| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- # Placed in the Public Domain.
- tid="Comment extraction from private key"
- S1="secret1"
- check_fingerprint()
- {
- file="$1"
- comment="$2"
- trace "fingerprinting $file"
- if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp; then
- fail "ssh-keygen -l failed for $t-key"
- fi
- if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)\$" \
- $OBJ/$t-fgp > /dev/null 2>&1; then
- fail "comment is not correctly recovered for $t-key"
- fi
- rm -f $OBJ/$t-fgp
- }
- for fmt in '' RFC4716 PKCS8 PEM; do
- for t in $SSH_KEYTYPES; do
- trace "generating $t key in '$fmt' format"
- rm -f $OBJ/$t-key*
- oldfmt=""
- case "$fmt" in
- PKCS8 | PEM) oldfmt=1 ;;
- esac
- # Some key types like ssh-ed25519 and *@openssh.com are never
- # stored in old formats.
- case "$t" in
- ssh-ed25519 | *openssh.com) test -z "$oldfmt" || continue ;;
- esac
- comment="foo bar"
- fmtarg=""
- test -z "$fmt" || fmtarg="-m $fmt"
- ${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \
- -t $t -f $OBJ/$t-key > /dev/null 2>&1 ||
- fatal "keygen of $t in format $fmt failed"
- check_fingerprint $OBJ/$t-key "${comment}"
- check_fingerprint $OBJ/$t-key.pub "${comment}"
- # Output fingerprint using only private file
- trace "fingerprinting $t key using private key file"
- rm -f $OBJ/$t-key.pub
- if [ ! -z "$oldfmt" ]; then
- # Comment cannot be recovered from old format keys.
- comment="no comment"
- fi
- check_fingerprint $OBJ/$t-key "${comment}"
- rm -f $OBJ/$t-key*
- done
- done
|
