version 1.302, 2017/04/30 23:18:44 |
version 1.304, 2017/05/30 14:16:41 |
|
|
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS; |
if (*bitsp > maxbits) |
if (*bitsp > maxbits) |
fatal("key bits exceeds maximum %d", maxbits); |
fatal("key bits exceeds maximum %d", maxbits); |
if (type == KEY_DSA && *bitsp != 1024) |
switch (type) { |
fatal("DSA keys must be 1024 bits"); |
case KEY_DSA: |
else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024) |
if (*bitsp != 1024) |
fatal("Key must at least be 1024 bits"); |
fatal("Invalid DSA key length: must be 1024 bits"); |
else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1) |
break; |
fatal("Invalid ECDSA key length - valid lengths are " |
case KEY_RSA: |
"256, 384 or 521 bits"); |
if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE) |
|
fatal("Invalid RSA key length: minimum is %d bits", |
|
SSH_RSA_MINIMUM_MODULUS_SIZE); |
|
break; |
|
case KEY_ECDSA: |
|
if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1) |
|
fatal("Invalid ECDSA key length: valid lengths are " |
|
"256, 384 or 521 bits"); |
|
} |
#endif |
#endif |
} |
} |
|
|
|
|
return NULL; |
return NULL; |
} |
} |
if ((key = sshkey_new_private(ktype)) == NULL) |
if ((key = sshkey_new_private(ktype)) == NULL) |
fatal("key_new_private failed"); |
fatal("sshkey_new_private failed"); |
free(type); |
free(type); |
|
|
switch (key->type) { |
switch (key->type) { |
|
|
fatal("%s: %s", identity_file, strerror(errno)); |
fatal("%s: %s", identity_file, strerror(errno)); |
prv = load_identity(identity_file); |
prv = load_identity(identity_file); |
if ((r = sshkey_write(prv, stdout)) != 0) |
if ((r = sshkey_write(prv, stdout)) != 0) |
error("key_write failed: %s", ssh_err(r)); |
error("sshkey_write failed: %s", ssh_err(r)); |
sshkey_free(prv); |
sshkey_free(prv); |
fprintf(stdout, "\n"); |
fprintf(stdout, "\n"); |
exit(0); |
exit(0); |
|
|
bits = 0; |
bits = 0; |
type_bits_valid(type, NULL, &bits); |
type_bits_valid(type, NULL, &bits); |
if ((r = sshkey_generate(type, bits, &private)) != 0) { |
if ((r = sshkey_generate(type, bits, &private)) != 0) { |
error("key_generate failed: %s", ssh_err(r)); |
error("sshkey_generate failed: %s", ssh_err(r)); |
first = 0; |
first = 0; |
continue; |
continue; |
} |
} |
|
|
explicit_bzero(passphrase, strlen(passphrase)); |
explicit_bzero(passphrase, strlen(passphrase)); |
free(passphrase); |
free(passphrase); |
if ((r = sshkey_from_private(private, &public)) != 0) |
if ((r = sshkey_from_private(private, &public)) != 0) |
fatal("key_from_private failed: %s", ssh_err(r)); |
fatal("sshkey_from_private failed: %s", ssh_err(r)); |
sshkey_free(private); |
sshkey_free(private); |
|
|
strlcat(identity_file, ".pub", sizeof(identity_file)); |
strlcat(identity_file, ".pub", sizeof(identity_file)); |
|
|
OPTIONS_EXTENSIONS); |
OPTIONS_EXTENSIONS); |
if ((r = sshkey_from_private(ca, |
if ((r = sshkey_from_private(ca, |
&public->cert->signature_key)) != 0) |
&public->cert->signature_key)) != 0) |
fatal("key_from_private (ca key): %s", ssh_err(r)); |
fatal("sshkey_from_private (ca key): %s", ssh_err(r)); |
|
|
if ((r = sshkey_certify(public, ca, key_type_name)) != 0) |
if ((r = sshkey_certify(public, ca, key_type_name)) != 0) |
fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); |
fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); |
|
|
if (*cp == '#' || *cp == '\0') |
if (*cp == '#' || *cp == '\0') |
continue; |
continue; |
if ((key = sshkey_new(KEY_UNSPEC)) == NULL) |
if ((key = sshkey_new(KEY_UNSPEC)) == NULL) |
fatal("key_new"); |
fatal("sshkey_new"); |
if ((r = sshkey_read(key, &cp)) != 0) { |
if ((r = sshkey_read(key, &cp)) != 0) { |
error("%s:%lu: invalid key: %s", path, |
error("%s:%lu: invalid key: %s", path, |
lnum, ssh_err(r)); |
lnum, ssh_err(r)); |
|
|
*/ |
*/ |
} |
} |
if ((key = sshkey_new(KEY_UNSPEC)) == NULL) |
if ((key = sshkey_new(KEY_UNSPEC)) == NULL) |
fatal("key_new"); |
fatal("sshkey_new"); |
if ((r = sshkey_read(key, &cp)) != 0) |
if ((r = sshkey_read(key, &cp)) != 0) |
fatal("%s:%lu: invalid key: %s", |
fatal("%s:%lu: invalid key: %s", |
path, lnum, ssh_err(r)); |
path, lnum, ssh_err(r)); |
|
|
printf("Generating public/private %s key pair.\n", |
printf("Generating public/private %s key pair.\n", |
key_type_name); |
key_type_name); |
if ((r = sshkey_generate(type, bits, &private)) != 0) |
if ((r = sshkey_generate(type, bits, &private)) != 0) |
fatal("key_generate failed"); |
fatal("sshkey_generate failed"); |
if ((r = sshkey_from_private(private, &public)) != 0) |
if ((r = sshkey_from_private(private, &public)) != 0) |
fatal("key_from_private failed: %s\n", ssh_err(r)); |
fatal("sshkey_from_private failed: %s\n", ssh_err(r)); |
|
|
if (!have_identity) |
if (!have_identity) |
ask_filename(pw, "Enter file in which to save the key"); |
ask_filename(pw, "Enter file in which to save the key"); |