1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

cmdgen: add a --reencrypt option.

This allows you to load and save the same key without making any
semantic changes to it. Currently, you can only do that by pretending
to make a change, like changing the passphrase or the comment to the
same thing it was before.

With two key file formats now supported, and a bunch of reconfigurable
parameters in the v3 key derivation, it's now more likely that you'd
want to re-encrypt the same key in a different way, to upgrade or
downgrade or tinker with it. (Or perhaps even just re-randomise the
salt, so that someone reading the key file doesn't know _whether_
you've changed the passphrase!)
This commit is contained in:
Simon Tatham 2021-02-22 17:56:02 +00:00
parent e9aa28fe02
commit b8f3fc4bd1

View File

@ -137,6 +137,8 @@ void help(void)
" -L equivalent to `-O public-openssh'\n" " -L equivalent to `-O public-openssh'\n"
" -p equivalent to `-O public'\n" " -p equivalent to `-O public'\n"
" --dump equivalent to `-O text'\n" " --dump equivalent to `-O text'\n"
" --reencrypt load a key and save it with fresh "
"encryption\n"
" --old-passphrase file\n" " --old-passphrase file\n"
" specify file containing old key passphrase\n" " specify file containing old key passphrase\n"
" --new-passphrase file\n" " --new-passphrase file\n"
@ -211,7 +213,7 @@ int main(int argc, char **argv)
int bits = -1; int bits = -1;
const char *comment = NULL; const char *comment = NULL;
char *origcomment = NULL; char *origcomment = NULL;
bool change_passphrase = false; bool change_passphrase = false, reencrypt = false;
bool errs = false, nogo = false; bool errs = false, nogo = false;
int intype = SSH_KEYTYPE_UNOPENABLE; int intype = SSH_KEYTYPE_UNOPENABLE;
int sshver = 0; int sshver = 0;
@ -362,6 +364,8 @@ int main(int argc, char **argv)
} }
} else if (!strcmp(opt, "-strong-rsa")) { } else if (!strcmp(opt, "-strong-rsa")) {
strong_rsa = true; strong_rsa = true;
} else if (!strcmp(opt, "-reencrypt")) {
reencrypt = true;
} else { } else {
errs = true; errs = true;
fprintf(stderr, fprintf(stderr,
@ -680,7 +684,7 @@ int main(int argc, char **argv)
outfiletmp = dupcat(outfile, ".tmp"); outfiletmp = dupcat(outfile, ".tmp");
} }
if (!change_passphrase && !comment) { if (!change_passphrase && !comment && !reencrypt) {
fprintf(stderr, "puttygen: this command would perform no useful" fprintf(stderr, "puttygen: this command would perform no useful"
" action\n"); " action\n");
RETURN(1); RETURN(1);