[PATCH] ssh: update certificate support
Igor Okulist
okigan at gmail.com
Wed Apr 21 02:15:00 CEST 2021
On Mon, Apr 19, 2021 at 4:15 AM Werner Koch <wk at gnupg.org> wrote:
>
> On Sun, 18 Apr 2021 17:02, Igor Okulist said:
> > + if (0 == strcmp(spec.ssh_identifier, "ssh-rsa-cert-v01 at openssh.com"))
>
> Don't do this. Use this pattern:
>
> if (!strcmp(spec.ssh_identifier, "ssh-rsa-cert-v01 at openssh.com"))
>
IO: Noted, will change
> > + "(private-key "
> > + " (rsa (n %m) (e %m) (d %m) (p %m) (q %m) (u %m) )"
> > + " (comment %s)"
> > + " (key-type %s)"
> > + " (certificate %s)"
>
> That is never going to fly. The "certificate" and other new items are
> nothing we want as the part of a private key. See keyformat.txt on how
> to add meta information to a key.
IO: the reason for this approach is that the "meta information" needs
to be passed
IO: through multiple layers, so even if it would be saved in separate
field it seem it would
IO: be very extensive changes to pass such "meta information" through
the system.
IO: For example, if the comment was saved as such "meta information"
would we need to change
IO: all signatures of all functions passing the key to pass the
comment along? Is there or is there another way?
>
>
> Shalom-Salam,
>
> Werner
>
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list