search for: identity_passphrase

...clear_pass(); --- ssh-keygen.c.orig Thu Nov 27 18:15:47 2003 +++ ssh-keygen.c Thu Nov 27 18:16:19 2003 @@ -127,14 +127,14 @@ char *pass; Key *prv; - prv = key_load_private(filename, "", NULL); + prv = key_load_private(filename, "", NULL, 0); if (prv == NULL) { if (identity_passphrase) pass = xstrdup(identity_passphrase); else pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); - prv = key_load_private(filename, pass, NULL); + prv = key_load_private(filename, pass, NULL, 0); memset(pass, 0, strlen(pass)); xfree(pass); } @@ -560,7...

...+ if ((r = sshkey_load_private_type(KEY_UNSPEC, filename, "", + &prv, NULL)) == 0) return prv; if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) fatal("Load key \"%s\": %s", filename, ssh_err(r)); @@ -283,7 +284,7 @@ load_identity(char *filename) pass = xstrdup(identity_passphrase); else pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); - r = sshkey_load_private(filename, pass, &prv, NULL); + r = sshkey_load_private_type(KEY_UNSPEC, filename, pass, &prv, NULL); explicit_bzero(pass, strlen(pass)); free(pass); if (r != 0) @@ -855,7 +856...

...e, "", &prv, commentp, vault_infop)) == 0) ??? ??? ?return prv; ??? ?if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) ??? ??? ?fatal("Load key \"%s\": %s", filename, ssh_err(r)); @@ -326,7 +328,7 @@ load_identity(const char *filename, char **commentp) ??? ??? ?pass = xstrdup(identity_passphrase); ??? ?else ??? ??? ?pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); -?? ?r = sshkey_load_private(filename, pass, &prv, commentp); +?? ?r = sshkey_load_private(filename, pass, &prv, commentp, vault_infop); ??? ?freezero(pass, strlen(pass)); ??? ?if (r != 0) ??? ??? ?...

...me = NULL; @@ -240,6 +241,13 @@ char *pass; Key *prv; + if (read_public_only) { + Key *pub; + + pub = key_load_public(filename, NULL); + return pub; + } + prv = key_load_private(filename, "", NULL); if (prv == NULL) { if (identity_passphrase) @@ -705,7 +713,13 @@ perror(identity_file); exit(1); } - prv = load_identity(identity_file); + + if (read_public_only == 1) { + prv = key_load_public(identity_file, NULL); + } else { + prv = load_identity(identity_file); + } + if (prv == NULL)...

...ngerprint_hash = SSH_FP_HASH_DEFAULT; static char identity_file[PATH_MAX]; static int have_identity = 0; +/* Some operations accept multiple files */ +static char **identity_files; +static size_t nidentity_files; + /* This is set to the passphrase if given on the command line. */ static char *identity_passphrase = NULL; @@ -2803,16 +2807,17 @@ done: static int sig_verify(const char *signature, const char *sig_namespace, - const char *principal, const char *allowed_keys, const char *revoked_keys, - char * const *opts, size_t nopts) + const char *principal, char **allowed_keys, size_t nallowed...

Hello, I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be passed only once. A side remark: technically it can be passed multiple times without a warning but the last invocation overrides all previous ones. Tested using: $ ssh-keygen -Y verify -f allowed_signers -f /dev/null -n file -s