openssh/regress/keygen-comment.sh

53 lines
1.4 KiB
Bash
Raw Permalink Normal View History

#    Placed in the Public Domain.
tid="Comment extraction from private key"
S1="secret1"
check_fingerprint () {
file="$1"
comment="$2"
trace "fingerprinting $file"
if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
fail "ssh-keygen -l failed for $t-key"
fi
if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)\$" \
$OBJ/$t-fgp >/dev/null 2>&1 ; then
fail "comment is not correctly recovered for $t-key"
fi
rm -f $OBJ/$t-fgp
}
for fmt in '' RFC4716 PKCS8 PEM; do
for t in $SSH_KEYTYPES; do
trace "generating $t key in '$fmt' format"
rm -f $OBJ/$t-key*
oldfmt=""
case "$fmt" in
PKCS8|PEM) oldfmt=1 ;;
esac
# Some key types like ssh-ed25519 and *@openssh.com are never
# stored in old formats.
case "$t" in
ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;;
esac
comment="foo bar"
fmtarg=""
test -z "$fmt" || fmtarg="-m $fmt"
${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
-t $t -f $OBJ/$t-key >/dev/null 2>&1 || \
fatal "keygen of $t in format $fmt failed"
check_fingerprint $OBJ/$t-key "${comment}"
check_fingerprint $OBJ/$t-key.pub "${comment}"
# Output fingerprint using only private file
trace "fingerprinting $t key using private key file"
rm -f $OBJ/$t-key.pub
if [ ! -z "$oldfmt" ] ; then
# Comment cannot be recovered from old format keys.
comment="no comment"
fi
check_fingerprint $OBJ/$t-key "${comment}"
rm -f $OBJ/$t-key*
done
done