diff options
Diffstat (limited to 'PROTOCOL.agent')
| -rw-r--r-- | PROTOCOL.agent | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/PROTOCOL.agent b/PROTOCOL.agent index b34fcd318..de94d037d 100644 --- a/PROTOCOL.agent +++ b/PROTOCOL.agent | |||
| @@ -159,8 +159,8 @@ successfully added or a SSH_AGENT_FAILURE if an error occurred. | |||
| 159 | 159 | ||
| 160 | 2.2.3 Add protocol 2 key | 160 | 2.2.3 Add protocol 2 key |
| 161 | 161 | ||
| 162 | The OpenSSH agent supports DSA and RSA keys for protocol 2. DSA keys may | 162 | The OpenSSH agent supports DSA, ECDSA and RSA keys for protocol 2. DSA |
| 163 | be added using the following request | 163 | keys may be added using the following request |
| 164 | 164 | ||
| 165 | byte SSH2_AGENTC_ADD_IDENTITY or | 165 | byte SSH2_AGENTC_ADD_IDENTITY or |
| 166 | SSH2_AGENTC_ADD_ID_CONSTRAINED | 166 | SSH2_AGENTC_ADD_ID_CONSTRAINED |
| @@ -182,6 +182,30 @@ DSA certificates may be added with: | |||
| 182 | string key_comment | 182 | string key_comment |
| 183 | constraint[] key_constraints | 183 | constraint[] key_constraints |
| 184 | 184 | ||
| 185 | ECDSA keys may be added using the following request | ||
| 186 | |||
| 187 | byte SSH2_AGENTC_ADD_IDENTITY or | ||
| 188 | SSH2_AGENTC_ADD_ID_CONSTRAINED | ||
| 189 | string "ecdsa-sha2-nistp256" | | ||
| 190 | "ecdsa-sha2-nistp384" | | ||
| 191 | "ecdsa-sha2-nistp521" | ||
| 192 | string ecdsa_curve_name | ||
| 193 | string ecdsa_public_key | ||
| 194 | mpint ecdsa_private | ||
| 195 | string key_comment | ||
| 196 | constraint[] key_constraints | ||
| 197 | |||
| 198 | ECDSA certificates may be added with: | ||
| 199 | byte SSH2_AGENTC_ADD_IDENTITY or | ||
| 200 | SSH2_AGENTC_ADD_ID_CONSTRAINED | ||
| 201 | string "ecdsa-sha2-nistp256-cert-v01@openssh.com" | | ||
| 202 | "ecdsa-sha2-nistp384-cert-v01@openssh.com" | | ||
| 203 | "ecdsa-sha2-nistp521-cert-v01@openssh.com" | ||
| 204 | string certificate | ||
| 205 | mpint ecdsa_private_key | ||
| 206 | string key_comment | ||
| 207 | constraint[] key_constraints | ||
| 208 | |||
| 185 | RSA keys may be added with this request: | 209 | RSA keys may be added with this request: |
| 186 | 210 | ||
| 187 | byte SSH2_AGENTC_ADD_IDENTITY or | 211 | byte SSH2_AGENTC_ADD_IDENTITY or |
| @@ -214,7 +238,7 @@ order to the protocol 1 add keys message. As with the corresponding | |||
| 214 | protocol 1 "add key" request, the private key is overspecified to avoid | 238 | protocol 1 "add key" request, the private key is overspecified to avoid |
| 215 | redundant processing. | 239 | redundant processing. |
| 216 | 240 | ||
| 217 | For both DSA and RSA key add requests, "key_constraints" may only be | 241 | For DSA, ECDSA and RSA key add requests, "key_constraints" may only be |
| 218 | present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED. | 242 | present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED. |
| 219 | 243 | ||
| 220 | The agent will reply with a SSH_AGENT_SUCCESS if the key has been | 244 | The agent will reply with a SSH_AGENT_SUCCESS if the key has been |
| @@ -294,8 +318,7 @@ Protocol 2 keys may be removed with the following request: | |||
| 294 | string key_blob | 318 | string key_blob |
| 295 | 319 | ||
| 296 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key | 320 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
| 297 | Algorithms" for either of the supported key types: "ssh-dss" or | 321 | Algorithms" for any of the supported protocol 2 key types. |
| 298 | "ssh-rsa". | ||
| 299 | 322 | ||
| 300 | The agent will delete any private key matching the specified public key | 323 | The agent will delete any private key matching the specified public key |
| 301 | and return SSH_AGENT_SUCCESS. If no such key was found, the agent will | 324 | and return SSH_AGENT_SUCCESS. If no such key was found, the agent will |
| @@ -364,8 +387,7 @@ Followed by zero or more consecutive keys, encoded as: | |||
| 364 | string key_comment | 387 | string key_comment |
| 365 | 388 | ||
| 366 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key | 389 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
| 367 | Algorithms" for either of the supported key types: "ssh-dss" or | 390 | Algorithms" for any of the supported protocol 2 key types. |
| 368 | "ssh-rsa". | ||
| 369 | 391 | ||
| 370 | 2.6 Private key operations | 392 | 2.6 Private key operations |
| 371 | 393 | ||
| @@ -429,9 +451,9 @@ a protocol 2 key: | |||
| 429 | uint32 flags | 451 | uint32 flags |
| 430 | 452 | ||
| 431 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key | 453 | Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key |
| 432 | Algorithms" for either of the supported key types: "ssh-dss" or | 454 | Algorithms" for any of the supported protocol 2 key types. "flags" is |
| 433 | "ssh-rsa". "flags" is a bit-mask, but at present only one possible value | 455 | a bit-mask, but at present only one possible value is defined (see below |
| 434 | is defined (see below for its meaning): | 456 | for its meaning): |
| 435 | 457 | ||
| 436 | SSH_AGENT_OLD_SIGNATURE 1 | 458 | SSH_AGENT_OLD_SIGNATURE 1 |
| 437 | 459 | ||
| @@ -535,4 +557,4 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys. | |||
| 535 | SSH_AGENT_CONSTRAIN_LIFETIME 1 | 557 | SSH_AGENT_CONSTRAIN_LIFETIME 1 |
| 536 | SSH_AGENT_CONSTRAIN_CONFIRM 2 | 558 | SSH_AGENT_CONSTRAIN_CONFIRM 2 |
| 537 | 559 | ||
| 538 | $OpenBSD: PROTOCOL.agent,v 1.5 2010/02/26 20:29:54 djm Exp $ | 560 | $OpenBSD: PROTOCOL.agent,v 1.6 2010/08/31 11:54:45 djm Exp $ |