From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 17 Apr 2010 20:44:19 +0000 (-0400)
Subject: handling ssh fingerprinting internally with keytrans for sshfprs-for-userid
X-Git-Tag: monkeysphere_0.30~3
X-Git-Url: http://git.tremily.us/?p=monkeysphere.git;a=commitdiff_plain;h=f4d3bc45faeb18bf89313fbb446b1eee77501797

handling ssh fingerprinting internally with keytrans for sshfprs-for-userid
---

diff --git a/src/monkeysphere b/src/monkeysphere
index 121db36..8ce0c22 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -272,17 +272,7 @@ case $COMMAND in
 
     'sshfprs-for-userid')
 	CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
-        keytmpdir=$(msmktempdir)
-        # use a file named " " to avoid arbitrary non-whitespace text
-        # in the fingerprint output
-        keytmpfile="$keytmpdir/ "
-        cd "$keytmpdir"
-	keys_for_userid "$@" | while read KEYLINE ; do
-            printf '%s\n' "$KEYLINE" > "$keytmpdir/ "
-            ssh-keygen -l -f ' '
-        done
-        rm -f "$keytmpfile"
-        rmdir "$keytmpdir"
+	keys_for_userid "$@" | "$SYSSHAREDIR/keytrans" sshfpr
 	;;
 
     'keys-from-userid')
diff --git a/src/share/keytrans b/src/share/keytrans
index 33a6bc5..60eab55 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -210,6 +210,15 @@ sub simple_checksum {
   return unpack("%16C*",$bytes);
 }
 
+
+# calculate/print the fingerprint of an openssh-style keyblob:
+
+sub sshfpr {
+  my $keyblob = shift;
+  use Digest::MD5;
+  return join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5($keyblob))));
+}
+
 # calculate the multiplicative inverse of a mod b this is euclid's
 # extended algorithm.  For more information see:
 # http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the
@@ -1144,6 +1153,13 @@ for (basename($0)) {
 	binmode($instream, ":bytes");
         my $keys = getallprimarykeys($instream);
         printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys})));
+      } elsif (/^sshfpr$/) {
+        use MIME::Base64;
+        my $b64keyblob;
+        my $dummy;
+        while (($dummy,$b64keyblob) = split(/ /, <STDIN>)) {
+          printf("%s\n", sshfpr(decode_base64($b64keyblob)));
+        }
       } elsif (/^openpgp2sshfpr$/) {
         my $fpr = shift;
         my $instream;
@@ -1152,10 +1168,9 @@ for (basename($0)) {
         my $key = openpgp2rsa($instream, $fpr);
         if (defined($key)) {
           # openssh uses MD5 for key fingerprints:
-          use Digest::MD5;
           printf("%d %s %s\n",
                  $key->size() * 8, # size() is in bytes -- we want bits
-                 join(':', map({unpack("H*", $_)} split(//, Digest::MD5::md5(openssh_pubkey_pack($key))))),
+                 sshfpr(openssh_pubkey_pack($key)),
                  '(RSA)', # FIXME when we support other than RSA.
                 );
         } else {