| version 1.201, 2010/08/31 12:33:38 |
version 1.205, 2011/01/11 06:13:10 |
|
|
| /* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
| #define DEFAULT_BITS 2048 |
#define DEFAULT_BITS 2048 |
| #define DEFAULT_BITS_DSA 1024 |
#define DEFAULT_BITS_DSA 1024 |
| #define DEFAULT_BITS_ECDSA 521 |
#define DEFAULT_BITS_ECDSA 256 |
| u_int32_t bits = 0; |
u_int32_t bits = 0; |
| |
|
| /* |
/* |
|
|
| *k = key_new(KEY_UNSPEC); |
*k = key_new(KEY_UNSPEC); |
| (*k)->type = KEY_ECDSA; |
(*k)->type = KEY_ECDSA; |
| (*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey); |
(*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey); |
| (*k)->ecdsa_nid = key_ecdsa_group_to_nid( |
(*k)->ecdsa_nid = key_ecdsa_key_to_nid((*k)->ecdsa); |
| EC_KEY_get0_group((*k)->ecdsa)); |
|
| break; |
break; |
| default: |
default: |
| fatal("%s: unsupported pubkey type %d", __func__, |
fatal("%s: unsupported pubkey type %d", __func__, |
|
|
| if (!quiet) { |
if (!quiet) { |
| logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
| "valid %s", key_cert_type(public), |
"valid %s", key_cert_type(public), |
| out, public->cert->key_id, public->cert->serial, |
out, public->cert->key_id, |
| |
(unsigned long long)public->cert->serial, |
| cert_principals != NULL ? " for " : "", |
cert_principals != NULL ? " for " : "", |
| cert_principals != NULL ? cert_principals : "", |
cert_principals != NULL ? cert_principals : "", |
| fmt_validity(cert_valid_from, cert_valid_to)); |
fmt_validity(cert_valid_from, cert_valid_to)); |
|
|
| printf(" Signing CA: %s %s\n", |
printf(" Signing CA: %s %s\n", |
| key_type(key->cert->signature_key), ca_fp); |
key_type(key->cert->signature_key), ca_fp); |
| printf(" Key ID: \"%s\"\n", key->cert->key_id); |
printf(" Key ID: \"%s\"\n", key->cert->key_id); |
| if (!v00) |
if (!v00) { |
| printf(" Serial: %llu\n", key->cert->serial); |
printf(" Serial: %llu\n", |
| |
(unsigned long long)key->cert->serial); |
| |
} |
| printf(" Valid: %s\n", |
printf(" Valid: %s\n", |
| fmt_validity(key->cert->valid_after, key->cert->valid_before)); |
fmt_validity(key->cert->valid_after, key->cert->valid_before)); |
| printf(" Principals: "); |
printf(" Principals: "); |
|
|
| "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { |
"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { |
| switch (opt) { |
switch (opt) { |
| case 'b': |
case 'b': |
| bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); |
bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr); |
| if (errstr) |
if (errstr) |
| fatal("Bits has bad value %s (%s)", |
fatal("Bits has bad value %s (%s)", |
| optarg, errstr); |
optarg, errstr); |
|
|
| } |
} |
| if (type == KEY_DSA && bits != 1024) |
if (type == KEY_DSA && bits != 1024) |
| fatal("DSA keys must be 1024 bits"); |
fatal("DSA keys must be 1024 bits"); |
| |
else if (type != KEY_ECDSA && bits < 768) |
| |
fatal("Key must at least be 768 bits"); |
| else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1) |
else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1) |
| fatal("Invalid ECDSA key length - valid lengths are " |
fatal("Invalid ECDSA key length - valid lengths are " |
| "256, 384 or 521 bits"); |
"256, 384 or 521 bits"); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh