mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-11-23 09:17:32 +08:00
53 lines
1.4 KiB
Bash
53 lines
1.4 KiB
Bash
# Placed in the Public Domain.
|
||
|
||
tid="Comment extraction from private key"
|
||
|
||
S1="secret1"
|
||
|
||
check_fingerprint () {
|
||
file="$1"
|
||
comment="$2"
|
||
trace "fingerprinting $file"
|
||
if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then
|
||
fail "ssh-keygen -l failed for $t-key"
|
||
fi
|
||
if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)\$" \
|
||
$OBJ/$t-fgp >/dev/null 2>&1 ; then
|
||
fail "comment is not correctly recovered for $t-key"
|
||
fi
|
||
rm -f $OBJ/$t-fgp
|
||
}
|
||
|
||
for fmt in '' RFC4716 PKCS8 PEM; do
|
||
for t in $SSH_KEYTYPES; do
|
||
trace "generating $t key in '$fmt' format"
|
||
rm -f $OBJ/$t-key*
|
||
oldfmt=""
|
||
case "$fmt" in
|
||
PKCS8|PEM) oldfmt=1 ;;
|
||
esac
|
||
# Some key types like ssh-ed25519 and *@openssh.com are never
|
||
# stored in old formats.
|
||
case "$t" in
|
||
ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;;
|
||
esac
|
||
comment="foo bar"
|
||
fmtarg=""
|
||
test -z "$fmt" || fmtarg="-m $fmt"
|
||
${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
|
||
-t $t -f $OBJ/$t-key >/dev/null 2>&1 || \
|
||
fatal "keygen of $t in format $fmt failed"
|
||
check_fingerprint $OBJ/$t-key "${comment}"
|
||
check_fingerprint $OBJ/$t-key.pub "${comment}"
|
||
# Output fingerprint using only private file
|
||
trace "fingerprinting $t key using private key file"
|
||
rm -f $OBJ/$t-key.pub
|
||
if [ ! -z "$oldfmt" ] ; then
|
||
# Comment cannot be recovered from old format keys.
|
||
comment="no comment"
|
||
fi
|
||
check_fingerprint $OBJ/$t-key "${comment}"
|
||
rm -f $OBJ/$t-key*
|
||
done
|
||
done
|