Blame - ssh-keygen.c - platform/external/openssh

blob: 596da76fb1a515c56bbce870fab8a1e8ad236fb7 [file] [log] [blame]

Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1	/*
				2
				3	ssh-keygen.c
				4
				5	Author: Tatu Ylonen <ylo@cs.hut.fi>
				6
				7	Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				8	All rights reserved
				9
				10	Created: Mon Mar 27 02:26:40 1995 ylo
				11
				12	Identity and host key generation and maintenance.
				13
				14	*/
				15
				16	#include "includes.h"
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	17	RCSID("$Id: ssh-keygen.c,v 1.7 1999/11/21 07:31:57 damien Exp $");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	18
				19	#include "rsa.h"
				20	#include "ssh.h"
				21	#include "xmalloc.h"
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	22	#include "fingerprint.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	23
Damien Miller	3f90587	1999-11-15 17:10:57 +1100	[diff] [blame]	24	#ifdef HAVE___PROGNAME
				25	extern char *__progname;
				26	#else /* HAVE___PROGNAME */
				27	const char *__progname = "ssh-keygen";
				28	#endif /* HAVE___PROGNAME */
				29
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	30	/* Generated private key. */
				31	RSA *private_key;
				32
				33	/* Generated public key. */
				34	RSA *public_key;
				35
				36	/* Number of bits in the RSA key. This value can be changed on the command
				37	line. */
				38	int bits = 1024;
				39
				40	/* Flag indicating that we just want to change the passphrase. This can be
				41	set on the command line. */
				42	int change_passphrase = 0;
				43
				44	/* Flag indicating that we just want to change the comment. This can be set
				45	on the command line. */
				46	int change_comment = 0;
				47
				48	int quiet = 0;
				49
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	50	/* Flag indicating that we just want to see the key fingerprint */
				51	int print_fingerprint = 0;
				52
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	53	/* The identity file name, given on the command line or entered by the user. */
				54	char identity_file[1024];
				55	int have_identity = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	56
				57	/* This is set to the passphrase if given on the command line. */
				58	char *identity_passphrase = NULL;
				59
				60	/* This is set to the new passphrase if given on the command line. */
				61	char *identity_new_passphrase = NULL;
				62
				63	/* This is set to the new comment if given on the command line. */
				64	char *identity_comment = NULL;
				65
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	66	/* argv0 */
				67	extern char *__progname;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	68
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	69	void
				70	ask_filename(struct passwd pw, const char prompt)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	71	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	72	char buf[1024];
				73	snprintf(identity_file, sizeof(identity_file), "%s/%s",
				74	pw->pw_dir, SSH_CLIENT_IDENTITY);
				75	printf("%s (%s): ", prompt, identity_file);
				76	fflush(stdout);
				77	if (fgets(buf, sizeof(buf), stdin) == NULL)
				78	exit(1);
				79	if (strchr(buf, '\n'))
				80	*strchr(buf, '\n') = 0;
				81	if (strcmp(buf, "") != 0)
				82	strlcpy(identity_file, buf, sizeof(identity_file));
				83	have_identity = 1;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	84	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	85
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	86	void
				87	do_fingerprint(struct passwd *pw)
				88	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	89	char *comment;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	90	RSA *public_key;
				91	struct stat st;
				92
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	93	if (!have_identity)
				94	ask_filename(pw, "Enter file in which the key is");
				95	if (stat(identity_file, &st) < 0)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	96	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	97	perror(identity_file);
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	98	exit(1);
				99	}
				100	public_key = RSA_new();
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	101	if (!load_public_key(identity_file, public_key, &comment)) {
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	102	char *cp, line[1024];
				103	BIGNUM e, n;
				104	int dummy, invalid = 0;
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	105	FILE *f = fopen(identity_file, "r");
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	106	n = BN_new();
				107	e = BN_new();
				108	if (f && fgets(line, sizeof(line), f)) {
				109	cp = line;
				110	line[strlen(line)-1] = '\0';
				111	if (auth_rsa_read_key(&cp, &dummy, e, n)) {
				112	public_key->e = e;
				113	public_key->n = n;
				114	comment = xstrdup(cp ? cp : "no comment");
				115	} else {
				116	invalid = 1;
				117	}
				118	} else {
				119	invalid = 1;
				120	}
				121	if (invalid) {
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	122	printf("%s is not a valid key file.\n", identity_file);
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	123	BN_free(e);
				124	BN_free(n);
				125	exit(1);
				126	}
				127	}
				128
				129	printf("%d %s %s\n", BN_num_bits(public_key->n),
				130	fingerprint(public_key->e, public_key->n),
				131	comment);
				132	RSA_free(public_key);
				133	exit(0);
				134	}
				135
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	136	/* Perform changing a passphrase. The argument is the passwd structure
				137	for the current user. */
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	138
				139	void
				140	do_change_passphrase(struct passwd *pw)
				141	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	142	char *comment;
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	143	char old_passphrase, passphrase1, *passphrase2;
				144	struct stat st;
				145	RSA *private_key;
				146
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	147	if (!have_identity)
				148	ask_filename(pw, "Enter file in which the key is");
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	149	/* Check if the file exists. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	150	if (stat(identity_file, &st) < 0)
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	151	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	152	perror(identity_file);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	153	exit(1);
				154	}
				155
				156	/* Try to load the public key from the file the verify that it is
				157	readable and of the proper format. */
				158	public_key = RSA_new();
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	159	if (!load_public_key(identity_file, public_key, NULL))
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	160	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	161	printf("%s is not a valid key file.\n", identity_file);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	162	exit(1);
				163	}
				164	/* Clear the public key since we are just about to load the whole file. */
				165	RSA_free(public_key);
				166
				167	/* Try to load the file with empty passphrase. */
				168	private_key = RSA_new();
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	169	if (!load_private_key(identity_file, "", private_key, &comment)) {
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	170	/* Read passphrase from the user. */
				171	if (identity_passphrase)
				172	old_passphrase = xstrdup(identity_passphrase);
				173	else
				174	old_passphrase = read_passphrase("Enter old passphrase: ", 1);
				175	/* Try to load using the passphrase. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	176	if (!load_private_key(identity_file, old_passphrase, private_key, &comment))
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	177	{
				178	memset(old_passphrase, 0, strlen(old_passphrase));
				179	xfree(old_passphrase);
				180	printf("Bad passphrase.\n");
				181	exit(1);
				182	}
				183	/* Destroy the passphrase. */
				184	memset(old_passphrase, 0, strlen(old_passphrase));
				185	xfree(old_passphrase);
				186	}
				187	printf("Key has comment '%s'\n", comment);
Damien Miller	6d7b2cd	1999-11-12 15:19:27 +1100	[diff] [blame]	188
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	189	/* Ask the new passphrase (twice). */
				190	if (identity_new_passphrase)
				191	{
				192	passphrase1 = xstrdup(identity_new_passphrase);
				193	passphrase2 = NULL;
				194	}
				195	else
				196	{
				197	passphrase1 =
				198	read_passphrase("Enter new passphrase (empty for no passphrase): ", 1);
				199	passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
				200
				201	/* Verify that they are the same. */
				202	if (strcmp(passphrase1, passphrase2) != 0)
				203	{
				204	memset(passphrase1, 0, strlen(passphrase1));
				205	memset(passphrase2, 0, strlen(passphrase2));
				206	xfree(passphrase1);
				207	xfree(passphrase2);
				208	printf("Pass phrases do not match. Try again.\n");
				209	exit(1);
				210	}
				211	/* Destroy the other copy. */
				212	memset(passphrase2, 0, strlen(passphrase2));
				213	xfree(passphrase2);
				214	}
				215
				216	/* Save the file using the new passphrase. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	217	if (!save_private_key(identity_file, passphrase1, private_key, comment))
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	218	{
				219	printf("Saving the key failed: %s: %s.\n",
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	220	identity_file, strerror(errno));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	221	memset(passphrase1, 0, strlen(passphrase1));
				222	xfree(passphrase1);
				223	RSA_free(private_key);
				224	xfree(comment);
				225	exit(1);
				226	}
				227	/* Destroy the passphrase and the copy of the key in memory. */
				228	memset(passphrase1, 0, strlen(passphrase1));
				229	xfree(passphrase1);
				230	RSA_free(private_key); /* Destroys contents */
				231	xfree(comment);
				232
				233	printf("Your identification has been saved with the new passphrase.\n");
				234	exit(0);
				235	}
				236
				237	/* Change the comment of a private key file. */
				238
				239	void
				240	do_change_comment(struct passwd *pw)
				241	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	242	char new_comment[1024], *comment;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	243	RSA *private_key;
				244	char *passphrase;
				245	struct stat st;
				246	FILE *f;
				247	char *tmpbuf;
				248
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	249	if (!have_identity)
				250	ask_filename(pw, "Enter file in which the key is");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	251	/* Check if the file exists. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	252	if (stat(identity_file, &st) < 0)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	253	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	254	perror(identity_file);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	255	exit(1);
				256	}
				257
				258	/* Try to load the public key from the file the verify that it is
				259	readable and of the proper format. */
				260	public_key = RSA_new();
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	261	if (!load_public_key(identity_file, public_key, NULL))
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	262	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	263	printf("%s is not a valid key file.\n", identity_file);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	264	exit(1);
				265	}
				266
				267	private_key = RSA_new();
				268	/* Try to load the file with empty passphrase. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	269	if (load_private_key(identity_file, "", private_key, &comment))
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	270	passphrase = xstrdup("");
				271	else
				272	{
				273	/* Read passphrase from the user. */
				274	if (identity_passphrase)
				275	passphrase = xstrdup(identity_passphrase);
				276	else
				277	if (identity_new_passphrase)
				278	passphrase = xstrdup(identity_new_passphrase);
				279	else
				280	passphrase = read_passphrase("Enter passphrase: ", 1);
				281	/* Try to load using the passphrase. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	282	if (!load_private_key(identity_file, passphrase, private_key, &comment))
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	283	{
				284	memset(passphrase, 0, strlen(passphrase));
				285	xfree(passphrase);
				286	printf("Bad passphrase.\n");
				287	exit(1);
				288	}
				289	}
				290	printf("Key now has comment '%s'\n", comment);
				291
				292	if (identity_comment)
				293	{
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	294	strlcpy(new_comment, identity_comment, sizeof(new_comment));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	295	}
				296	else
				297	{
				298	printf("Enter new comment: ");
				299	fflush(stdout);
				300	if (!fgets(new_comment, sizeof(new_comment), stdin))
				301	{
				302	memset(passphrase, 0, strlen(passphrase));
				303	RSA_free(private_key);
				304	exit(1);
				305	}
				306
				307	/* Remove terminating newline from comment. */
				308	if (strchr(new_comment, '\n'))
				309	*strchr(new_comment, '\n') = 0;
				310	}
				311
				312	/* Save the file using the new passphrase. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	313	if (!save_private_key(identity_file, passphrase, private_key, new_comment))
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	314	{
				315	printf("Saving the key failed: %s: %s.\n",
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	316	identity_file, strerror(errno));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	317	memset(passphrase, 0, strlen(passphrase));
				318	xfree(passphrase);
				319	RSA_free(private_key);
				320	xfree(comment);
				321	exit(1);
				322	}
				323
				324	/* Destroy the passphrase and the private key in memory. */
				325	memset(passphrase, 0, strlen(passphrase));
				326	xfree(passphrase);
				327	RSA_free(private_key);
				328
				329	/* Save the public key in text format in a file with the same name but
				330	.pub appended. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	331	strlcat(identity_file, ".pub", sizeof(identity_file));
				332	f = fopen(identity_file, "w");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	333	if (!f)
				334	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	335	printf("Could not save your public key in %s\n", identity_file);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	336	exit(1);
				337	}
				338	fprintf(f, "%d ", BN_num_bits(public_key->n));
				339	tmpbuf = BN_bn2dec(public_key->e);
				340	fprintf(f, "%s ", tmpbuf);
				341	free (tmpbuf);
				342	tmpbuf = BN_bn2dec(public_key->n);
				343	fprintf(f, "%s %s\n", tmpbuf, new_comment);
				344	free (tmpbuf);
				345	fclose(f);
				346
				347	xfree(comment);
				348
				349	printf("The comment in your key file has been changed.\n");
				350	exit(0);
				351	}
				352
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	353	void
				354	usage(void)
				355	{
				356	printf("ssh-keygen version %s\n", SSH_VERSION);
				357	printf("Usage: %s [-b bits] [-p] [-c] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname);
				358	exit(1);
				359	}
				360
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	361	/* Main program for key management. */
				362
				363	int
				364	main(int ac, char **av)
				365	{
				366	char buf[16384], buf2[1024], passphrase1, passphrase2;
				367	struct passwd *pw;
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	368	char *tmpbuf;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	369	int opt;
				370	struct stat st;
				371	FILE *f;
				372	char hostname[MAXHOSTNAMELEN];
				373	extern int optind;
				374	extern char *optarg;
				375
				376	/* check if RSA support exists */
				377	if (rsa_alive() == 0) {
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	378	extern char *__progname;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	379
				380	fprintf(stderr,
				381	"%s: no RSA support in libssl and libcrypto. See ssl(8).\n",
				382	__progname);
				383	exit(1);
				384	}
				385
				386	/* Get user\'s passwd structure. We need this for the home directory. */
				387	pw = getpwuid(getuid());
				388	if (!pw)
				389	{
				390	printf("You don't exist, go away!\n");
				391	exit(1);
				392	}
				393
				394	/* Create ~/.ssh directory if it doesn\'t already exist. */
				395	snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_USER_DIR);
				396	if (stat(buf, &st) < 0)
				397	if (mkdir(buf, 0755) < 0)
				398	error("Could not create directory '%s'.", buf);
				399
				400	/* Parse command line arguments. */
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	401	while ((opt = getopt(ac, av, "qpclb:f:P:N:C:")) != EOF)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	402	{
				403	switch (opt)
				404	{
				405	case 'b':
				406	bits = atoi(optarg);
				407	if (bits < 512 \|\| bits > 32768)
				408	{
				409	printf("Bits has bad value.\n");
				410	exit(1);
				411	}
				412	break;
				413
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	414	case 'l':
				415	print_fingerprint = 1;
				416	break;
				417
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	418	case 'p':
				419	change_passphrase = 1;
				420	break;
				421
				422	case 'c':
				423	change_comment = 1;
				424	break;
				425
				426	case 'f':
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	427	strlcpy(identity_file, optarg, sizeof(identity_file));
				428	have_identity = 1;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	429	break;
				430
				431	case 'P':
				432	identity_passphrase = optarg;
				433	break;
				434
				435	case 'N':
				436	identity_new_passphrase = optarg;
				437	break;
				438
				439	case 'C':
				440	identity_comment = optarg;
				441	break;
				442
				443	case 'q':
				444	quiet = 1;
				445	break;
				446
				447	case '?':
				448	default:
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	449	usage();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	450	}
				451	}
				452	if (optind < ac)
				453	{
				454	printf("Too many arguments.\n");
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	455	usage();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	456	}
				457	if (change_passphrase && change_comment)
				458	{
				459	printf("Can only have one of -p and -c.\n");
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	460	usage();
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	461	}
				462
Damien Miller	10f6f6b	1999-11-17 17:29:08 +1100	[diff] [blame]	463	if (print_fingerprint)
				464	do_fingerprint(pw);
				465
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	466	/* If the user requested to change the passphrase, do it now. This
				467	function never returns. */
				468	if (change_passphrase)
				469	do_change_passphrase(pw);
				470
				471	/* If the user requested to change the comment, do it now. This function
				472	never returns. */
				473	if (change_comment)
				474	do_change_comment(pw);
				475
				476	arc4random_stir();
				477
				478	if (quiet)
				479	rsa_set_verbose(0);
				480
				481	/* Generate the rsa key pair. */
				482	private_key = RSA_new();
				483	public_key = RSA_new();
				484	rsa_generate_key(private_key, public_key, bits);
				485
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	486	if (!have_identity)
				487	ask_filename(pw, "Enter file in which to save the key");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	488
				489	/* If the file aready exists, ask the user to confirm. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	490	if (stat(identity_file, &st) >= 0)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	491	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	492	printf("%s already exists.\n", identity_file);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	493	printf("Overwrite (y/n)? ");
				494	fflush(stdout);
				495	if (fgets(buf2, sizeof(buf2), stdin) == NULL)
				496	exit(1);
				497	if (buf2[0] != 'y' && buf2[0] != 'Y')
				498	exit(1);
				499	}
				500
				501	/* Ask for a passphrase (twice). */
				502	if (identity_passphrase)
				503	passphrase1 = xstrdup(identity_passphrase);
				504	else
				505	if (identity_new_passphrase)
				506	passphrase1 = xstrdup(identity_new_passphrase);
				507	else
				508	{
				509	passphrase_again:
				510	passphrase1 =
				511	read_passphrase("Enter passphrase (empty for no passphrase): ", 1);
				512	passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
				513	if (strcmp(passphrase1, passphrase2) != 0)
				514	{
				515	/* The passphrases do not match. Clear them and retry. */
				516	memset(passphrase1, 0, strlen(passphrase1));
				517	memset(passphrase2, 0, strlen(passphrase2));
				518	xfree(passphrase1);
				519	xfree(passphrase2);
				520	printf("Passphrases do not match. Try again.\n");
				521	goto passphrase_again;
				522	}
				523	/* Clear the other copy of the passphrase. */
				524	memset(passphrase2, 0, strlen(passphrase2));
				525	xfree(passphrase2);
				526	}
				527
				528	/* Create default commend field for the passphrase. The user can later
				529	edit this field. */
				530	if (identity_comment)
				531	{
				532	strlcpy(buf2, identity_comment, sizeof(buf2));
				533	}
				534	else
				535	{
				536	if (gethostname(hostname, sizeof(hostname)) < 0)
				537	{
				538	perror("gethostname");
				539	exit(1);
				540	}
				541	snprintf(buf2, sizeof buf2, "%s@%s", pw->pw_name, hostname);
				542	}
				543
				544	/* Save the key with the given passphrase and comment. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	545	if (!save_private_key(identity_file, passphrase1, private_key, buf2))
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	546	{
				547	printf("Saving the key failed: %s: %s.\n",
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	548	identity_file, strerror(errno));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	549	memset(passphrase1, 0, strlen(passphrase1));
				550	xfree(passphrase1);
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	551	exit(1);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	552	}
				553	/* Clear the passphrase. */
				554	memset(passphrase1, 0, strlen(passphrase1));
				555	xfree(passphrase1);
				556
				557	/* Clear the private key and the random number generator. */
				558	RSA_free(private_key);
				559	arc4random_stir();
				560
				561	if (!quiet)
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	562	printf("Your identification has been saved in %s.\n", identity_file);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	563
				564	/* Display the public key on the screen. */
				565	if (!quiet) {
				566	printf("Your public key is:\n");
				567	printf("%d ", BN_num_bits(public_key->n));
				568	tmpbuf = BN_bn2dec(public_key->e);
				569	printf("%s ", tmpbuf);
				570	free(tmpbuf);
				571	tmpbuf = BN_bn2dec(public_key->n);
				572	printf("%s %s\n", tmpbuf, buf2);
				573	free(tmpbuf);
				574	}
				575
				576	/* Save the public key in text format in a file with the same name but
				577	.pub appended. */
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	578	strlcat(identity_file, ".pub", sizeof(identity_file));
				579	f = fopen(identity_file, "w");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	580	if (!f)
				581	{
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	582	printf("Could not save your public key in %s\n", identity_file);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	583	exit(1);
				584	}
				585	fprintf(f, "%d ", BN_num_bits(public_key->n));
				586	tmpbuf = BN_bn2dec(public_key->e);
				587	fprintf(f, "%s ", tmpbuf);
				588	free(tmpbuf);
				589	tmpbuf = BN_bn2dec(public_key->n);
				590	fprintf(f, "%s %s\n", tmpbuf, buf2);
				591	free(tmpbuf);
				592	fclose(f);
				593
				594	if (!quiet)
Damien Miller	431f66b	1999-11-21 18:31:57 +1100	[diff] [blame^]	595	printf("Your public key has been saved in %s\n", identity_file);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	596
				597	exit(0);
				598	}