On 25.02.19 09:57, Jakub Jelen wrote:
> On Sun, 2019-02-24 at 18:38 +0100, g4-l...@tonarchiv.ch wrote:
>> ... which IMHO does not make much sense:
>>
>> #define OPENSSH_HEADER_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----"
>>
>> So if we import a public key this code block will never be used:
>>
>> /* Test for new OpenSSH key format first */
>> cmp = strncmp(key_buf, OPENSSH_HEADER_BEGIN,
>> strlen(OPENSSH_HEADER_BEGIN));
>> if (cmp == 0) {
>> *pkey = ssh_pki_openssh_pubkey_import(key_buf);
>> SAFE_FREE(key_buf);
>> if (*pkey == NULL) {
>> SSH_LOG(SSH_LOG_WARN, "Failed to import public key from
>> OpenSSH"
>> " private key file");
>> return SSH_ERROR;
>> }
>> return SSH_OK;
>> }
>>
>> Or am I missing something here?
> This code is used to import public key from the OpenSSH private key
> container [1]. This new format has advantage, that it has the public
> key unencrypted unlike the old PEM files, which can be handy.
>
> [1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD
Thank you for the explanation. Actually it's clear when I read the
warning log on failure... But I couldn't find any key sample which
starts with BEGIN OPENSSH PRIVATE KEY but also contains a public key.
Cheers,
Till
