diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-07-15 13:16:29 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-07-15 23:21:18 +1000 |
commit | eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a (patch) | |
tree | c5b7686e1e200aac6f3a742c7b15ed30a2c05067 /ssh-keygen.1 | |
parent | e18a27eedccb024acb3cd9820b650a5dff323f01 (diff) |
upstream: support PKCS8 as an optional format for storage of
private keys, enabled via "ssh-keygen -m PKCS8" on operations that save
private keys to disk.
The OpenSSH native key format remains the default, but PKCS8 is a
superior format to PEM if interoperability with non-OpenSSH software
is required, as it may use a less terrible KDF (IIRC PEM uses a single
round of MD5 as a KDF).
adapted from patch by Jakub Jelen via bz3013; ok markus
OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r-- | ssh-keygen.1 | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index f42127c60..8184a1797 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.160 2019/05/20 06:01:59 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.161 2019/07/15 13:16:29 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: May 20 2019 $ | 38 | .Dd $Mdocdate: July 15 2019 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -419,11 +419,12 @@ The supported key formats are: | |||
419 | .Dq RFC4716 | 419 | .Dq RFC4716 |
420 | (RFC 4716/SSH2 public or private key), | 420 | (RFC 4716/SSH2 public or private key), |
421 | .Dq PKCS8 | 421 | .Dq PKCS8 |
422 | (PEM PKCS8 public key) | 422 | (PKCS8 public or private key) |
423 | or | 423 | or |
424 | .Dq PEM | 424 | .Dq PEM |
425 | (PEM public key). | 425 | (PEM public key). |
426 | The default conversion format is | 426 | By default OpenSSH will write newly-generated private keys in its own |
427 | format, but when converting public keys for export the default format is | ||
427 | .Dq RFC4716 . | 428 | .Dq RFC4716 . |
428 | Setting a format of | 429 | Setting a format of |
429 | .Dq PEM | 430 | .Dq PEM |