]>
Commit | Line | Data |
---|---|---|
852f4e06 SS |
1 | diff -up openssh-5.8p1/auth2-hostbased.c.fingerprint openssh-5.8p1/auth2-hostbased.c |
2 | --- openssh-5.8p1/auth2-hostbased.c.fingerprint 2010-08-05 05:04:50.000000000 +0200 | |
3 | +++ openssh-5.8p1/auth2-hostbased.c 2011-02-25 09:17:18.000000000 +0100 | |
4 | @@ -196,16 +196,18 @@ hostbased_key_allowed(struct passwd *pw, | |
5 | ||
6 | if (host_status == HOST_OK) { | |
7 | if (key_is_cert(key)) { | |
8 | - fp = key_fingerprint(key->cert->signature_key, | |
9 | - SSH_FP_MD5, SSH_FP_HEX); | |
10 | + fp = key_selected_fingerprint(key->cert->signature_key, | |
11 | + SSH_FP_HEX); | |
12 | verbose("Accepted certificate ID \"%s\" signed by " | |
13 | - "%s CA %s from %s@%s", key->cert->key_id, | |
14 | - key_type(key->cert->signature_key), fp, | |
15 | + "%s CA %s%s from %s@%s", key->cert->key_id, | |
16 | + key_type(key->cert->signature_key), | |
17 | + key_fingerprint_prefix(), fp, | |
18 | cuser, lookup); | |
19 | } else { | |
20 | - fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | |
21 | - verbose("Accepted %s public key %s from %s@%s", | |
22 | - key_type(key), fp, cuser, lookup); | |
23 | + fp = key_selected_fingerprint(key, SSH_FP_HEX); | |
24 | + verbose("Accepted %s public key %s%s from %s@%s", | |
25 | + key_type(key), key_fingerprint_prefix(), | |
26 | + fp, cuser, lookup); | |
27 | } | |
28 | xfree(fp); | |
29 | } | |
30 | diff -up openssh-5.8p1/auth2-pubkey.c.fingerprint openssh-5.8p1/auth2-pubkey.c | |
31 | --- openssh-5.8p1/auth2-pubkey.c.fingerprint 2010-12-01 01:50:14.000000000 +0100 | |
32 | +++ openssh-5.8p1/auth2-pubkey.c 2011-02-25 09:17:18.000000000 +0100 | |
33 | @@ -319,10 +319,10 @@ user_key_allowed2(struct passwd *pw, Key | |
34 | continue; | |
35 | if (!key_is_cert_authority) | |
36 | continue; | |
37 | - fp = key_fingerprint(found, SSH_FP_MD5, | |
38 | - SSH_FP_HEX); | |
39 | - debug("matching CA found: file %s, line %lu, %s %s", | |
40 | - file, linenum, key_type(found), fp); | |
41 | + fp = key_selected_fingerprint(found, SSH_FP_HEX); | |
42 | + debug("matching CA found: file %s, line %lu, %s %s%s", | |
43 | + file, linenum, key_type(found), | |
44 | + key_fingerprint_prefix(), fp); | |
45 | /* | |
46 | * If the user has specified a list of principals as | |
47 | * a key option, then prefer that list to matching | |
48 | @@ -362,9 +362,9 @@ user_key_allowed2(struct passwd *pw, Key | |
49 | found_key = 1; | |
50 | debug("matching key found: file %s, line %lu", | |
51 | file, linenum); | |
52 | - fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); | |
53 | - verbose("Found matching %s key: %s", | |
54 | - key_type(found), fp); | |
55 | + fp = key_selected_fingerprint(found, SSH_FP_HEX); | |
56 | + verbose("Found matching %s key: %s%s", | |
57 | + key_type(found), key_fingerprint_prefix(), fp); | |
58 | xfree(fp); | |
59 | break; | |
60 | } | |
61 | @@ -388,13 +388,13 @@ user_cert_trusted_ca(struct passwd *pw, | |
62 | if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) | |
63 | return 0; | |
64 | ||
65 | - ca_fp = key_fingerprint(key->cert->signature_key, | |
66 | - SSH_FP_MD5, SSH_FP_HEX); | |
67 | + ca_fp = key_selected_fingerprint(key->cert->signature_key, SSH_FP_HEX); | |
68 | ||
69 | if (key_in_file(key->cert->signature_key, | |
70 | options.trusted_user_ca_keys, 1) != 1) { | |
71 | - debug2("%s: CA %s %s is not listed in %s", __func__, | |
72 | - key_type(key->cert->signature_key), ca_fp, | |
73 | + debug2("%s: CA %s%s %s is not listed in %s", __func__, | |
74 | + key_type(key->cert->signature_key), | |
75 | + key_fingerprint_prefix(), ca_fp, | |
76 | options.trusted_user_ca_keys); | |
77 | goto out; | |
78 | } | |
79 | diff -up openssh-5.8p1/auth.c.fingerprint openssh-5.8p1/auth.c | |
80 | --- openssh-5.8p1/auth.c.fingerprint 2010-12-01 02:21:51.000000000 +0100 | |
81 | +++ openssh-5.8p1/auth.c 2011-02-25 09:17:18.000000000 +0100 | |
82 | @@ -639,9 +639,10 @@ auth_key_is_revoked(Key *key) | |
83 | return 1; | |
84 | case 1: | |
85 | /* Key revoked */ | |
86 | - key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | |
87 | + key_fp = key_selected_fingerprint(key, SSH_FP_HEX); | |
88 | error("WARNING: authentication attempt with a revoked " | |
89 | - "%s key %s ", key_type(key), key_fp); | |
90 | + "%s key %s%s ", key_type(key), | |
91 | + key_fingerprint_prefix(), key_fp); | |
92 | xfree(key_fp); | |
93 | return 1; | |
94 | } | |
95 | diff -up openssh-5.8p1/auth-rsa.c.fingerprint openssh-5.8p1/auth-rsa.c | |
96 | --- openssh-5.8p1/auth-rsa.c.fingerprint 2010-12-04 23:01:47.000000000 +0100 | |
97 | +++ openssh-5.8p1/auth-rsa.c 2011-02-25 09:17:18.000000000 +0100 | |
98 | @@ -318,9 +318,9 @@ auth_rsa(Authctxt *authctxt, BIGNUM *cli | |
99 | * options; this will be reset if the options cause the | |
100 | * authentication to be rejected. | |
101 | */ | |
102 | - fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | |
103 | - verbose("Found matching %s key: %s", | |
104 | - key_type(key), fp); | |
105 | + fp = key_selected_fingerprint(key, SSH_FP_HEX); | |
106 | + verbose("Found matching %s key: %s%s", | |
107 | + key_type(key), key_fingerprint_prefix(), fp); | |
108 | xfree(fp); | |
109 | key_free(key); | |
110 | ||
111 | diff -up openssh-5.8p1/key.c.fingerprint openssh-5.8p1/key.c | |
112 | --- openssh-5.8p1/key.c.fingerprint 2011-02-04 01:48:34.000000000 +0100 | |
113 | +++ openssh-5.8p1/key.c 2011-02-25 09:18:16.000000000 +0100 | |
114 | @@ -594,6 +594,34 @@ key_fingerprint(Key *k, enum fp_type dgs | |
115 | return retval; | |
116 | } | |
117 | ||
118 | +enum fp_type | |
119 | +key_fingerprint_selection(void) | |
120 | +{ | |
121 | + static enum fp_type rv; | |
122 | + static char rv_defined = 0; | |
123 | + char *env; | |
124 | + | |
125 | + if (!rv_defined) { | |
126 | + env = getenv("SSH_FINGERPRINT_TYPE"); | |
127 | + rv = (env && !strcmp (env, "sha")) ? | |
128 | + SSH_FP_SHA1 : SSH_FP_MD5; | |
129 | + rv_defined = 1; | |
130 | + } | |
131 | + return rv; | |
132 | +} | |
133 | + | |
134 | +char * | |
135 | +key_selected_fingerprint(Key *k, enum fp_rep dgst_rep) | |
136 | +{ | |
137 | + return key_fingerprint(k, key_fingerprint_selection(), dgst_rep); | |
138 | +} | |
139 | + | |
140 | +char * | |
141 | +key_fingerprint_prefix(void) | |
142 | +{ | |
143 | + return key_fingerprint_selection() == SSH_FP_SHA1 ? "sha1:" : ""; | |
144 | +} | |
145 | + | |
146 | /* | |
147 | * Reads a multiple-precision integer in decimal from the buffer, and advances | |
148 | * the pointer. The integer must already be initialized. This function is | |
149 | diff -up openssh-5.8p1/key.h.fingerprint openssh-5.8p1/key.h | |
150 | --- openssh-5.8p1/key.h.fingerprint 2010-11-05 00:19:49.000000000 +0100 | |
151 | +++ openssh-5.8p1/key.h 2011-02-25 09:17:18.000000000 +0100 | |
152 | @@ -96,6 +96,9 @@ int key_equal_public(const Key *, cons | |
153 | int key_equal(const Key *, const Key *); | |
154 | char *key_fingerprint(Key *, enum fp_type, enum fp_rep); | |
155 | u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); | |
156 | +enum fp_type key_fingerprint_selection(void); | |
157 | +char *key_selected_fingerprint(Key *, enum fp_rep); | |
158 | +char *key_fingerprint_prefix(void); | |
159 | const char *key_type(const Key *); | |
160 | const char *key_cert_type(const Key *); | |
161 | int key_write(const Key *, FILE *); | |
162 | diff -up openssh-5.8p1/ssh-add.c.fingerprint openssh-5.8p1/ssh-add.c | |
163 | --- openssh-5.8p1/ssh-add.c.fingerprint 2010-11-11 04:17:02.000000000 +0100 | |
164 | +++ openssh-5.8p1/ssh-add.c 2011-02-25 09:17:18.000000000 +0100 | |
165 | @@ -280,10 +280,10 @@ list_identities(AuthenticationConnection | |
166 | key = ssh_get_next_identity(ac, &comment, version)) { | |
167 | had_identities = 1; | |
168 | if (do_fp) { | |
169 | - fp = key_fingerprint(key, SSH_FP_MD5, | |
170 | - SSH_FP_HEX); | |
171 | - printf("%d %s %s (%s)\n", | |
172 | - key_size(key), fp, comment, key_type(key)); | |
173 | + fp = key_selected_fingerprint(key, SSH_FP_HEX); | |
174 | + printf("%d %s%s %s (%s)\n", | |
175 | + key_size(key), key_fingerprint_prefix(), | |
176 | + fp, comment, key_type(key)); | |
177 | xfree(fp); | |
178 | } else { | |
179 | if (!key_write(key, stdout)) | |
180 | diff -up openssh-5.8p1/ssh-agent.c.fingerprint openssh-5.8p1/ssh-agent.c | |
181 | --- openssh-5.8p1/ssh-agent.c.fingerprint 2010-12-01 01:50:35.000000000 +0100 | |
182 | +++ openssh-5.8p1/ssh-agent.c 2011-02-25 09:17:18.000000000 +0100 | |
183 | @@ -199,9 +199,9 @@ confirm_key(Identity *id) | |
184 | char *p; | |
185 | int ret = -1; | |
186 | ||
187 | - p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); | |
188 | - if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", | |
189 | - id->comment, p)) | |
190 | + p = key_selected_fingerprint(id->key, SSH_FP_HEX); | |
191 | + if (ask_permission("Allow use of key %s?\nKey fingerprint %s%s.", | |
192 | + id->comment, key_fingerprint_prefix(), p)) | |
193 | ret = 0; | |
194 | xfree(p); | |
195 | ||
196 | diff -up openssh-5.8p1/sshconnect2.c.fingerprint openssh-5.8p1/sshconnect2.c | |
197 | --- openssh-5.8p1/sshconnect2.c.fingerprint 2010-12-01 02:21:51.000000000 +0100 | |
198 | +++ openssh-5.8p1/sshconnect2.c 2011-02-25 09:17:18.000000000 +0100 | |
199 | @@ -590,8 +590,9 @@ input_userauth_pk_ok(int type, u_int32_t | |
200 | key->type, pktype); | |
201 | goto done; | |
202 | } | |
203 | - fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | |
204 | - debug2("input_userauth_pk_ok: fp %s", fp); | |
205 | + fp = key_selected_fingerprint(key, SSH_FP_HEX); | |
206 | + debug2("input_userauth_pk_ok: fp %s%s", | |
207 | + key_fingerprint_prefix(), fp); | |
208 | xfree(fp); | |
209 | ||
210 | /* | |
211 | @@ -1203,8 +1204,9 @@ sign_and_send_pubkey(Authctxt *authctxt, | |
212 | int have_sig = 1; | |
213 | char *fp; | |
214 | ||
215 | - fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); | |
216 | - debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); | |
217 | + fp = key_selected_fingerprint(id->key, SSH_FP_HEX); | |
218 | + debug3("sign_and_send_pubkey: %s %s%s", key_type(id->key), | |
219 | + key_fingerprint_prefix(), fp); | |
220 | xfree(fp); | |
221 | ||
222 | if (key_to_blob(id->key, &blob, &bloblen) == 0) { | |
223 | diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c | |
224 | --- openssh-5.8p1/sshconnect.c.fingerprint 2011-01-16 13:17:59.000000000 +0100 | |
225 | +++ openssh-5.8p1/sshconnect.c 2011-02-25 09:17:18.000000000 +0100 | |
226 | @@ -798,10 +798,10 @@ check_host_key(char *hostname, struct so | |
227 | "key for IP address '%.128s' to the list " | |
228 | "of known hosts.", type, ip); | |
229 | } else if (options.visual_host_key) { | |
230 | - fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | |
231 | - ra = key_fingerprint(host_key, SSH_FP_MD5, | |
232 | - SSH_FP_RANDOMART); | |
233 | - logit("Host key fingerprint is %s\n%s\n", fp, ra); | |
234 | + fp = key_selected_fingerprint(host_key, SSH_FP_HEX); | |
235 | + ra = key_selected_fingerprint(host_key, SSH_FP_RANDOMART); | |
236 | + logit("Host key fingerprint is %s%s\n%s\n", | |
237 | + key_fingerprint_prefix(), fp, ra); | |
238 | xfree(ra); | |
239 | xfree(fp); | |
240 | } | |
241 | @@ -838,9 +838,8 @@ check_host_key(char *hostname, struct so | |
242 | else | |
243 | snprintf(msg1, sizeof(msg1), "."); | |
244 | /* The default */ | |
245 | - fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | |
246 | - ra = key_fingerprint(host_key, SSH_FP_MD5, | |
247 | - SSH_FP_RANDOMART); | |
248 | + fp = key_selected_fingerprint(host_key, SSH_FP_HEX); | |
249 | + ra = key_selected_fingerprint(host_key, SSH_FP_RANDOMART); | |
250 | msg2[0] = '\0'; | |
251 | if (options.verify_host_key_dns) { | |
252 | if (matching_host_key_dns) | |
253 | @@ -855,10 +854,11 @@ check_host_key(char *hostname, struct so | |
254 | snprintf(msg, sizeof(msg), | |
255 | "The authenticity of host '%.200s (%s)' can't be " | |
256 | "established%s\n" | |
257 | - "%s key fingerprint is %s.%s%s\n%s" | |
258 | + "%s key fingerprint is %s%s.%s%s\n%s" | |
259 | "Are you sure you want to continue connecting " | |
260 | "(yes/no)? ", | |
261 | - host, ip, msg1, type, fp, | |
262 | + host, ip, msg1, type, | |
263 | + key_fingerprint_prefix(), fp, | |
264 | options.visual_host_key ? "\n" : "", | |
265 | options.visual_host_key ? ra : "", | |
266 | msg2); | |
267 | @@ -1104,8 +1104,9 @@ verify_host_key(char *host, struct socka | |
268 | int flags = 0; | |
269 | char *fp; | |
270 | ||
271 | - fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | |
272 | - debug("Server host key: %s %s", key_type(host_key), fp); | |
273 | + fp = key_selected_fingerprint(host_key, SSH_FP_HEX); | |
274 | + debug("Server host key: %s %s%s", key_type(host_key), | |
275 | + key_fingerprint_prefix(), fp); | |
276 | xfree(fp); | |
277 | ||
278 | /* XXX certs are not yet supported for DNS */ | |
279 | @@ -1214,14 +1215,15 @@ show_other_keys(struct hostkeys *hostkey | |
280 | continue; | |
281 | if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)) | |
282 | continue; | |
283 | - fp = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_HEX); | |
284 | - ra = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_RANDOMART); | |
285 | + fp = key_selected_fingerprint(found->key, SSH_FP_HEX); | |
286 | + ra = key_selected_fingerprint(found->key, SSH_FP_RANDOMART); | |
287 | logit("WARNING: %s key found for host %s\n" | |
288 | "in %s:%lu\n" | |
289 | - "%s key fingerprint %s.", | |
290 | + "%s key fingerprint %s%s.", | |
291 | key_type(found->key), | |
292 | found->host, found->file, found->line, | |
293 | - key_type(found->key), fp); | |
294 | + key_type(found->key), | |
295 | + key_fingerprint_prefix(), fp); | |
296 | if (options.visual_host_key) | |
297 | logit("%s", ra); | |
298 | xfree(ra); | |
299 | @@ -1236,7 +1238,7 @@ warn_changed_key(Key *host_key) | |
300 | { | |
301 | char *fp; | |
302 | ||
303 | - fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | |
304 | + fp = key_selected_fingerprint(host_key, SSH_FP_HEX); | |
305 | ||
306 | error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); | |
307 | error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); | |
308 | @@ -1244,8 +1246,8 @@ warn_changed_key(Key *host_key) | |
309 | error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); | |
310 | error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); | |
311 | error("It is also possible that a host key has just been changed."); | |
312 | - error("The fingerprint for the %s key sent by the remote host is\n%s.", | |
313 | - key_type(host_key), fp); | |
314 | + error("The fingerprint for the %s key sent by the remote host is\n%s%s.", | |
315 | + key_type(host_key),key_fingerprint_prefix(), fp); | |
316 | error("Please contact your system administrator."); | |
317 | ||
318 | xfree(fp); | |
319 | diff -up openssh-5.8p1/ssh-keygen.c.fingerprint openssh-5.8p1/ssh-keygen.c | |
320 | --- openssh-5.8p1/ssh-keygen.c.fingerprint 2011-01-11 07:20:31.000000000 +0100 | |
321 | +++ openssh-5.8p1/ssh-keygen.c 2011-02-25 09:17:18.000000000 +0100 | |
322 | @@ -714,13 +714,14 @@ do_fingerprint(struct passwd *pw) | |
323 | { | |
324 | FILE *f; | |
325 | Key *public; | |
326 | - char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra; | |
327 | + char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra, *pfx; | |
328 | int i, skip = 0, num = 0, invalid = 1; | |
329 | enum fp_rep rep; | |
330 | enum fp_type fptype; | |
331 | struct stat st; | |
332 | ||
333 | - fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; | |
334 | + fptype = print_bubblebabble ? SSH_FP_SHA1 : key_fingerprint_selection(); | |
335 | + pfx = print_bubblebabble ? "" : key_fingerprint_prefix(); | |
336 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; | |
337 | ||
338 | if (!have_identity) | |
339 | @@ -732,8 +733,8 @@ do_fingerprint(struct passwd *pw) | |
340 | public = key_load_public(identity_file, &comment); | |
341 | if (public != NULL) { | |
342 | fp = key_fingerprint(public, fptype, rep); | |
343 | - ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); | |
344 | - printf("%u %s %s (%s)\n", key_size(public), fp, comment, | |
345 | + ra = key_selected_fingerprint(public, SSH_FP_RANDOMART); | |
346 | + printf("%u %s%s %s (%s)\n", key_size(public), pfx, fp, comment, | |
347 | key_type(public)); | |
348 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | |
349 | printf("%s\n", ra); | |
350 | @@ -798,8 +799,8 @@ do_fingerprint(struct passwd *pw) | |
351 | } | |
352 | comment = *cp ? cp : comment; | |
353 | fp = key_fingerprint(public, fptype, rep); | |
354 | - ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); | |
355 | - printf("%u %s %s (%s)\n", key_size(public), fp, | |
356 | + ra = key_selected_fingerprint(public, SSH_FP_RANDOMART); | |
357 | + printf("%u %s%s %s (%s)\n", key_size(public), pfx, fp, | |
358 | comment ? comment : "no comment", key_type(public)); | |
359 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | |
360 | printf("%s\n", ra); | |
361 | @@ -823,13 +824,15 @@ printhost(FILE *f, const char *name, Key | |
362 | if (print_fingerprint) { | |
363 | enum fp_rep rep; | |
364 | enum fp_type fptype; | |
365 | - char *fp, *ra; | |
366 | + char *fp, *ra, *pfx; | |
367 | ||
368 | - fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; | |
369 | + fptype = print_bubblebabble ? SSH_FP_SHA1 : key_fingerprint_selection(); | |
370 | + pfx = print_bubblebabble ? "" : key_fingerprint_prefix(); | |
371 | rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; | |
372 | + | |
373 | fp = key_fingerprint(public, fptype, rep); | |
374 | - ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); | |
375 | - printf("%u %s %s (%s)\n", key_size(public), fp, name, | |
376 | + ra = key_selected_fingerprint(public, SSH_FP_RANDOMART); | |
377 | + printf("%u %s%s %s (%s)\n", key_size(public), pfx, fp, name, | |
378 | key_type(public)); | |
379 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | |
380 | printf("%s\n", ra); | |
381 | @@ -1695,16 +1698,17 @@ do_show_cert(struct passwd *pw) | |
382 | fatal("%s is not a certificate", identity_file); | |
383 | v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00; | |
384 | ||
385 | - key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | |
386 | - ca_fp = key_fingerprint(key->cert->signature_key, | |
387 | - SSH_FP_MD5, SSH_FP_HEX); | |
388 | + key_fp = key_selected_fingerprint(key, SSH_FP_HEX); | |
389 | + ca_fp = key_selected_fingerprint(key->cert->signature_key, SSH_FP_HEX); | |
390 | ||
391 | printf("%s:\n", identity_file); | |
392 | printf(" Type: %s %s certificate\n", key_ssh_name(key), | |
393 | key_cert_type(key)); | |
394 | - printf(" Public key: %s %s\n", key_type(key), key_fp); | |
395 | - printf(" Signing CA: %s %s\n", | |
396 | - key_type(key->cert->signature_key), ca_fp); | |
397 | + printf(" Public key: %s %s%s\n", key_type(key), | |
398 | + key_fingerprint_prefix(), key_fp); | |
399 | + printf(" Signing CA: %s %s%s\n", | |
400 | + key_type(key->cert->signature_key), | |
401 | + key_fingerprint_prefix(), ca_fp); | |
402 | printf(" Key ID: \"%s\"\n", key->cert->key_id); | |
403 | if (!v00) { | |
404 | printf(" Serial: %llu\n", | |
405 | @@ -2249,13 +2253,12 @@ passphrase_again: | |
406 | fclose(f); | |
407 | ||
408 | if (!quiet) { | |
409 | - char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); | |
410 | - char *ra = key_fingerprint(public, SSH_FP_MD5, | |
411 | - SSH_FP_RANDOMART); | |
412 | + char *fp = key_selected_fingerprint(public, SSH_FP_HEX); | |
413 | + char *ra = key_selected_fingerprint(public, SSH_FP_RANDOMART); | |
414 | printf("Your public key has been saved in %s.\n", | |
415 | identity_file); | |
416 | printf("The key fingerprint is:\n"); | |
417 | - printf("%s %s\n", fp, comment); | |
418 | + printf("%s%s %s\n", key_fingerprint_prefix(), fp, comment); | |
419 | printf("The key's randomart image is:\n"); | |
420 | printf("%s\n", ra); | |
421 | xfree(ra); |