nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

cmdgen: add a --reencrypt option.

Browse Source 
This allows you to load and save the same key without making any
semantic changes to it. Currently, you can only do that by pretending
to make a change, like changing the passphrase or the comment to the
same thing it was before.

With two key file formats now supported, and a bunch of reconfigurable
parameters in the v3 key derivation, it's now more likely that you'd
want to re-encrypt the same key in a different way, to upgrade or
downgrade or tinker with it. (Or perhaps even just re-randomise the
salt, so that someone reading the key file doesn't know _whether_
you've changed the passphrase!)
This commit is contained in:
Simon Tatham 2021-02-22 17:56:02 +00:00
parent e9aa28fe02
commit b8f3fc4bd1
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmdgen.c
View File

@ -137,6 +137,8 @@ void help(void)
" -L equivalent to `-O public-openssh'\n" " -L equivalent to `-O public-openssh'\n"
" -p equivalent to `-O public'\n" " -p equivalent to `-O public'\n"
" --dump equivalent to `-O text'\n" " --dump equivalent to `-O text'\n"
" --reencrypt load a key and save it with fresh "
"encryption\n"
" --old-passphrase file\n" " --old-passphrase file\n"
" specify file containing old key passphrase\n" " specify file containing old key passphrase\n"
" --new-passphrase file\n" " --new-passphrase file\n"
@ -211,7 +213,7 @@ int main(int argc, char **argv)
int bits = -1; int bits = -1;
const char *comment = NULL; const char *comment = NULL;
char *origcomment = NULL; char *origcomment = NULL;
bool change_passphrase = false; bool change_passphrase = false, reencrypt = false;
bool errs = false, nogo = false; bool errs = false, nogo = false;
int intype = SSH_KEYTYPE_UNOPENABLE; int intype = SSH_KEYTYPE_UNOPENABLE;
int sshver = 0; int sshver = 0;
@ -362,6 +364,8 @@ int main(int argc, char **argv)
} }
} else if (!strcmp(opt, "-strong-rsa")) { } else if (!strcmp(opt, "-strong-rsa")) {
strong_rsa = true; strong_rsa = true;
} else if (!strcmp(opt, "-reencrypt")) {
reencrypt = true;
} else { } else {
errs = true; errs = true;
fprintf(stderr, fprintf(stderr,
@ -680,7 +684,7 @@ int main(int argc, char **argv)
outfiletmp = dupcat(outfile, ".tmp"); outfiletmp = dupcat(outfile, ".tmp");
} }
if (!change_passphrase && !comment) { if (!change_passphrase && !comment && !reencrypt) {
fprintf(stderr, "puttygen: this command would perform no useful" fprintf(stderr, "puttygen: this command would perform no useful"
" action\n"); " action\n");
RETURN(1); RETURN(1);