version 1.326, 2019/01/23 04:51:02 |
version 1.329, 2019/03/25 16:19:44 |
|
|
# define DEFAULT_KEY_TYPE_NAME "ed25519" |
# define DEFAULT_KEY_TYPE_NAME "ed25519" |
#endif |
#endif |
|
|
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
/* |
#define DEFAULT_BITS 2048 |
* Default number of bits in the RSA, DSA and ECDSA keys. These value can be |
|
* overridden on the command line. |
|
* |
|
* These values, with the exception of DSA, provide security equivalent to at |
|
* least 128 bits of security according to NIST Special Publication 800-57: |
|
* Recommendation for Key Management Part 1 rev 4 section 5.6.1. |
|
* For DSA it (and FIPS-186-4 section 4.2) specifies that the only size for |
|
* which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only |
|
* SHA1 we limit the DSA key size 1k bits. |
|
*/ |
|
#define DEFAULT_BITS 3072 |
#define DEFAULT_BITS_DSA 1024 |
#define DEFAULT_BITS_DSA 1024 |
#define DEFAULT_BITS_ECDSA 256 |
#define DEFAULT_BITS_ECDSA 256 |
|
|
|
|
fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; |
fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; |
|
|
pkcs11_init(0); |
pkcs11_init(1); |
nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); |
nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); |
if (nkeys <= 0) |
if (nkeys <= 0) |
fatal("cannot read public key from pkcs11"); |
fatal("cannot read public key from pkcs11"); |