From eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 15 Jul 2019 13:16:29 +0000 Subject: upstream: support PKCS8 as an optional format for storage of private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1 --- authfile.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'authfile.c') diff --git a/authfile.c b/authfile.c index 2166c1689..851c1a8a1 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.132 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: authfile.c,v 1.133 2019/07/15 13:16:29 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -74,7 +74,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) int sshkey_save_private(struct sshkey *key, const char *filename, const char *passphrase, const char *comment, - int force_new_format, const char *new_format_cipher, int new_format_rounds) + int format, const char *openssh_format_cipher, int openssh_format_rounds) { struct sshbuf *keyblob = NULL; int r; @@ -82,7 +82,7 @@ sshkey_save_private(struct sshkey *key, const char *filename, if ((keyblob = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment, - force_new_format, new_format_cipher, new_format_rounds)) != 0) + format, openssh_format_cipher, openssh_format_rounds)) != 0) goto out; if ((r = sshkey_save_private_blob(keyblob, filename)) != 0) goto out; -- cgit v1.2.3