-.\" $OpenBSD: ssh-keygen.1,v 1.215 2021/07/23 06:01:17 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.216 2021/08/11 08:54:17 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 23 2021 $
+.Dd $Mdocdate: August 11 2021 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
.Fl Y
flag, the following options are accepted:
.Bl -tag -width Ds
+.It Cm print-pubkey
+Print the full public key to standard output after signature verification.
.It Cm verify-time Ns = Ns Ar timestamp
Specifies a time to use when validating signatures instead of the current
time.
-/* $OpenBSD: ssh-keygen.c,v 1.434 2021/07/24 02:51:14 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.435 2021/08/11 08:54:17 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
}
static int
-sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep)
+sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep,
+ int *print_pubkey)
{
size_t i;
time_t now;
*verify_timep = 0;
+ *print_pubkey = 0;
for (i = 0; i < nopts; i++) {
if (strncasecmp(opts[i], "verify-time=", 12) == 0) {
if (parse_absolute_time(opts[i] + 12,
error("Invalid \"verify-time\" option");
return SSH_ERR_INVALID_ARGUMENT;
}
+ } else if (print_pubkey &&
+ strcasecmp(opts[i], "print-pubkey") == 0) {
+ *print_pubkey = 1;
} else {
error("Invalid option \"%s\"", opts[i]);
return SSH_ERR_INVALID_ARGUMENT;
char * const *opts, size_t nopts)
{
int r, ret = -1;
+ int print_pubkey = 0;
struct sshbuf *sigbuf = NULL, *abuf = NULL;
struct sshkey *sign_key = NULL;
char *fp = NULL;
struct sshkey_sig_details *sig_details = NULL;
uint64_t verify_time = 0;
- if (sig_process_opts(opts, nopts, &verify_time) != 0)
+ if (sig_process_opts(opts, nopts, &verify_time, &print_pubkey) != 0)
goto done; /* error already logged */
memset(&sig_details, 0, sizeof(sig_details));
printf("Could not verify signature.\n");
}
}
+ /* Print the signature key if requested */
+ if (ret == 0 && print_pubkey && sign_key != NULL) {
+ if ((r = sshkey_write(sign_key, stdout)) == 0)
+ fputc('\n', stdout);
+ else {
+ error_r(r, "Could not print public key.\n");
+ ret = -1;
+ }
+ }
sshbuf_free(sigbuf);
sshbuf_free(abuf);
sshkey_free(sign_key);
char *principals = NULL, *cp, *tmp;
uint64_t verify_time = 0;
- if (sig_process_opts(opts, nopts, &verify_time) != 0)
+ if (sig_process_opts(opts, nopts, &verify_time, NULL) != 0)
goto done; /* error already logged */
if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
projects / thirdparty / openssh-portable.git / commitdiff
