diff --git a/cmdgen.c b/cmdgen.c index 25078b9a..b12758a1 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -130,13 +130,17 @@ void help(void) " public RFC 4716 / ssh.com public key\n" " public-openssh OpenSSH public key\n" " fingerprint output the key fingerprint\n" + " cert-info print certificate information\n" " text output the key components as " "'name=0x####'\n" " -o specify output file\n" " -l equivalent to `-O fingerprint'\n" " -L equivalent to `-O public-openssh'\n" " -p equivalent to `-O public'\n" + " --cert-info equivalent to `-O cert-info'\n" " --dump equivalent to `-O text'\n" + " -E fptype specify fingerprint output type:\n" + " sha256, md5, sha256-cert, md5-cert\n" " --certificate file incorporate a certificate into the key\n" " --remove-certificate remove any certificate from the key\n" " --reencrypt load a key and save it with fresh " diff --git a/doc/man-puttygen.but b/doc/man-puttygen.but index 092f05c0..e6a2c990 100644 --- a/doc/man-puttygen.but +++ b/doc/man-puttygen.but @@ -12,10 +12,12 @@ \e bbbbbbbb iiiiiii bb iiiiiii bb iiii bbbbbbbb iiiiii bb \c [ -C new-comment ] [ -P ] [ --reencrypt ] \e bb iiiiiiiiiii bb bbbbbbbbbbb -\c [ -O output-type | -l | -L | -p | --dump ] [ -E fptype ] -\e bb iiiiiiiiiii bb bb bb bbbbbb bb iiiiii -\c [ --ppk-param key=value,... ] -\e bbbbbbbbbbb iiibiiiiib +\c [ --certificate cert-file | --remove-certificate ] +\e bbbbbbbbbbbbb iiiiiiiii bbbbbbbbbbbbbbbbbbbb +\c [ -O output-type | -l | -L | -p | --dump | --cert-info ] +\e bb iiiiiiiiiii bb bb bb bbbbbb bbbbbbbbbbb +\c [ --ppk-param key=value,... | -E fptype ] +\e bbbbbbbbbbb iiibiiiiib bb iiiiii \c [ -o output-file ] \e bb iiiiiiiiiii @@ -58,8 +60,9 @@ ssh.com's implementation. You can also specify a file containing only a \e{public} key here. The operations you can do are limited to outputting another public -key format or a fingerprint. Public keys can be in RFC 4716 or -OpenSSH format, or the standard SSH-1 format. +key format (possibly removing an attached certificate first), or a +fingerprint. Public keys can be in RFC 4716 or OpenSSH format, or +the standard SSH-1 format. } @@ -148,7 +151,8 @@ modifying an existing key. \dd Adds an OpenSSH-style certificate to the public half of the key, so that the output file contains a certified public key with the same private key. If the input file already contained a certificate, it -will be replaced with the new one. +will be replaced with the new one. (Use \cq{-} to read a certificate +from standard input.) \dt \cw{\-\-remove\-certificate} @@ -288,8 +292,9 @@ SSH. \lcont{ The output consists of a series of \cw{name=value} lines, where each -\c{value} is either a C-like string literal in double quotes, or a -hexadecimal number starting with \cw{0x...} +\c{value} is either a C-like string literal in double quotes, a +hexadecimal number starting with \cw{0x...}, or a binary blob +encoded with base64, denoted by \cw{b64("...")}. } If no output type is specified, the default is \c{private}. @@ -302,8 +307,9 @@ If no output type is specified, the default is \c{private}. this option is not specified, \c{puttygen} will assume you want to overwrite the original file if the input and output file types are the same (changing a comment or passphrase), and will assume you -want to output to stdout if you are asking for a public key or -fingerprint. Otherwise, the \c{\-o} option is required. +want to output to stdout if you are asking for a public key, +fingerprint, or one of the textual dump types. Otherwise, the +\c{\-o} option is required. \dt \cw{\-l}