From 21626bdf77957d60631fe939fc00f77c4a429f75 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 15 Aug 2013 12:43:01 +0200
Subject: [PATCH] pki: Add support to encode public keys in SSH key format

---
 configure.ac               |  2 +-
 src/pki/commands/pub.c     |  2 +-
 src/pki/man/pki---pub.1.in |  5 +++--
 src/pki/pki.c              | 13 ++++++++++++-
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6af8b535d3..3dbeeccee0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1009,7 +1009,7 @@ ADD_PLUGIN([pkcs8],                [s charon openac scepclient pki scripts manag
 ADD_PLUGIN([pkcs12],               [s charon scepclient pki scripts cmd])
 ADD_PLUGIN([pgp],                  [s charon])
 ADD_PLUGIN([dnskey],               [s charon pki])
-ADD_PLUGIN([sshkey],               [s charon nm cmd])
+ADD_PLUGIN([sshkey],               [s charon pki nm cmd])
 ADD_PLUGIN([ipseckey],             [c charon])
 ADD_PLUGIN([pem],                  [s charon openac scepclient pki scripts manager medsrv attest nm cmd])
 ADD_PLUGIN([padlock],              [s charon])
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index 5a658afecb..d85ee9ff3e 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -158,7 +158,7 @@ static void __attribute__ ((constructor))reg()
 		pub, 'p', "pub",
 		"extract the public key from a private key/certificate",
 		{"[--in file|--keyid hex] [--type rsa|ecdsa|pkcs10|x509]",
-		 "[--outform der|pem|dnskey]"},
+		 "[--outform der|pem|dnskey|sshkey]"},
 		{
 			{"help",	'h', 0, "show usage information"},
 			{"in",		'i', 1, "input file, default: stdin"},
diff --git a/src/pki/man/pki---pub.1.in b/src/pki/man/pki---pub.1.in
index d588ae7328..a1b9b0ad41 100644
--- a/src/pki/man/pki---pub.1.in
+++ b/src/pki/man/pki---pub.1.in
@@ -53,7 +53,8 @@ certificate), defaults to \fIrsa\fR.
 .TP
 .BI "\-f, \-\-outform " encoding
 Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR
-(Base64 PEM), or \fIdnskey\fR (RFC 3110 DNS key), defaults to \fIder\fR.
+(Base64 PEM), \fIdnskey\fR (RFC 3110 DNS key), or \fIsshkey\fR (RFC 4253 SSH
+key), defaults to \fIder\fR.
 .
 .SH "EXAMPLES"
 .
@@ -72,4 +73,4 @@ Extract the public key from an X.509 certificate:
 .
 .SH "SEE ALSO"
 .
-.BR pki (1)
\ No newline at end of file
+.BR pki (1)
diff --git a/src/pki/pki.c b/src/pki/pki.c
index c3039a6491..ecc0702cdf 100644
--- a/src/pki/pki.c
+++ b/src/pki/pki.c
@@ -81,7 +81,18 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type)
 		switch (type)
 		{
 			case CRED_PUBLIC_KEY:
-				*enc =PUBKEY_DNSKEY;
+				*enc = PUBKEY_DNSKEY;
+				return TRUE;
+			default:
+				return FALSE;
+		}
+	}
+	else if (streq(form, "sshkey"))
+	{
+		switch (type)
+		{
+			case CRED_PUBLIC_KEY:
+				*enc = PUBKEY_SSHKEY;
 				return TRUE;
 			default:
 				return FALSE;
-- 
2.47.2