version 1.301, 2017/04/30 23:10:43 |
version 1.302, 2017/04/30 23:18:44 |
|
|
name = _PATH_SSH_CLIENT_ID_RSA; |
name = _PATH_SSH_CLIENT_ID_RSA; |
else { |
else { |
switch (sshkey_type_from_name(key_type_name)) { |
switch (sshkey_type_from_name(key_type_name)) { |
case KEY_RSA1: |
|
name = _PATH_SSH_CLIENT_IDENTITY; |
|
break; |
|
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_DSA: |
case KEY_DSA: |
name = _PATH_SSH_CLIENT_ID_DSA; |
name = _PATH_SSH_CLIENT_ID_DSA; |
|
|
char comment[61]; |
char comment[61]; |
int r; |
int r; |
|
|
if (k->type == KEY_RSA1) |
|
fatal("version 1 keys are not supported"); |
|
if ((r = sshkey_to_blob(k, &blob, &len)) != 0) |
if ((r = sshkey_to_blob(k, &blob, &len)) != 0) |
fatal("key_to_blob failed: %s", ssh_err(r)); |
fatal("key_to_blob failed: %s", ssh_err(r)); |
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ |
/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */ |
|
|
do_convert_to_pkcs8(struct sshkey *k) |
do_convert_to_pkcs8(struct sshkey *k) |
{ |
{ |
switch (sshkey_type_plain(k->type)) { |
switch (sshkey_type_plain(k->type)) { |
case KEY_RSA1: |
|
case KEY_RSA: |
case KEY_RSA: |
if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) |
if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) |
fatal("PEM_write_RSA_PUBKEY failed"); |
fatal("PEM_write_RSA_PUBKEY failed"); |
|
|
do_convert_to_pem(struct sshkey *k) |
do_convert_to_pem(struct sshkey *k) |
{ |
{ |
switch (sshkey_type_plain(k->type)) { |
switch (sshkey_type_plain(k->type)) { |
case KEY_RSA1: |
|
case KEY_RSA: |
case KEY_RSA: |
if (!PEM_write_RSAPublicKey(stdout, k->rsa)) |
if (!PEM_write_RSAPublicKey(stdout, k->rsa)) |
fatal("PEM_write_RSAPublicKey failed"); |
fatal("PEM_write_RSAPublicKey failed"); |
|
|
struct sshkey *ret; |
struct sshkey *ret; |
int r; |
int r; |
|
|
if ((ret = sshkey_new(KEY_RSA1)) == NULL) |
|
fatal("sshkey_new failed"); |
|
/* Try RSA1 */ |
|
if ((r = sshkey_read(ret, cpp)) == 0) |
|
return ret; |
|
/* Try modern */ |
|
sshkey_free(ret); |
|
if ((ret = sshkey_new(KEY_UNSPEC)) == NULL) |
if ((ret = sshkey_new(KEY_UNSPEC)) == NULL) |
fatal("sshkey_new failed"); |
fatal("sshkey_new failed"); |
if ((r = sshkey_read(ret, cpp)) == 0) |
if ((r = sshkey_read(ret, cpp)) == 0) |
|
|
} |
} |
} |
} |
|
|
if (private->type != KEY_RSA1 && private->type != KEY_ED25519 && |
if (private->type != KEY_ED25519 && !use_new_format) { |
!use_new_format) { |
error("Comments are only supported for keys stored in " |
error("Comments are only supported for RSA1 or keys stored in " |
|
"the new format (-o)."); |
"the new format (-o)."); |
explicit_bzero(passphrase, strlen(passphrase)); |
explicit_bzero(passphrase, strlen(passphrase)); |
sshkey_free(private); |
sshkey_free(private); |
|
|
} |
} |
#endif |
#endif |
|
|
# define RSA1_USAGE "" |
|
|
|
static void |
static void |
usage(void) |
usage(void) |
{ |
{ |
fprintf(stderr, |
fprintf(stderr, |
"usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n" |
"usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n" |
" [-N new_passphrase] [-C comment] [-f output_keyfile]\n" |
" [-N new_passphrase] [-C comment] [-f output_keyfile]\n" |
" ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" |
" ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" |
" ssh-keygen -i [-m key_format] [-f input_keyfile]\n" |
" ssh-keygen -i [-m key_format] [-f input_keyfile]\n" |
|
|
" ssh-keygen -y [-f input_keyfile]\n" |
" ssh-keygen -y [-f input_keyfile]\n" |
" ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" |
" ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" |
" ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" |
" ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n" |
" ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE); |
" ssh-keygen -B [-f input_keyfile]\n"); |
#ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
fprintf(stderr, |
fprintf(stderr, |
" ssh-keygen -D pkcs11\n"); |
" ssh-keygen -D pkcs11\n"); |