| version 1.236, 2013/12/06 03:40:51 |
version 1.237, 2013/12/06 13:34:54 |
|
|
| /* Load key from this PKCS#11 provider */ |
/* Load key from this PKCS#11 provider */ |
| char *pkcs11provider = NULL; |
char *pkcs11provider = NULL; |
| |
|
| |
/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */ |
| |
int use_new_format = 0; |
| |
|
| |
/* Cipher for new-format private keys */ |
| |
char *new_format_cipher = NULL; |
| |
|
| |
/* |
| |
* Number of KDF rounds to derive new format keys / |
| |
* number of primality trials when screening moduli. |
| |
*/ |
| |
int rounds = 0; |
| |
|
| /* argv0 */ |
/* argv0 */ |
| extern char *__progname; |
extern char *__progname; |
| |
|
|
|
| public = key_from_private(private); |
public = key_from_private(private); |
| snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, |
snprintf(comment, sizeof comment, "%s@%s", pw->pw_name, |
| hostname); |
hostname); |
| if (!key_save_private(private, identity_file, "", comment)) { |
if (!key_save_private(private, identity_file, "", comment, |
| |
use_new_format, new_format_cipher, rounds)) { |
| printf("Saving the key failed: %s.\n", identity_file); |
printf("Saving the key failed: %s.\n", identity_file); |
| key_free(private); |
key_free(private); |
| key_free(public); |
key_free(public); |
|
|
| } |
} |
| |
|
| /* Save the file using the new passphrase. */ |
/* Save the file using the new passphrase. */ |
| if (!key_save_private(private, identity_file, passphrase1, comment)) { |
if (!key_save_private(private, identity_file, passphrase1, comment, |
| |
use_new_format, new_format_cipher, rounds)) { |
| printf("Saving the key failed: %s.\n", identity_file); |
printf("Saving the key failed: %s.\n", identity_file); |
| memset(passphrase1, 0, strlen(passphrase1)); |
memset(passphrase1, 0, strlen(passphrase1)); |
| free(passphrase1); |
free(passphrase1); |
|
|
| } |
} |
| |
|
| /* Save the file using the new passphrase. */ |
/* Save the file using the new passphrase. */ |
| if (!key_save_private(private, identity_file, passphrase, new_comment)) { |
if (!key_save_private(private, identity_file, passphrase, new_comment, |
| |
use_new_format, new_format_cipher, rounds)) { |
| printf("Saving the key failed: %s.\n", identity_file); |
printf("Saving the key failed: %s.\n", identity_file); |
| memset(passphrase, 0, strlen(passphrase)); |
memset(passphrase, 0, strlen(passphrase)); |
| free(passphrase); |
free(passphrase); |
|
|
| fprintf(stderr, "usage: %s [options]\n", __progname); |
fprintf(stderr, "usage: %s [options]\n", __progname); |
| fprintf(stderr, "Options:\n"); |
fprintf(stderr, "Options:\n"); |
| fprintf(stderr, " -A Generate non-existent host keys for all key types.\n"); |
fprintf(stderr, " -A Generate non-existent host keys for all key types.\n"); |
| fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n"); |
fprintf(stderr, " -a number Number of KDF rounds for new key format or moduli primality tests.\n"); |
| fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); |
fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); |
| fprintf(stderr, " -b bits Number of bits in the key to create.\n"); |
fprintf(stderr, " -b bits Number of bits in the key to create.\n"); |
| fprintf(stderr, " -C comment Provide new comment.\n"); |
fprintf(stderr, " -C comment Provide new comment.\n"); |
|
|
| fprintf(stderr, " -N phrase Provide new passphrase.\n"); |
fprintf(stderr, " -N phrase Provide new passphrase.\n"); |
| fprintf(stderr, " -n name,... User/host principal names to include in certificate\n"); |
fprintf(stderr, " -n name,... User/host principal names to include in certificate\n"); |
| fprintf(stderr, " -O option Specify a certificate option.\n"); |
fprintf(stderr, " -O option Specify a certificate option.\n"); |
| |
fprintf(stderr, " -o Enforce new private key format.\n"); |
| fprintf(stderr, " -P phrase Provide old passphrase.\n"); |
fprintf(stderr, " -P phrase Provide old passphrase.\n"); |
| fprintf(stderr, " -p Change passphrase of private key file.\n"); |
fprintf(stderr, " -p Change passphrase of private key file.\n"); |
| fprintf(stderr, " -Q Test whether key(s) are revoked in KRL.\n"); |
fprintf(stderr, " -Q Test whether key(s) are revoked in KRL.\n"); |
|
|
| fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); |
fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); |
| fprintf(stderr, " -y Read private key file and print public key.\n"); |
fprintf(stderr, " -y Read private key file and print public key.\n"); |
| fprintf(stderr, " -z serial Specify a serial number.\n"); |
fprintf(stderr, " -z serial Specify a serial number.\n"); |
| |
fprintf(stderr, " -Z cipher Specify a cipher for new private key format.\n"); |
| |
|
| exit(1); |
exit(1); |
| } |
} |
|
|
| struct passwd *pw; |
struct passwd *pw; |
| struct stat st; |
struct stat st; |
| int opt, type, fd; |
int opt, type, fd; |
| u_int32_t memory = 0, generator_wanted = 0, trials = 100; |
u_int32_t memory = 0, generator_wanted = 0; |
| int do_gen_candidates = 0, do_screen_candidates = 0; |
int do_gen_candidates = 0, do_screen_candidates = 0; |
| int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0; |
| unsigned long start_lineno = 0, lines_to_process = 0; |
unsigned long start_lineno = 0, lines_to_process = 0; |
|
|
| exit(1); |
exit(1); |
| } |
} |
| |
|
| /* Remaining characters: EUYZdow */ |
/* Remaining characters: EUYdw */ |
| while ((opt = getopt(argc, argv, "ABHLQXceghiklpquvxy" |
while ((opt = getopt(argc, argv, "ABHLQXceghiklopquvxy" |
| "C:D:F:G:I:J:K:M:N:O:P:R:S:T:V:W:a:b:f:j:m:n:r:s:t:z:")) != -1) { |
"C:D:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:a:b:f:g:j:m:n:r:s:t:z:")) != -1) { |
| switch (opt) { |
switch (opt) { |
| case 'A': |
case 'A': |
| gen_all_hostkeys = 1; |
gen_all_hostkeys = 1; |
|
|
| case 'n': |
case 'n': |
| cert_principals = optarg; |
cert_principals = optarg; |
| break; |
break; |
| |
case 'o': |
| |
use_new_format = 1; |
| |
break; |
| case 'p': |
case 'p': |
| change_passphrase = 1; |
change_passphrase = 1; |
| break; |
break; |
|
|
| case 'O': |
case 'O': |
| add_cert_option(optarg); |
add_cert_option(optarg); |
| break; |
break; |
| |
case 'Z': |
| |
new_format_cipher = optarg; |
| |
break; |
| case 'C': |
case 'C': |
| identity_comment = optarg; |
identity_comment = optarg; |
| break; |
break; |
|
|
| optarg, errstr); |
optarg, errstr); |
| break; |
break; |
| case 'a': |
case 'a': |
| trials = (u_int32_t)strtonum(optarg, 1, UINT_MAX, &errstr); |
rounds = (int)strtonum(optarg, 1, INT_MAX, &errstr); |
| if (errstr) |
if (errstr) |
| fatal("Invalid number of trials: %s (%s)", |
fatal("Invalid number: %s (%s)", |
| optarg, errstr); |
optarg, errstr); |
| break; |
break; |
| case 'M': |
case 'M': |
|
|
| fatal("Couldn't open moduli file \"%s\": %s", |
fatal("Couldn't open moduli file \"%s\": %s", |
| out_file, strerror(errno)); |
out_file, strerror(errno)); |
| } |
} |
| if (prime_test(in, out, trials, generator_wanted, checkpoint, |
if (prime_test(in, out, rounds == 0 ? 100 : rounds, |
| |
generator_wanted, checkpoint, |
| start_lineno, lines_to_process) != 0) |
start_lineno, lines_to_process) != 0) |
| fatal("modulus screening failed"); |
fatal("modulus screening failed"); |
| return (0); |
return (0); |
|
|
| } |
} |
| |
|
| /* Save the key with the given passphrase and comment. */ |
/* Save the key with the given passphrase and comment. */ |
| if (!key_save_private(private, identity_file, passphrase1, comment)) { |
if (!key_save_private(private, identity_file, passphrase1, comment, |
| |
use_new_format, new_format_cipher, rounds)) { |
| printf("Saving the key failed: %s.\n", identity_file); |
printf("Saving the key failed: %s.\n", identity_file); |
| memset(passphrase1, 0, strlen(passphrase1)); |
memset(passphrase1, 0, strlen(passphrase1)); |
| free(passphrase1); |
free(passphrase1); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh