summaryrefslogtreecommitdiff
path: root/sshkey.h
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2019-07-15 13:16:29 +0000
committerDamien Miller <djm@mindrot.org>2019-07-15 23:21:18 +1000
commiteb0d8e708a1f958aecd2d6e2ff2450af488d4c2a (patch)
treec5b7686e1e200aac6f3a742c7b15ed30a2c05067 /sshkey.h
parente18a27eedccb024acb3cd9820b650a5dff323f01 (diff)
upstream: support PKCS8 as an optional format for storage of
private keys, enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
Diffstat (limited to 'sshkey.h')
-rw-r--r--sshkey.h11
1 files changed, 9 insertions, 2 deletions
diff --git a/sshkey.h b/sshkey.h
index 41d159a1..d30a69cc 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.32 2019/06/21 04:21:05 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.33 2019/07/15 13:16:29 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -88,6 +88,13 @@ enum sshkey_serialize_rep {
SSHKEY_SERIALIZE_INFO = 254,
};
+/* Private key disk formats */
+enum sshkey_private_format {
+ SSHKEY_PRIVATE_OPENSSH = 0,
+ SSHKEY_PRIVATE_PEM = 1,
+ SSHKEY_PRIVATE_PKCS8 = 2,
+};
+
/* key is stored in external hardware */
#define SSHKEY_FLAG_EXT 0x0001
@@ -221,7 +228,7 @@ int sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **keyp);
/* private key file format parsing and serialisation */
int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
const char *passphrase, const char *comment,
- int force_new_format, const char *new_format_cipher, int new_format_rounds);
+ int format, const char *openssh_format_cipher, int openssh_format_rounds);
int sshkey_parse_private_fileblob(struct sshbuf *buffer,
const char *passphrase, struct sshkey **keyp, char **commentp);
int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,