Mercurial > dropbear
view dropbearkey.1 @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | 5c8913b7464c |
children |
line wrap: on
line source
.TH dropbearkey 1 .SH NAME dropbearkey \- create private keys for the use with dropbear(8) or dbclient(1) .SH SYNOPSIS .B dropbearkey \-t .I type \-f .I file [\-s .IR bits ] [\-y] .SH DESCRIPTION .B dropbearkey generates a \fIRSA\fR, \fIDSS\fR, \fIECDSA\fR, or \fIEd25519\fR format SSH private key, and saves it to a file for the use with the Dropbear client or server. Note that some SSH implementations use the term "DSA" rather than "DSS", they mean the same thing. .SH OPTIONS .TP .B \-t \fItype Type of key to generate. Must be one of .I rsa .I ecdsa .I ed25519 or .IR dss . .TP .B \-f \fIfile Write the secret key to the file \fIfile\fR. For client authentication ~/.ssh/id_dropbear is loaded by default .TP .B \-s \fIbits Set the key size to .I bits bits, should be multiple of 8 (optional). .TP .B \-y Just print the publickey and fingerprint for the private key in \fIfile\fR. .SH NOTES The program dropbearconvert(1) can be used to convert between Dropbear and OpenSSH key formats. .P Dropbear does not support encrypted keys. .SH EXAMPLE generate a host-key: # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key extract a public key suitable for authorized_keys from private key: # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys .SH AUTHOR Matt Johnston ([email protected]). .br Gerrit Pape ([email protected]) wrote this manual page. .SH SEE ALSO dropbear(8), dbclient(1), dropbearconvert(1) .P https://matt.ucc.asn.au/dropbear/dropbear.html