-# $OpenBSD: sshsig.sh,v 1.4 2020/03/13 03:18:45 djm Exp $
+# $OpenBSD: sshsig.sh,v 1.5 2021/07/12 02:12:22 djm Exp $
# Placed in the Public Domain.
tid="sshsig"
sig_principal="user-$$@example.com"
# Make a "wrong key"
-${SSHKEYGEN} -t ed25519 -f $OBJ/wrong-key -C "wrong trousers, Grommit" -N '' \
+${SSHKEYGEN} -q -t ed25519 -f $OBJ/wrong-key \
+ -C "wrong trousers, Grommit" -N '' \
|| fatal "couldn't generate key"
WRONG=$OBJ/wrong-key.pub
# Make a CA key.
-${SSHKEYGEN} -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \
+${SSHKEYGEN} -q -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \
|| fatal "couldn't generate key"
CA_PRIV=$OBJ/sigca-key
CA_PUB=$OBJ/sigca-key.pub
< $DATA >/dev/null 2>&1 && \
fail "accepted signature for $t key, but key is in revoked_keys"
- # public key not revoked, but other are present in revoked_keysfile
+ # public key not revoked, but others are present in revoked_keysfile
cat $WRONG > $OBJ/revoked_keys
(printf "$sig_principal " ; cat $pubkey) > $OBJ/allowed_signers
${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
fail "failed signature for $t cert"
# signing key listed as cert-authority
- (printf "$sig_principal cert-authority" ;
+ (printf "$sig_principal cert-authority " ;
cat $pubkey) > $OBJ/allowed_signers
${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
-I $sig_principal -f $OBJ/allowed_signers \
fail "accepted signature for $t cert with CA not marked"
# mismatch between cert principal and file
- (printf "josef.k@example.com cert-authority" ;
+ (printf "josef.k@example.com cert-authority " ;
cat $CA_PUB) > $OBJ/allowed_signers
${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
-I $sig_principal -f $OBJ/allowed_signers \
projects / thirdparty / openssh-portable.git / commitdiff
