handling ssh fingerprinting internally with keytrans for sshfprs-for-userid

diff --git a/src/monkeysphere b/src/monkeysphere
index 121db36ea7f0f7b47b0812666449336637859455..8ce0c2267a4b172f4bc818d45e461325979e35bf 100755 (executable)
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -272,17 +272,7 @@ case $COMMAND in
 
     'sshfprs-for-userid')
        CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
 
     'sshfprs-for-userid')
        CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}

-        keytmpdir=$(msmktempdir)
-        # use a file named " " to avoid arbitrary non-whitespace text
-        # in the fingerprint output
-        keytmpfile="$keytmpdir/ "
-        cd "$keytmpdir"
-       keys_for_userid "$@" | while read KEYLINE ; do
-            printf '%s\n' "$KEYLINE" > "$keytmpdir/ "
-            ssh-keygen -l -f ' '
-        done
-        rm -f "$keytmpfile"
-        rmdir "$keytmpdir"
+       keys_for_userid "$@" | "$SYSSHAREDIR/keytrans" sshfpr

        ;;
 
     'keys-from-userid')
        ;;
 
     'keys-from-userid')

diff --git a/src/share/keytrans b/src/share/keytrans
index 33a6bc52c60d700c30cbb209286a9a909196a7ff..60eab55aec0ed67e05273e8a99c2097e08be33c4 100755 (executable)
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -210,6 +210,15 @@ sub simple_checksum {
   return unpack("%16C*",$bytes);
 }
 
   return unpack("%16C*",$bytes);
 }
 

+
+# calculate/print the fingerprint of an openssh-style keyblob:
+
+sub sshfpr {
+  my $keyblob = shift;
+  use Digest::MD5;
+  return join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5($keyblob))));
+}
+

 # calculate the multiplicative inverse of a mod b this is euclid's
 # extended algorithm.  For more information see:
 # http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the
 # calculate the multiplicative inverse of a mod b this is euclid's
 # extended algorithm.  For more information see:
 # http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the


@@ -1144,6 +1153,13 @@ for (basename($0)) {
        binmode($instream, ":bytes");
         my $keys = getallprimarykeys($instream);
         printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys})));
        binmode($instream, ":bytes");
         my $keys = getallprimarykeys($instream);
         printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys})));

+      } elsif (/^sshfpr$/) {
+        use MIME::Base64;
+        my $b64keyblob;
+        my $dummy;
+        while (($dummy,$b64keyblob) = split(/ /, <STDIN>)) {
+          printf("%s\n", sshfpr(decode_base64($b64keyblob)));
+        }

       } elsif (/^openpgp2sshfpr$/) {
         my $fpr = shift;
         my $instream;
       } elsif (/^openpgp2sshfpr$/) {
         my $fpr = shift;
         my $instream;


@@ -1152,10 +1168,9 @@ for (basename($0)) {
         my $key = openpgp2rsa($instream, $fpr);
         if (defined($key)) {
           # openssh uses MD5 for key fingerprints:
         my $key = openpgp2rsa($instream, $fpr);
         if (defined($key)) {
           # openssh uses MD5 for key fingerprints:

-          use Digest::MD5;

           printf("%d %s %s\n",
                  $key->size() * 8, # size() is in bytes -- we want bits
           printf("%d %s %s\n",
                  $key->size() * 8, # size() is in bytes -- we want bits

-                 join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5(openssh_pubkey_pack($key))))),
+                 sshfpr(openssh_pubkey_pack($key)),

                  '(RSA)', # FIXME when we support other than RSA.
                 );
         } else {
                  '(RSA)', # FIXME when we support other than RSA.
                 );
         } else {