cmdgen: have --dump output private parts of PPKs.

This seems more useful than the previous behaviour of not prompting for a passphrase and only emitting the public part; if we want that back I suppose we could invent a "-O text-public". Also, document the text dump format a bit in the man page.
2025-01-09 17:38:00 +00:00 · 2021-04-07 22:57:51 +01:00 · 2021-04-07 22:57:51 +01:00 · af9a66be2a
commit af9a66be2a
parent 21c2e451da
2 changed files with 27 additions and 12 deletions
--- a/cmdgen.c
+++ b/cmdgen.c
@ -810,22 +810,30 @@ int main(int argc, char **argv)

    /*
     * Figure out whether we need to load the encrypted part of the
-     * key. This will be the case if either (a) we need to write
-     * out a private key format, or (b) the entire input key file
-     * is encrypted.
+     * key. This will be the case if (a) we need to write out
+     * a private key format, (b) the entire input key file is
+     * encrypted, or (c) we're outputting TEXT, in which case we
+     * want all of the input file including private material if it
+     * exists.
     */
-    if (outtype == PRIVATE || outtype == OPENSSH_AUTO ||
-        outtype == OPENSSH_NEW || outtype == SSHCOM ||
+    bool intype_entirely_encrypted =
        intype == SSH_KEYTYPE_OPENSSH_PEM ||
        intype == SSH_KEYTYPE_OPENSSH_NEW ||
-        intype == SSH_KEYTYPE_SSHCOM)
+        intype == SSH_KEYTYPE_SSHCOM;
+    bool intype_has_private =
+        !(intype == SSH_KEYTYPE_SSH1_PUBLIC ||
+          intype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 ||
+          intype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH);
+    bool outtype_has_private =
+        outtype == PRIVATE || outtype == OPENSSH_AUTO ||
+        outtype == OPENSSH_NEW || outtype == SSHCOM;
+    if (outtype_has_private || intype_entirely_encrypted ||
+        (outtype == TEXT && intype_has_private))
        load_encrypted = true;
    else
        load_encrypted = false;

-    if (load_encrypted && (intype == SSH_KEYTYPE_SSH1_PUBLIC ||
-                           intype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 ||
-                           intype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH)) {
+    if (load_encrypted && !intype_has_private) {
        fprintf(stderr, "puttygen: cannot perform this action on a "
                "public-key-only input file\n");
        RETURN(1);
--- a/doc/man-puttygen.but
+++ b/doc/man-puttygen.but
@ -167,9 +167,16 @@ permitted for SSH-1 keys.

 \dt \cw{text}

-\dd Save a textual dump of all the numbers that comprise the key.
-Useful for debugging, or for using PuTTYgen as a key generator for
-applications other than SSH.
+\dd Save a textual dump of the numeric components comprising the key
+(both the public and private parts, if present). Useful for debugging,
+or for using PuTTYgen as a key generator for applications other than
+SSH.
+
+\lcont{
+The output consists of a series of \cw{name=value} lines, where each
+\c{value} is either a C-like string literal in double quotes, or a
+hexadecimal number starting with \cw{0x...}
+}

 If no output type is specified, the default is \c{private}.