diff options
author | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
commit | 0970072c89b079b022538e3c366fbfa2c53fc821 (patch) | |
tree | b7024712d74234bb5a8b036ccbc9109e2e211296 /PROTOCOL.agent | |
parent | 4e8aa4da57000c7bba8e5c49163bc0c0ca383f78 (diff) | |
parent | 478ff799463ca926a8dfbabf058f4e84aaffc65a (diff) |
merge 5.7p1
Diffstat (limited to 'PROTOCOL.agent')
-rw-r--r-- | PROTOCOL.agent | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/PROTOCOL.agent b/PROTOCOL.agent index b34fcd318..de94d037d 100644 --- a/PROTOCOL.agent +++ b/PROTOCOL.agent | |||
@@ -159,8 +159,8 @@ successfully added or a SSH_AGENT_FAILURE if an error occurred. | |||
159 | 159 | ||
160 | 2.2.3 Add protocol 2 key | 160 | 2.2.3 Add protocol 2 key |
161 | 161 | ||
162 | The OpenSSH agent supports DSA and RSA keys for protocol 2. DSA keys may | 162 | The OpenSSH agent supports DSA, ECDSA and RSA keys for protocol 2. DSA |
163 | be added using the following request | 163 | keys may be added using the following request |
164 | 164 | ||
165 | byte SSH2_AGENTC_ADD_IDENTITY or | 165 | byte SSH2_AGENTC_ADD_IDENTITY or |
166 | SSH2_AGENTC_ADD_ID_CONSTRAINED | 166 | SSH2_AGENTC_ADD_ID_CONSTRAINED |
@@ -182,6 +182,30 @@ DSA certificates may be added with: | |||
182 | string key_comment | 182 | string key_comment |
183 | constraint[] key_constraints | 183 | constraint[] key_constraints |
184 | 184 | ||
185 | ECDSA keys may be added using the following request | ||
186 | |||
187 | byte SSH2_AGENTC_ADD_IDENTITY or | ||
188 | SSH2_AGENTC_ADD_ID_CONSTRAINED | ||
189 | string "ecdsa-sha2-nistp256" | | ||
190 | "ecdsa-sha2-nistp384" | | ||
191 | "ecdsa-sha2-nistp521" | ||
192 | string ecdsa_curve_name | ||
193 | string ecdsa_public_key | ||
194 | mpint ecdsa_private | ||
195 | string key_comment | ||
196 | constraint[] key_constraints | ||
197 | |||
198 | ECDSA certificates may be added with: | ||
199 | byte SSH2_AGENTC_ADD_IDENTITY or | ||
200 | SSH2_AGENTC_ADD_ID_CONSTRAINED | ||
201 | string "ecdsa-sha2-nistp256-cert-v01@openssh.com" | | ||
202 | "ecdsa-sha2-nistp384-cert-v01@openssh.com" | | ||
203 | "ecdsa-sha2-nistp521-cert-v01@openssh.com" | ||
204 | string certificate | ||
205 | mpint ecdsa_private_key | ||
206 | string key_comment | ||
207 | constraint[] key_constraints | ||
208 | |||
185 | RSA keys may be added with this request: | 209 | RSA keys may be added with this request: |
186 | 210 | ||
187 | byte SSH2_AGENTC_ADD_IDENTITY or | 211 | byte SSH2_AGENTC_ADD_IDENTITY or |
@@ -214,7 +238,7 @@ order to the protocol 1 add keys message. As with the corresponding | |||
214 | protocol 1 "add key" request, the private key is overspecified to avoid | 238 | protocol 1 "add key" request, the private key is overspecified to avoid |
215 | redundant processing. | 239 | redundant processing. |
216 | 240 | ||
217 | For both DSA and RSA key add requests, "key_constraints" may only be | 241 | For DSA, ECDSA and RSA key add requests, "key_constraints" may only be |
218 | present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED. | 242 | present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED. |
219 | 243 | ||
220 | The agent will reply with a SSH_AGENT_SUCCESS if the key has been | 244 | The agent will reply with a SSH_AGENT_SUCCESS if the key has been |
@@ -294,8 +318,7 @@ Protocol 2 keys may be removed with the following request: | |||
294 | string key_blob | 318 | string key_blob |
295 | 319 | ||
296 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key | 320 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
297 | Algorithms" for either of the supported key types: "ssh-dss" or | 321 | Algorithms" for any of the supported protocol 2 key types. |
298 | "ssh-rsa". | ||
299 | 322 | ||
300 | The agent will delete any private key matching the specified public key | 323 | The agent will delete any private key matching the specified public key |
301 | and return SSH_AGENT_SUCCESS. If no such key was found, the agent will | 324 | and return SSH_AGENT_SUCCESS. If no such key was found, the agent will |
@@ -364,8 +387,7 @@ Followed by zero or more consecutive keys, encoded as: | |||
364 | string key_comment | 387 | string key_comment |
365 | 388 | ||
366 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key | 389 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
367 | Algorithms" for either of the supported key types: "ssh-dss" or | 390 | Algorithms" for any of the supported protocol 2 key types. |
368 | "ssh-rsa". | ||
369 | 391 | ||
370 | 2.6 Private key operations | 392 | 2.6 Private key operations |
371 | 393 | ||
@@ -429,9 +451,9 @@ a protocol 2 key: | |||
429 | uint32 flags | 451 | uint32 flags |
430 | 452 | ||
431 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key | 453 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
432 | Algorithms" for either of the supported key types: "ssh-dss" or | 454 | Algorithms" for any of the supported protocol 2 key types. "flags" is |
433 | "ssh-rsa". "flags" is a bit-mask, but at present only one possible value | 455 | a bit-mask, but at present only one possible value is defined (see below |
434 | is defined (see below for its meaning): | 456 | for its meaning): |
435 | 457 | ||
436 | SSH_AGENT_OLD_SIGNATURE 1 | 458 | SSH_AGENT_OLD_SIGNATURE 1 |
437 | 459 | ||
@@ -535,4 +557,4 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys. | |||
535 | SSH_AGENT_CONSTRAIN_LIFETIME 1 | 557 | SSH_AGENT_CONSTRAIN_LIFETIME 1 |
536 | SSH_AGENT_CONSTRAIN_CONFIRM 2 | 558 | SSH_AGENT_CONSTRAIN_CONFIRM 2 |
537 | 559 | ||
538 | $OpenBSD: PROTOCOL.agent,v 1.5 2010/02/26 20:29:54 djm Exp $ | 560 | $OpenBSD: PROTOCOL.agent,v 1.6 2010/08/31 11:54:45 djm Exp $ |