1# Placed in the Public Domain. 2 3tid="Comment extraction from private key" 4 5S1="secret1" 6 7check_fingerprint () { 8 file="$1" 9 comment="$2" 10 trace "fingerprinting $file" 11 if ! ${SSHKEYGEN} -l -E sha256 -f $file > $OBJ/$t-fgp ; then 12 fail "ssh-keygen -l failed for $t-key" 13 fi 14 if ! egrep "^([0-9]+) SHA256:(.){43} ${comment} \(.*\)\$" \ 15 $OBJ/$t-fgp >/dev/null 2>&1 ; then 16 fail "comment is not correctly recovered for $t-key" 17 fi 18 rm -f $OBJ/$t-fgp 19} 20 21for fmt in '' RFC4716 PKCS8 PEM; do 22 for t in $SSH_KEYTYPES; do 23 trace "generating $t key in '$fmt' format" 24 rm -f $OBJ/$t-key* 25 oldfmt="" 26 case "$fmt" in 27 PKCS8|PEM) oldfmt=1 ;; 28 esac 29 # Some key types like ssh-ed25519 and *@openssh.com are never 30 # stored in old formats. 31 case "$t" in 32 ssh-ed25519|*openssh.com) test -z "$oldfmt" || continue ;; 33 esac 34 comment="foo bar" 35 fmtarg="" 36 test -z "$fmt" || fmtarg="-m $fmt" 37 ${SSHKEYGEN} $fmtarg -N '' -C "${comment}" \ 38 -t $t -f $OBJ/$t-key >/dev/null 2>&1 || \ 39 fatal "keygen of $t in format $fmt failed" 40 check_fingerprint $OBJ/$t-key "${comment}" 41 check_fingerprint $OBJ/$t-key.pub "${comment}" 42 # Output fingerprint using only private file 43 trace "fingerprinting $t key using private key file" 44 rm -f $OBJ/$t-key.pub 45 if [ ! -z "$oldfmt" ] ; then 46 # Comment cannot be recovered from old format keys. 47 comment="no comment" 48 fi 49 check_fingerprint $OBJ/$t-key "${comment}" 50 rm -f $OBJ/$t-key* 51 done 52done 53