diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2013-01-03 23:22:59 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2013-01-03 23:22:59 +0000 |
| commit | a3905307581eebecdc54a7c077d1d51001cecab3 (patch) | |
| tree | bb06bb9e4d44f07f19cce08aa518d33496b718d3 /usr.bin | |
| parent | 83c50aaf976cd4927cc6a3d6b05a48b35113f993 (diff) | |
allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
ok markus@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 0f7206cf0eb..f1feb5bc05b 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.220 2012/12/03 00:14:06 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.221 2013/01/03 23:22:58 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -710,15 +710,30 @@ do_download(struct passwd *pw) #ifdef ENABLE_PKCS11 Key **keys = NULL; int i, nkeys; + enum fp_rep rep; + enum fp_type fptype; + char *fp, *ra; pkcs11_init(0); nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys); if (nkeys <= 0) fatal("cannot read public key from pkcs11"); for (i = 0; i < nkeys; i++) { - key_write(keys[i], stdout); + if (print_fingerprint) { + fp = key_fingerprint(keys[i], fptype, rep); + ra = key_fingerprint(keys[i], SSH_FP_MD5, + SSH_FP_RANDOMART); + printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]), + fp, key_type(keys[i])); + if (log_level >= SYSLOG_LEVEL_VERBOSE) + printf("%s\n", ra); + xfree(ra); + xfree(fp); + } else { + key_write(keys[i], stdout); + fprintf(stdout, "\n"); + } key_free(keys[i]); - fprintf(stdout, "\n"); } xfree(keys); pkcs11_terminate(); @@ -2158,7 +2173,7 @@ main(int argc, char **argv) usage(); } if (print_fingerprint && (delete_host || hash_hosts)) { - printf("Cannot use -l with -D or -R.\n"); + printf("Cannot use -l with -H or -R.\n"); usage(); } if (ca_key_path != NULL) { @@ -2170,6 +2185,8 @@ main(int argc, char **argv) do_show_cert(pw); if (delete_host || hash_hosts || find_host) do_known_hosts(pw, rr_hostname); + if (pkcs11provider != NULL) + do_download(pw); if (print_fingerprint || print_bubblebabble) do_fingerprint(pw); if (change_passphrase) @@ -2207,8 +2224,6 @@ main(int argc, char **argv) exit(0); } } - if (pkcs11provider != NULL) - do_download(pw); if (do_gen_candidates) { FILE *out = fopen(out_file, "w"); |