version 1.5, 2010/02/26 20:29:54 |
version 1.6, 2010/08/31 11:54:45 |
|
|
|
|
2.2.3 Add protocol 2 key |
2.2.3 Add protocol 2 key |
|
|
The OpenSSH agent supports DSA and RSA keys for protocol 2. DSA keys may |
The OpenSSH agent supports DSA, ECDSA and RSA keys for protocol 2. DSA |
be added using the following request |
keys may be added using the following request |
|
|
byte SSH2_AGENTC_ADD_IDENTITY or |
byte SSH2_AGENTC_ADD_IDENTITY or |
SSH2_AGENTC_ADD_ID_CONSTRAINED |
SSH2_AGENTC_ADD_ID_CONSTRAINED |
|
|
string key_comment |
string key_comment |
constraint[] key_constraints |
constraint[] key_constraints |
|
|
|
ECDSA keys may be added using the following request |
|
|
|
byte SSH2_AGENTC_ADD_IDENTITY or |
|
SSH2_AGENTC_ADD_ID_CONSTRAINED |
|
string "ecdsa-sha2-nistp256" | |
|
"ecdsa-sha2-nistp384" | |
|
"ecdsa-sha2-nistp521" |
|
string ecdsa_curve_name |
|
string ecdsa_public_key |
|
mpint ecdsa_private |
|
string key_comment |
|
constraint[] key_constraints |
|
|
|
ECDSA certificates may be added with: |
|
byte SSH2_AGENTC_ADD_IDENTITY or |
|
SSH2_AGENTC_ADD_ID_CONSTRAINED |
|
string "ecdsa-sha2-nistp256-cert-v01@openssh.com" | |
|
"ecdsa-sha2-nistp384-cert-v01@openssh.com" | |
|
"ecdsa-sha2-nistp521-cert-v01@openssh.com" |
|
string certificate |
|
mpint ecdsa_private_key |
|
string key_comment |
|
constraint[] key_constraints |
|
|
RSA keys may be added with this request: |
RSA keys may be added with this request: |
|
|
byte SSH2_AGENTC_ADD_IDENTITY or |
byte SSH2_AGENTC_ADD_IDENTITY or |
|
|
protocol 1 "add key" request, the private key is overspecified to avoid |
protocol 1 "add key" request, the private key is overspecified to avoid |
redundant processing. |
redundant processing. |
|
|
For both DSA and RSA key add requests, "key_constraints" may only be |
For DSA, ECDSA and RSA key add requests, "key_constraints" may only be |
present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED. |
present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED. |
|
|
The agent will reply with a SSH_AGENT_SUCCESS if the key has been |
The agent will reply with a SSH_AGENT_SUCCESS if the key has been |
|
|
string key_blob |
string key_blob |
|
|
Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
Algorithms" for either of the supported key types: "ssh-dss" or |
Algorithms" for any of the supported protocol 2 key types. |
"ssh-rsa". |
|
|
|
The agent will delete any private key matching the specified public key |
The agent will delete any private key matching the specified public key |
and return SSH_AGENT_SUCCESS. If no such key was found, the agent will |
and return SSH_AGENT_SUCCESS. If no such key was found, the agent will |
|
|
string key_comment |
string key_comment |
|
|
Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
Algorithms" for either of the supported key types: "ssh-dss" or |
Algorithms" for any of the supported protocol 2 key types. |
"ssh-rsa". |
|
|
|
2.6 Private key operations |
2.6 Private key operations |
|
|
|
|
uint32 flags |
uint32 flags |
|
|
Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
Algorithms" for either of the supported key types: "ssh-dss" or |
Algorithms" for any of the supported protocol 2 key types. "flags" is |
"ssh-rsa". "flags" is a bit-mask, but at present only one possible value |
a bit-mask, but at present only one possible value is defined (see below |
is defined (see below for its meaning): |
for its meaning): |
|
|
SSH_AGENT_OLD_SIGNATURE 1 |
SSH_AGENT_OLD_SIGNATURE 1 |
|
|