfAss6F
+iWAyBKV6drHgVarTTOdBT6yyYxmxARw5cSaP9y1bxwOIeZCykz5u0gZKooi0OQqq8sMBlj
+AYnRtZDDuz68Q18lYYg3YhITS98vHw0eS6yfuOjqpNqb/FWRXQ5o/gmhImjn2CmzefClRe
+vhUh5cfdFPW3jgr3Kzt9Z4zV5d41pTD/Dpt53Osq7Fxgc3PIMAAADBAO7OrsZv1Oq89sNk
+z1S3uxtXLxsepa4Z9V8N+3DUDRW6KXAelkZLmD7Nw5Xset1i+R+Gu1pyKgmY/KbwXUT1sg
+Izr/gzV1hj8WLbi4agyx3BqyA0qlgbaMwYXxugcgtng5tU5o2bukcO4eN7XI3X5VoLkemB
+q8hIiH3hIGjodcj2bm4AZO7mrdukivgP9IC7aigZ4mkTnQsYa++faF0eIHQPBHlMKGNO5o
++dMZCnsZ0FuOxt2xRJTzrXlGAjWYdaIwAAAMEA7a/twqPx+lbqPEEz2cWq8Vd9lU7WWiDz
+TSnnYqowD/nhqIc+zIDbivj4aDzp0J53a5ZUdAx+wqAfaUEWCf5LkYyccFdyVjXVHZLGf3
+Vb1I4nFkskgTrKxjtapV2T+no177SRCJJLQcIsf4oy8xBf+E8CzUWQyYqcfAUkjcND8KCW
+D44jod8XcPp9dzi1QzhBCHhO+3SKJtWm5yoVsWLyQ8wD7JTSfSUy6CHPTP+RqceldNggMX
+2zX2/MN3uXN6C3AAAAB2tleV9yc2EBAgM=
+-----END OPENSSH PRIVATE KEY-----
