summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-04-17 16:44:19 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-04-17 16:44:19 -0400
commitf4d3bc45faeb18bf89313fbb446b1eee77501797 (patch)
tree70571b92b443df7070eb7897c2587420c7c75e3d /src
parent088bf1f053a42df8276cf15ca87c826bbad0e398 (diff)
handling ssh fingerprinting internally with keytrans for sshfprs-for-userid
Diffstat (limited to 'src')
-rwxr-xr-xsrc/monkeysphere12
-rwxr-xr-xsrc/share/keytrans19
2 files changed, 18 insertions, 13 deletions
diff --git a/src/monkeysphere b/src/monkeysphere
index 121db36..8ce0c22 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -272,17 +272,7 @@ case $COMMAND in
'sshfprs-for-userid')
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
- keytmpdir=$(msmktempdir)
- # use a file named " " to avoid arbitrary non-whitespace text
- # in the fingerprint output
- keytmpfile="$keytmpdir/ "
- cd "$keytmpdir"
- keys_for_userid "$@" | while read KEYLINE ; do
- printf '%s\n' "$KEYLINE" > "$keytmpdir/ "
- ssh-keygen -l -f ' '
- done
- rm -f "$keytmpfile"
- rmdir "$keytmpdir"
+ keys_for_userid "$@" | "$SYSSHAREDIR/keytrans" sshfpr
;;
'keys-from-userid')
diff --git a/src/share/keytrans b/src/share/keytrans
index 33a6bc5..60eab55 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -210,6 +210,15 @@ sub simple_checksum {
return unpack("%16C*",$bytes);
}
+
+# calculate/print the fingerprint of an openssh-style keyblob:
+
+sub sshfpr {
+ my $keyblob = shift;
+ use Digest::MD5;
+ return join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5($keyblob))));
+}
+
# calculate the multiplicative inverse of a mod b this is euclid's
# extended algorithm. For more information see:
# http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the
@@ -1144,6 +1153,13 @@ for (basename($0)) {
binmode($instream, ":bytes");
my $keys = getallprimarykeys($instream);
printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys})));
+ } elsif (/^sshfpr$/) {
+ use MIME::Base64;
+ my $b64keyblob;
+ my $dummy;
+ while (($dummy,$b64keyblob) = split(/ /, <STDIN>)) {
+ printf("%s\n", sshfpr(decode_base64($b64keyblob)));
+ }
} elsif (/^openpgp2sshfpr$/) {
my $fpr = shift;
my $instream;
@@ -1152,10 +1168,9 @@ for (basename($0)) {
my $key = openpgp2rsa($instream, $fpr);
if (defined($key)) {
# openssh uses MD5 for key fingerprints:
- use Digest::MD5;
printf("%d %s %s\n",
$key->size() * 8, # size() is in bytes -- we want bits
- join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5(openssh_pubkey_pack($key))))),
+ sshfpr(openssh_pubkey_pack($key)),
'(RSA)', # FIXME when we support other than RSA.
);
} else {