Bugzilla – Attachment 193 Details for
Bug 459
ssh-keygen doesn't know how to export private keys
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
A quick hack to export unencrypted private keys
ssh-keygen.c.patch (text/plain), 5.13 KB, created by
Antti Tapaninen
on 2003-01-05 09:56:55 AEDT
(
hide
)
Description:
A quick hack to export unencrypted private keys
Filename:
MIME Type:
Creator:
Antti Tapaninen
Created:
2003-01-05 09:56:55 AEDT
Size:
5.13 KB
patch
obsolete
>Index: ssh-keygen.c >=================================================================== >RCS file: /cvs/openssh/ssh-keygen.c,v >retrieving revision 1.102 >diff -u -r1.102 ssh-keygen.c >--- ssh-keygen.c 23 Dec 2002 02:11:03 -0000 1.102 >+++ ssh-keygen.c 4 Jan 2003 22:45:43 -0000 >@@ -24,6 +24,7 @@ > #include "uuencode.h" > #include "buffer.h" > #include "bufaux.h" >+#include "getput.h" > #include "pathnames.h" > #include "log.h" > #include "readpass.h" >@@ -141,8 +142,115 @@ > #define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----" > #define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----" > #define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----" >+#define SSH_COM_PRIVATE_END "---- END SSH2 ENCRYPTED PRIVATE KEY ----" > #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb > >+void >+buffer_put_bignum_bits(Buffer *buffer, BIGNUM *value) >+{ >+ int bits = BN_num_bits(value), bytes = BN_num_bytes(value); >+ u_char *buf = xmalloc(bytes+1); >+ int oi; >+ >+ buf[0] = '\0'; >+ /* Get the value of in binary */ >+ oi = BN_bn2bin(value, buf+1); >+ if (oi != bytes) >+ fatal("buffer_put_bignum_bits: BN_bn2bin() failed: oi %d != bin_size %d", >+ oi, bytes); >+ if (value->neg) { >+ /**XXX should be two's-complement */ >+ int i, carry; >+ u_char *uc = buf; >+ log("negativ!"); >+ for (i = bytes, carry = 1; i>=0; i--) { >+ uc[i] ^= 0xff; >+ if (carry) >+ carry = !++uc[i]; >+ } >+ } >+ buffer_put_int(buffer, bits); >+ buffer_append(buffer, buf+1, bytes); >+ memset(buf, 0, bytes); >+ xfree(buf); >+} >+ >+/* A quick hack to export unencrypted private keys. <aet@cc.hut.fi> */ >+ >+void do_convert_private_key_to_ssh2_key(Key *key) >+{ >+ Buffer b, encrypted; >+ u_char *type = NULL, *cipher = NULL, *ptr = NULL; >+ u_int h1, h2, h3, h4; >+ u_int h1p, h2p, h3p; >+ u_long e; >+ >+ h1 = 0; >+ h2 = 8; >+ h3 = 4; >+ cipher = "none"; >+ >+ switch (key->type) { >+ case KEY_DSA: >+ type = "dl-modp{sign{dsa-nist-sha1},dh{plain}}"; >+ h4 = 0; >+ break; >+ case KEY_RSA: >+ type = "if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}"; >+ h4 = 17; >+ break; >+ default: >+ return; >+ } >+ >+ buffer_init(&b); >+ buffer_put_int(&b, (u_int) SSH_COM_PRIVATE_KEY_MAGIC); >+ h1p = buffer_len(&b); >+ buffer_put_int(&b, h1); >+ buffer_put_string(&b, type, strlen(type)); >+ buffer_put_string(&b, cipher, strlen(cipher)); >+ h2p = buffer_len(&b); >+ buffer_put_int(&b, h2); >+ h3p = buffer_len(&b); >+ buffer_put_int(&b, h3); >+ buffer_put_int(&b, h4); >+ >+ buffer_init(&encrypted); >+ switch (key->type) { >+ case KEY_DSA: >+ buffer_put_bignum_bits(&encrypted, key->dsa->p); >+ buffer_put_bignum_bits(&encrypted, key->dsa->g); >+ buffer_put_bignum_bits(&encrypted, key->dsa->q); >+ buffer_put_bignum_bits(&encrypted, key->dsa->pub_key); >+ buffer_put_bignum_bits(&encrypted, key->dsa->priv_key); >+ break; >+ case KEY_RSA: >+ e = BN_get_word(key->rsa->e); >+ buffer_put_char(&encrypted, e >> 0); >+ buffer_put_char(&encrypted, e >> 8); >+ buffer_put_char(&encrypted, e >> 16); >+ buffer_put_bignum_bits(&encrypted, key->rsa->d); >+ buffer_put_bignum_bits(&encrypted, key->rsa->n); >+ buffer_put_bignum_bits(&encrypted, key->rsa->iqmp); >+ buffer_put_bignum_bits(&encrypted, key->rsa->q); >+ buffer_put_bignum_bits(&encrypted, key->rsa->p); >+ break; >+ } >+ buffer_append(&b, buffer_ptr(&encrypted), buffer_len(&encrypted)); >+ >+ ptr = buffer_ptr(&b); >+ h1 = buffer_len(&b); >+ PUT_32BIT(ptr + h1p, h1); >+ h2 += buffer_len(&encrypted); >+ PUT_32BIT(ptr + h2p, h2); >+ h3 += buffer_len(&encrypted); >+ PUT_32BIT(ptr + h3p, h3); >+ >+ dump_base64(stdout, b.buf, b.end); >+ buffer_free(&encrypted); >+ buffer_free(&b); >+} >+ > static void > do_convert_to_ssh2(struct passwd *pw) > { >@@ -150,6 +258,7 @@ > u_int len; > u_char *blob; > struct stat st; >+ int private; > > if (!have_identity) > ask_filename(pw, "Enter file in which the key is"); >@@ -157,25 +266,31 @@ > perror(identity_file); > exit(1); > } >- if ((k = key_load_public(identity_file, NULL)) == NULL) { >- if ((k = load_identity(identity_file)) == NULL) { >+ private = 1; >+ if ((k = load_identity(identity_file)) == NULL) { >+ private = 0; >+ if ((k = key_load_public(identity_file, NULL)) == NULL) { > fprintf(stderr, "load failed\n"); > exit(1); > } >+ if (key_to_blob(k, &blob, &len) <= 0) { >+ fprintf(stderr, "key_to_blob failed\n"); >+ exit(1); >+ } > } >- if (key_to_blob(k, &blob, &len) <= 0) { >- fprintf(stderr, "key_to_blob failed\n"); >- exit(1); >- } >- fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN); >+ fprintf(stdout, "%s\n", private ? SSH_COM_PRIVATE_BEGIN : SSH_COM_PUBLIC_BEGIN); > fprintf(stdout, > "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n", > key_size(k), key_type(k), > pw->pw_name, hostname); >- dump_base64(stdout, blob, len); >- fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); >+ if (private) { >+ do_convert_private_key_to_ssh2_key(k); >+ } else { >+ dump_base64(stdout, blob, len); >+ xfree(blob); >+ } >+ fprintf(stdout, "%s\n", private ? SSH_COM_PRIVATE_END : SSH_COM_PUBLIC_END); > key_free(k); >- xfree(blob); > exit(0); > } > >@@ -214,7 +329,9 @@ > } > i1 = buffer_get_int(&b); > type = buffer_get_string(&b, NULL); >+ debug("type: %s", type); > cipher = buffer_get_string(&b, NULL); >+ debug("cipher: %s", cipher); > i2 = buffer_get_int(&b); > i3 = buffer_get_int(&b); > i4 = buffer_get_int(&b);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 459
: 193