[Bug 3132] No command to list the content of an SSH KRL

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Mar 13 18:35:31 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3132

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at dtucker.net
   Attachment #3367|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3367
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3367&action=edit
Support for dumping KRL contents via ssh-keygen

This patch adds support for dumping KRL contents via "ssh-keygen -Qlf
/path/krl"

The dump format is similar to the KRL specification format described in
ssh-keygen(1)'s KEY REVOCATION section. Some things we need to print
don't fit the format, so I print them as comments.

Example:

> $ ssh-keygen -lQf obj/krl-all     
> # KRL version 0
> # Generated at 20200313T181736
> 
> hash: SHA256:SHA256:s8ltKq+ldDA2KIlB5dqI0BfEI4UyV+pJujwg6Q2uKIU # ssh-dss
> hash: SHA256:SHA256:zbEIKMbhOkp/jZWE/cW67PnEwSyv0Oju1c4PH1N70/k # ssh-ed25519
> hash: SHA256:SHA256:VZS9t21+vjrGDece9Pc6i23kPcVw5QsVOtxBCuIOyRw # ecdsa-sha2-nistp256
> hash: SHA256:SHA256:jHnudyvRBF93GK/jA9NO7wpUd5emyeCq9NlIEI6dVQA # sk-ecdsa-sha2-nistp256 at openssh.com
> # CA key ssh-ed25519 SHA256:7Y4hOrk8kHvyTeXl+VU/zwD28qqCK9e5M35LTwe0OpM
> serial: 1
> serial: 4
> serial: 90
> serial: 500-799
> serial: 999
> serial: 10000-20000
> id: revoked 795
> id: revoked 796
> id: revoked 797
> id: revoked 798

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list