From b8f3fc4bd1c17c74fa1f17f78eb55a24a4f7a53e Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Mon, 22 Feb 2021 17:56:02 +0000 Subject: [PATCH] cmdgen: add a --reencrypt option. This allows you to load and save the same key without making any semantic changes to it. Currently, you can only do that by pretending to make a change, like changing the passphrase or the comment to the same thing it was before. With two key file formats now supported, and a bunch of reconfigurable parameters in the v3 key derivation, it's now more likely that you'd want to re-encrypt the same key in a different way, to upgrade or downgrade or tinker with it. (Or perhaps even just re-randomise the salt, so that someone reading the key file doesn't know _whether_ you've changed the passphrase!) --- cmdgen.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/cmdgen.c b/cmdgen.c index 69073386..c7f6edbf 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -137,6 +137,8 @@ void help(void) " -L equivalent to `-O public-openssh'\n" " -p equivalent to `-O public'\n" " --dump equivalent to `-O text'\n" + " --reencrypt load a key and save it with fresh " + "encryption\n" " --old-passphrase file\n" " specify file containing old key passphrase\n" " --new-passphrase file\n" @@ -211,7 +213,7 @@ int main(int argc, char **argv) int bits = -1; const char *comment = NULL; char *origcomment = NULL; - bool change_passphrase = false; + bool change_passphrase = false, reencrypt = false; bool errs = false, nogo = false; int intype = SSH_KEYTYPE_UNOPENABLE; int sshver = 0; @@ -362,6 +364,8 @@ int main(int argc, char **argv) } } else if (!strcmp(opt, "-strong-rsa")) { strong_rsa = true; + } else if (!strcmp(opt, "-reencrypt")) { + reencrypt = true; } else { errs = true; fprintf(stderr, @@ -680,7 +684,7 @@ int main(int argc, char **argv) outfiletmp = dupcat(outfile, ".tmp"); } - if (!change_passphrase && !comment) { + if (!change_passphrase && !comment && !reencrypt) { fprintf(stderr, "puttygen: this command would perform no useful" " action\n"); RETURN(1);