[PATCH] ssh: update certificate support

Werner Koch wk at gnupg.org
Mon Apr 19 13:14:36 CEST 2021

On Sun, 18 Apr 2021 17:02, Igor Okulist said:
> +  if (0 == strcmp(spec.ssh_identifier, "ssh-rsa-cert-v01 at openssh.com"))

Don't do this.  Use this pattern:

  if (!strcmp(spec.ssh_identifier, "ssh-rsa-cert-v01 at openssh.com"))

> +        "(private-key "
> +        " (rsa (n %m) (e %m) (d %m) (p %m) (q %m) (u %m) )"
> +        " (comment %s)"
> +        " (key-type %s)"
> +        " (certificate %s)"

That is never going to fly.  The "certificate" and other new items are
nothing we want as the part of a private key.  See keyformat.txt on how
to add meta information to a key.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210419/180d0138/attachment.sig>

More information about the Gnupg-devel mailing list