From af9a66be2a84aa26089531804a738b11433910ad Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Wed, 7 Apr 2021 22:57:51 +0100 Subject: [PATCH] cmdgen: have --dump output private parts of PPKs. This seems more useful than the previous behaviour of not prompting for a passphrase and only emitting the public part; if we want that back I suppose we could invent a "-O text-public". Also, document the text dump format a bit in the man page. --- cmdgen.c | 26 +++++++++++++++++--------- doc/man-puttygen.but | 13 ++++++++++--- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/cmdgen.c b/cmdgen.c index 096282ad..409b4c5b 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -810,22 +810,30 @@ int main(int argc, char **argv) /* * Figure out whether we need to load the encrypted part of the - * key. This will be the case if either (a) we need to write - * out a private key format, or (b) the entire input key file - * is encrypted. + * key. This will be the case if (a) we need to write out + * a private key format, (b) the entire input key file is + * encrypted, or (c) we're outputting TEXT, in which case we + * want all of the input file including private material if it + * exists. */ - if (outtype == PRIVATE || outtype == OPENSSH_AUTO || - outtype == OPENSSH_NEW || outtype == SSHCOM || + bool intype_entirely_encrypted = intype == SSH_KEYTYPE_OPENSSH_PEM || intype == SSH_KEYTYPE_OPENSSH_NEW || - intype == SSH_KEYTYPE_SSHCOM) + intype == SSH_KEYTYPE_SSHCOM; + bool intype_has_private = + !(intype == SSH_KEYTYPE_SSH1_PUBLIC || + intype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 || + intype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH); + bool outtype_has_private = + outtype == PRIVATE || outtype == OPENSSH_AUTO || + outtype == OPENSSH_NEW || outtype == SSHCOM; + if (outtype_has_private || intype_entirely_encrypted || + (outtype == TEXT && intype_has_private)) load_encrypted = true; else load_encrypted = false; - if (load_encrypted && (intype == SSH_KEYTYPE_SSH1_PUBLIC || - intype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 || - intype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH)) { + if (load_encrypted && !intype_has_private) { fprintf(stderr, "puttygen: cannot perform this action on a " "public-key-only input file\n"); RETURN(1); diff --git a/doc/man-puttygen.but b/doc/man-puttygen.but index 64e795e4..7593bc34 100644 --- a/doc/man-puttygen.but +++ b/doc/man-puttygen.but @@ -167,9 +167,16 @@ permitted for SSH-1 keys. \dt \cw{text} -\dd Save a textual dump of all the numbers that comprise the key. -Useful for debugging, or for using PuTTYgen as a key generator for -applications other than SSH. +\dd Save a textual dump of the numeric components comprising the key +(both the public and private parts, if present). Useful for debugging, +or for using PuTTYgen as a key generator for applications other than +SSH. + +\lcont{ +The output consists of a series of \cw{name=value} lines, where each +\c{value} is either a C-like string literal in double quotes, or a +hexadecimal number starting with \cw{0x...} +} If no output type is specified, the default is \c{private}.