upstream: support PKCS8 as an optional format for storage of

private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
author: djm@openbsd.org <djm@openbsd.org> 2019-07-15 13:16:29 +0000
committer: Damien Miller <djm@mindrot.org> 2019-07-15 23:21:18 +1000
commit: eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a (patch)
tree: c5b7686e1e200aac6f3a742c7b15ed30a2c05067 /ssh-keygen.1
parent: e18a27eedccb024acb3cd9820b650a5dff323f01 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index f42127c60..8184a1797 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.160 2019/05/20 06:01:59 jmc Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.161 2019/07/15 13:16:29 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 20 2019 $
+.Dd $Mdocdate: July 15 2019 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -419,11 +419,12 @@ The supported key formats are:
 .Dq RFC4716
 (RFC 4716/SSH2 public or private key),
 .Dq PKCS8
-(PEM PKCS8 public key)
+(PKCS8 public or private key)
 or
 .Dq PEM
 (PEM public key).
-The default conversion format is
+By default OpenSSH will write newly-generated private keys in its own
+format, but when converting public keys for export the default format is
 .Dq RFC4716 .
 Setting a format of
 .Dq PEM
author	djm@openbsd.org <djm@openbsd.org>	2019-07-15 13:16:29 +0000
committer	Damien Miller <djm@mindrot.org>	2019-07-15 23:21:18 +1000
commit	eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a (patch)
tree	c5b7686e1e200aac6f3a742c7b15ed30a2c05067 /ssh-keygen.1
parent	e18a27eedccb024acb3cd9820b650a5dff323f01 (diff)

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index f42127c60..8184a1797 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.160 2019/05/20 06:01:59 jmc Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.161 2019/07/15 13:16:29 djm Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37	.\"	37	.\"
38	.Dd $Mdocdate: May 20 2019 $	38	.Dd $Mdocdate: July 15 2019 $
39	.Dt SSH-KEYGEN 1	39	.Dt SSH-KEYGEN 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -419,11 +419,12 @@ The supported key formats are:
419	.Dq RFC4716	419	.Dq RFC4716
420	(RFC 4716/SSH2 public or private key),	420	(RFC 4716/SSH2 public or private key),
421	.Dq PKCS8	421	.Dq PKCS8
422	(PEM PKCS8 public key)	422	(PKCS8 public or private key)
423	or	423	or
424	.Dq PEM	424	.Dq PEM
425	(PEM public key).	425	(PEM public key).
426	The default conversion format is	426	By default OpenSSH will write newly-generated private keys in its own
		427	format, but when converting public keys for export the default format is
427	.Dq RFC4716 .	428	.Dq RFC4716 .
428	Setting a format of	429	Setting a format of
429	.Dq PEM	430	.Dq PEM