| # Placed in the Public Domain. |
| |
| tid="Comment extraction from private key" |
| |
| S1="secret1" |
| |
| check_fingerprint () { |
| file="$1" |
| comment="$2" |
| trace "fingerprinting $file" |
| if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then |
| fail "ssh-keygen -l failed for $t-key" |
| fi |
| if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)\$" \ |
| $OBJ/$t-fgp >/dev/null 2>&1 ; then |
| fail "comment is not correctly recovered for $t-key" |
| fi |
| rm -f $OBJ/$t-fgp |
| } |
| |
| for fmt in '' RFC4716 PKCS8 PEM; do |
| for t in $SSH_KEYTYPES; do |
| trace "generating $t key in '$fmt' format" |
| rm -f $OBJ/$t-key* |
| oldfmt="" |
| case "$fmt" in |
| PKCS8|PEM) oldfmt=1 ;; |
| esac |
| # Some key types like ssh-ed25519 and *@openssh.com are never |
| # stored in old formats. |
| case "$t" in |
| ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;; |
| esac |
| comment="foo bar" |
| fmtarg="" |
| test -z "$fmt" || fmtarg="-m $fmt" |
| ${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \ |
| -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \ |
| fatal "keygen of $t in format $fmt failed" |
| check_fingerprint $OBJ/$t-key "${comment}" |
| check_fingerprint $OBJ/$t-key.pub "${comment}" |
| # Output fingerprint using only private file |
| trace "fingerprinting $t key using private key file" |
| rm -f $OBJ/$t-key.pub |
| if [ ! -z "$oldfmt" ] ; then |
| # Comment cannot be recovered from old format keys. |
| comment="no comment" |
| fi |
| check_fingerprint $OBJ/$t-key "${comment}" |
| rm -f $OBJ/$t-key* |
| done |
| done |