cmdgen: add a --reencrypt option.

This allows you to load and save the same key without making any semantic changes to it. Currently, you can only do that by pretending to make a change, like changing the passphrase or the comment to the same thing it was before. With two key file formats now supported, and a bunch of reconfigurable parameters in the v3 key derivation, it's now more likely that you'd want to re-encrypt the same key in a different way, to upgrade or downgrade or tinker with it. (Or perhaps even just re-randomise the salt, so that someone reading the key file doesn't know _whether_ you've changed the passphrase!)
2025-01-09 09:27:59 +00:00 · 2021-02-22 17:56:02 +00:00 · 2021-02-22 17:56:02 +00:00 · b8f3fc4bd1
commit b8f3fc4bd1
parent e9aa28fe02
1 changed files with 6 additions and 2 deletions
--- a/cmdgen.c
+++ b/cmdgen.c
@ -137,6 +137,8 @@ void help(void)
           "  -L    equivalent to `-O public-openssh'\n"
           "  -p    equivalent to `-O public'\n"
           "  --dump   equivalent to `-O text'\n"
+           "  --reencrypt          load a key and save it with fresh "
+           "encryption\n"
           "  --old-passphrase file\n"
           "        specify file containing old key passphrase\n"
           "  --new-passphrase file\n"
@ -211,7 +213,7 @@ int main(int argc, char **argv)
    int bits = -1;
    const char *comment = NULL;
    char *origcomment = NULL;
-    bool change_passphrase = false;
+    bool change_passphrase = false, reencrypt = false;
    bool errs = false, nogo = false;
    int intype = SSH_KEYTYPE_UNOPENABLE;
    int sshver = 0;
@ -362,6 +364,8 @@ int main(int argc, char **argv)
                        }
                    } else if (!strcmp(opt, "-strong-rsa")) {
                        strong_rsa = true;
+                    } else if (!strcmp(opt, "-reencrypt")) {
+                        reencrypt = true;
                    } else {
                      errs = true;
                      fprintf(stderr,
@ -680,7 +684,7 @@ int main(int argc, char **argv)
            outfiletmp = dupcat(outfile, ".tmp");
        }

-        if (!change_passphrase && !comment) {
+        if (!change_passphrase && !comment && !reencrypt) {
            fprintf(stderr, "puttygen: this command would perform no useful"
                    " action\n");
            RETURN(1);