From f4d3bc45faeb18bf89313fbb446b1eee77501797 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 17 Apr 2010 16:44:19 -0400 Subject: [PATCH] handling ssh fingerprinting internally with keytrans for sshfprs-for-userid --- src/monkeysphere | 12 +----------- src/share/keytrans | 19 +++++++++++++++++-- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/src/monkeysphere b/src/monkeysphere index 121db36..8ce0c22 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -272,17 +272,7 @@ case $COMMAND in 'sshfprs-for-userid') CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}} - keytmpdir=$(msmktempdir) - # use a file named " " to avoid arbitrary non-whitespace text - # in the fingerprint output - keytmpfile="$keytmpdir/ " - cd "$keytmpdir" - keys_for_userid "$@" | while read KEYLINE ; do - printf '%s\n' "$KEYLINE" > "$keytmpdir/ " - ssh-keygen -l -f ' ' - done - rm -f "$keytmpfile" - rmdir "$keytmpdir" + keys_for_userid "$@" | "$SYSSHAREDIR/keytrans" sshfpr ;; 'keys-from-userid') diff --git a/src/share/keytrans b/src/share/keytrans index 33a6bc5..60eab55 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -210,6 +210,15 @@ sub simple_checksum { return unpack("%16C*",$bytes); } + +# calculate/print the fingerprint of an openssh-style keyblob: + +sub sshfpr { + my $keyblob = shift; + use Digest::MD5; + return join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5($keyblob)))); +} + # calculate the multiplicative inverse of a mod b this is euclid's # extended algorithm. For more information see: # http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the @@ -1144,6 +1153,13 @@ for (basename($0)) { binmode($instream, ":bytes"); my $keys = getallprimarykeys($instream); printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys}))); + } elsif (/^sshfpr$/) { + use MIME::Base64; + my $b64keyblob; + my $dummy; + while (($dummy,$b64keyblob) = split(/ /, )) { + printf("%s\n", sshfpr(decode_base64($b64keyblob))); + } } elsif (/^openpgp2sshfpr$/) { my $fpr = shift; my $instream; @@ -1152,10 +1168,9 @@ for (basename($0)) { my $key = openpgp2rsa($instream, $fpr); if (defined($key)) { # openssh uses MD5 for key fingerprints: - use Digest::MD5; printf("%d %s %s\n", $key->size() * 8, # size() is in bytes -- we want bits - join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5(openssh_pubkey_pack($key))))), + sshfpr(openssh_pubkey_pack($key)), '(RSA)', # FIXME when we support other than RSA. ); } else { -- 2.26.2