- djm@cvs.openbsd.org 2013/01/03 23:22:58
[ssh-keygen.c]
allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
ok markus@
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 1bbe0b0..106f153 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.220 2012/12/03 00:14:06 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.221 2013/01/03 23:22:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -723,15 +723,30 @@
#ifdef ENABLE_PKCS11
Key **keys = NULL;
int i, nkeys;
+ enum fp_rep rep;
+ enum fp_type fptype;
+ char *fp, *ra;
pkcs11_init(0);
nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);
if (nkeys <= 0)
fatal("cannot read public key from pkcs11");
for (i = 0; i < nkeys; i++) {
- key_write(keys[i], stdout);
+ if (print_fingerprint) {
+ fp = key_fingerprint(keys[i], fptype, rep);
+ ra = key_fingerprint(keys[i], SSH_FP_MD5,
+ SSH_FP_RANDOMART);
+ printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]),
+ fp, key_type(keys[i]));
+ if (log_level >= SYSLOG_LEVEL_VERBOSE)
+ printf("%s\n", ra);
+ xfree(ra);
+ xfree(fp);
+ } else {
+ key_write(keys[i], stdout);
+ fprintf(stdout, "\n");
+ }
key_free(keys[i]);
- fprintf(stdout, "\n");
}
xfree(keys);
pkcs11_terminate();
@@ -2177,7 +2192,7 @@
usage();
}
if (print_fingerprint && (delete_host || hash_hosts)) {
- printf("Cannot use -l with -D or -R.\n");
+ printf("Cannot use -l with -H or -R.\n");
usage();
}
if (ca_key_path != NULL) {
@@ -2189,6 +2204,8 @@
do_show_cert(pw);
if (delete_host || hash_hosts || find_host)
do_known_hosts(pw, rr_hostname);
+ if (pkcs11provider != NULL)
+ do_download(pw);
if (print_fingerprint || print_bubblebabble)
do_fingerprint(pw);
if (change_passphrase)
@@ -2226,8 +2243,6 @@
exit(0);
}
}
- if (pkcs11provider != NULL)
- do_download(pw);
if (do_gen_candidates) {
FILE *out = fopen(out_file, "w");