diff options
-rw-r--r-- | kiki.hs | 43 |
1 files changed, 23 insertions, 20 deletions
@@ -220,6 +220,7 @@ derRSA rsa = do | |||
220 | k <- rsaKeyFromPacket rsa | 220 | k <- rsaKeyFromPacket rsa |
221 | return $ encodeASN1 DER (toASN1 k []) | 221 | return $ encodeASN1 DER (toASN1 k []) |
222 | 222 | ||
223 | rsaPrivateKeyFromPacket :: Packet -> Maybe RSAPrivateKey | ||
223 | rsaPrivateKeyFromPacket pkt@(SecretKeyPacket {}) = do | 224 | rsaPrivateKeyFromPacket pkt@(SecretKeyPacket {}) = do |
224 | -- public fields... | 225 | -- public fields... |
225 | n <- lookup 'n' $ key pkt | 226 | n <- lookup 'n' $ key pkt |
@@ -832,26 +833,29 @@ guessKeyFormat 'S' "ssh-client" = "PEM" | |||
832 | guessKeyFormat 'S' "ssh-host" = "PEM" | 833 | guessKeyFormat 'S' "ssh-host" = "PEM" |
833 | guessKeyFormat _ _ = "PEM" -- "PGP" | 834 | guessKeyFormat _ _ = "PEM" -- "PGP" |
834 | 835 | ||
835 | writeKeyToFile False "PEM" fname packet = do | 836 | writeKeyToFile False "PEM" fname packet = |
836 | flip (maybe (return ())) | 837 | case key_algorithm packet of |
837 | (rsaPrivateKeyFromPacket packet) -- RSAPrivateKey | 838 | RSA -> do |
838 | $ \rsa -> do | 839 | flip (maybe (return ())) |
839 | let asn1 = toASN1 rsa [] | 840 | (rsaPrivateKeyFromPacket packet) -- RSAPrivateKey |
840 | bs = encodeASN1 DER asn1 | 841 | $ \rsa -> do |
841 | dta = Base64.encode (L.unpack bs) | 842 | let asn1 = toASN1 rsa [] |
842 | output = writePEM "RSA PRIVATE KEY" dta | 843 | bs = encodeASN1 DER asn1 |
843 | stamp = toEnum . fromEnum $ timestamp packet | 844 | dta = Base64.encode (L.unpack bs) |
844 | createDirectoryIfMissing True (takeDirectory fname) | 845 | output = writePEM "RSA PRIVATE KEY" dta |
845 | handleIO_ (warn $ fname ++ ": write failure") $ do | 846 | stamp = toEnum . fromEnum $ timestamp packet |
846 | saved_mask <- setFileCreationMask 0o077 | 847 | createDirectoryIfMissing True (takeDirectory fname) |
847 | writeFile fname output | 848 | handleIO_ (warn $ fname ++ ": write failure") $ do |
848 | -- Note: The key's timestamp is included in it's fingerprint. | 849 | saved_mask <- setFileCreationMask 0o077 |
849 | -- Therefore, we should attempt to preserve it. | 850 | writeFile fname output |
850 | setFileTimes fname stamp stamp | 851 | -- Note: The key's timestamp is included in it's fingerprint. |
851 | setFileCreationMask saved_mask | 852 | -- Therefore, we should attempt to preserve it. |
853 | setFileTimes fname stamp stamp | ||
854 | setFileCreationMask saved_mask | ||
855 | return () | ||
856 | warn $ fname ++ ": exported" | ||
852 | return () | 857 | return () |
853 | -- warn $ fname++ ": wrote" | 858 | algo -> warn $ fname ++ ": unable to export "++show algo++" key "++fingerprint packet |
854 | return () | ||
855 | 859 | ||
856 | readKeyFromFile False "PEM" fname = do | 860 | readKeyFromFile False "PEM" fname = do |
857 | -- warn $ fname ++ ": reading ..." | 861 | -- warn $ fname ++ ": reading ..." |
@@ -1373,7 +1377,6 @@ doExport doDecrypt (db,use_db) (fname,subspec,ms,cmd) = | |||
1373 | pun <- doDecrypt p | 1377 | pun <- doDecrypt p |
1374 | flip (maybe $ error "Bad passphrase?") pun $ \pun -> do | 1378 | flip (maybe $ error "Bad passphrase?") pun $ \pun -> do |
1375 | writeKeyToFile False "PEM" fname pun | 1379 | writeKeyToFile False "PEM" fname pun |
1376 | warn $ fname ++ ": exported" | ||
1377 | return (db,use_db) | 1380 | return (db,use_db) |
1378 | 1381 | ||
1379 | findTag tag wk subkey subsigs = (xs',minsig,ys') | 1382 | findTag tag wk subkey subsigs = (xs',minsig,ys') |