summaryrefslogtreecommitdiff
path: root/src/share/keytrans
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-04-17 16:44:19 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-04-17 16:44:19 -0400
commitf4d3bc45faeb18bf89313fbb446b1eee77501797 (patch)
tree70571b92b443df7070eb7897c2587420c7c75e3d /src/share/keytrans
parent088bf1f053a42df8276cf15ca87c826bbad0e398 (diff)
handling ssh fingerprinting internally with keytrans for sshfprs-for-userid
Diffstat (limited to 'src/share/keytrans')
-rwxr-xr-xsrc/share/keytrans19
1 files changed, 17 insertions, 2 deletions
diff --git a/src/share/keytrans b/src/share/keytrans
index 33a6bc5..60eab55 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -210,6 +210,15 @@ sub simple_checksum {
return unpack("%16C*",$bytes);
}
+
+# calculate/print the fingerprint of an openssh-style keyblob:
+
+sub sshfpr {
+ my $keyblob = shift;
+ use Digest::MD5;
+ return join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5($keyblob))));
+}
+
# calculate the multiplicative inverse of a mod b this is euclid's
# extended algorithm. For more information see:
# http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the
@@ -1144,6 +1153,13 @@ for (basename($0)) {
binmode($instream, ":bytes");
my $keys = getallprimarykeys($instream);
printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys})));
+ } elsif (/^sshfpr$/) {
+ use MIME::Base64;
+ my $b64keyblob;
+ my $dummy;
+ while (($dummy,$b64keyblob) = split(/ /, <STDIN>)) {
+ printf("%s\n", sshfpr(decode_base64($b64keyblob)));
+ }
} elsif (/^openpgp2sshfpr$/) {
my $fpr = shift;
my $instream;
@@ -1152,10 +1168,9 @@ for (basename($0)) {
my $key = openpgp2rsa($instream, $fpr);
if (defined($key)) {
# openssh uses MD5 for key fingerprints:
- use Digest::MD5;
printf("%d %s %s\n",
$key->size() * 8, # size() is in bytes -- we want bits
- join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5(openssh_pubkey_pack($key))))),
+ sshfpr(openssh_pubkey_pack($key)),
'(RSA)', # FIXME when we support other than RSA.
);
} else {