version 1.421, 2020/10/18 11:32:02 |
version 1.427, 2020/12/20 23:36:51 |
|
|
#include "sshsig.h" |
#include "sshsig.h" |
#include "ssh-sk.h" |
#include "ssh-sk.h" |
#include "sk-api.h" /* XXX for SSH_SK_USER_PRESENCE_REQD; remove */ |
#include "sk-api.h" /* XXX for SSH_SK_USER_PRESENCE_REQD; remove */ |
|
#include "cipher.h" |
|
|
#ifdef ENABLE_PKCS11 |
#ifdef ENABLE_PKCS11 |
#include "ssh-pkcs11.h" |
#include "ssh-pkcs11.h" |
|
|
fatal("unknown key type %s", key_type_name); |
fatal("unknown key type %s", key_type_name); |
if (*bitsp == 0) { |
if (*bitsp == 0) { |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
u_int nid; |
int nid; |
|
|
switch(type) { |
switch(type) { |
case KEY_DSA: |
case KEY_DSA: |
|
|
foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; |
foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; |
if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ? |
if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ? |
known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL, |
known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL, |
foreach_options)) != 0) { |
foreach_options, 0)) != 0) { |
if (inplace) |
if (inplace) |
unlink(tmp); |
unlink(tmp); |
fatal_fr(r, "hostkeys_foreach"); |
fatal_fr(r, "hostkeys_foreach"); |
|
|
} |
} |
r = sshkey_certify(public, ca, key_type_name, |
r = sshkey_certify(public, ca, key_type_name, |
sk_provider, pin); |
sk_provider, pin); |
notify_complete(notifier); |
notify_complete(notifier, "User presence confirmed"); |
if (r != 0) |
if (r != 0) |
fatal_r(r, "Couldn't certify key %s", tmp); |
fatal_r(r, "Couldn't certify key %s", tmp); |
} |
} |
|
|
"usage: ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile]\n" |
"usage: ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile]\n" |
" [-m format] [-N new_passphrase] [-O option]\n" |
" [-m format] [-N new_passphrase] [-O option]\n" |
" [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n" |
" [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n" |
" [-w provider]\n" |
" [-w provider] [-Z cipher]\n" |
" ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase]\n" |
" ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase]\n" |
" [-P old_passphrase]\n" |
" [-P old_passphrase] [-Z cipher]\n" |
" ssh-keygen -i [-f input_keyfile] [-m key_format]\n" |
" ssh-keygen -i [-f input_keyfile] [-m key_format]\n" |
" ssh-keygen -e [-f input_keyfile] [-m key_format]\n" |
" ssh-keygen -e [-f input_keyfile] [-m key_format]\n" |
" ssh-keygen -y [-f input_keyfile]\n" |
" ssh-keygen -y [-f input_keyfile]\n" |
|
|
" ssh-keygen -Y check-novalidate -n namespace -s signature_file\n" |
" ssh-keygen -Y check-novalidate -n namespace -s signature_file\n" |
" ssh-keygen -Y sign -f key_file -n namespace file ...\n" |
" ssh-keygen -Y sign -f key_file -n namespace file ...\n" |
" ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n" |
" ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n" |
" -n namespace -s signature_file [-r revocation_file]\n"); |
" -n namespace -s signature_file [-r revocation_file]\n"); |
exit(1); |
exit(1); |
} |
} |
|
|
|
|
break; |
break; |
case 'Z': |
case 'Z': |
openssh_format_cipher = optarg; |
openssh_format_cipher = optarg; |
|
if (cipher_by_name(openssh_format_cipher) == NULL) |
|
fatal("Invalid OpenSSH-format cipher '%s'", |
|
openssh_format_cipher); |
break; |
break; |
case 'C': |
case 'C': |
identity_comment = optarg; |
identity_comment = optarg; |