- djm@cvs.openbsd.org 2013/01/03 23:22:58

[ssh-keygen.c] allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... ok markus@
author: Damien Miller <djm@mindrot.org> 2013-01-09 15:58:00 +1100
committer: Damien Miller <djm@mindrot.org> 2013-01-09 15:58:00 +1100
commit: ec77c954c8c7b7cebab0e263b1a43bf6b789ecfb (patch)
tree: d646baa465a134b96e4ce6cfa778a73a5b558cad /ssh-keygen.c
parent: 502ab0eff1bba68a1d0492a9d9da3616b0301724 (diff)
1 files changed, 21 insertions, 6 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 1bbe0b0a8..106f1536d 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.220 2012/12/03 00:14:06 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.221 2013/01/03 23:22:58 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -723,15 +723,30 @@ do_download(struct passwd *pw)
 #ifdef ENABLE_PKCS11
        Key **keys = NULL;
        int i, nkeys;
+        enum fp_rep rep;
+        enum fp_type fptype;
+        char *fp, *ra;
        pkcs11_init(0);
        nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);
        if (nkeys <= 0)
                fatal("cannot read public key from pkcs11");
        for (i = 0; i < nkeys; i++) {
-                key_write(keys[i], stdout);
+                if (print_fingerprint) {
+                        fp = key_fingerprint(keys[i], fptype, rep);
+                        ra = key_fingerprint(keys[i], SSH_FP_MD5,
+                            SSH_FP_RANDOMART);
+                        printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]),
+                            fp, key_type(keys[i]));
+                        if (log_level >= SYSLOG_LEVEL_VERBOSE)
+                                printf("%s\n", ra);
+                        xfree(ra);
+                        xfree(fp);
+                } else {
+                        key_write(keys[i], stdout);
+                        fprintf(stdout, "\n");
+                }
                key_free(keys[i]);
-                fprintf(stdout, "\n");
        }
        xfree(keys);
        pkcs11_terminate();
@@ -2177,7 +2192,7 @@ main(int argc, char **argv)
                usage();
        }
        if (print_fingerprint && (delete_host || hash_hosts)) {
-                printf("Cannot use -l with -D or -R.\n");
+                printf("Cannot use -l with -H or -R.\n");
                usage();
        }
        if (ca_key_path != NULL) {
@@ -2189,6 +2204,8 @@ main(int argc, char **argv)
                do_show_cert(pw);
        if (delete_host || hash_hosts || find_host)
                do_known_hosts(pw, rr_hostname);
+        if (pkcs11provider != NULL)
+                do_download(pw);
        if (print_fingerprint || print_bubblebabble)
                do_fingerprint(pw);
        if (change_passphrase)
@@ -2226,8 +2243,6 @@ main(int argc, char **argv)
                        exit(0);
                }
        }
-        if (pkcs11provider != NULL)
-                do_download(pw);
        if (do_gen_candidates) {
                FILE *out = fopen(out_file, "w");
author	Damien Miller <djm@mindrot.org>	2013-01-09 15:58:00 +1100
committer	Damien Miller <djm@mindrot.org>	2013-01-09 15:58:00 +1100
commit	ec77c954c8c7b7cebab0e263b1a43bf6b789ecfb (patch)
tree	d646baa465a134b96e4ce6cfa778a73a5b558cad /ssh-keygen.c
parent	502ab0eff1bba68a1d0492a9d9da3616b0301724 (diff)