Re: [PATCH] ssh signing: support non ssh-* keytypes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Junio C Hamano <gitster@xxxxxxxxx> writes:

> Fabian Stelzer <fs@xxxxxxxxxxxx> writes:
>
>> +/* Determines wether key contains a literal ssh key or a path to a file */
>> +static int is_literal_ssh_key(const char *key) {
>> +	return (
>> +		starts_with(key, "ssh-") ||
>> +		starts_with(key, "ecdsa-") ||
>> +		starts_with(key, "sk-ssh-") ||
>> +		starts_with(key, "sk-ecdsa-")
>> +	);
>> +}
>
> A more forward looking thing you could do is to 
>
>  (1) grandfather the convention "any string that begins with 'ssh-'
>      is taken as a ssh literal key".
>
>  (2) refrain from spreading such an unstructured mess by picking a
>      reserved prefix, say "ssh-key::" and have all other kinds of
>      ssh keys use the convention.
>
> making the above function look more like
>
>     static int is_literal_ssh_key(const char *string, const char **key)
>     {
> 	if (skip_prefix(string, "ssh-key::", key)
> 	    return 1;
> 	if (starts_with(string, "ssh-")) {
> 	    key = string;
> 	    return 1;
> 	}
> 	return 0;
>     }

Given that this ONLY gets called from ssh codepath, I think the
special prefix can just be "key::", and when a new crypto suite
is introduced to sit next to GPG and SSH, presumably the code
structure to support it will be similar to that of ssh's, and it
can also use "key::" prefix for their literal keys.  That design
may be cleaner.

Thanks.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux