X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fkeytrans;h=e6777ffd4a35805d96cbd55ead27042cdbecd1f4;hb=5df09d935f33477cdd9763c0e9c1ba7c8073aea0;hp=8bf17fb2df6b2a2a212b1af218eac6eaad8d70d8;hpb=2c427b22f6a780cbf0d4e22fce26071727e985a1;p=monkeysphere.git

diff --git a/src/share/keytrans b/src/share/keytrans
index 8bf17fb..e6777ff 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -1,5 +1,15 @@
 #!/usr/bin/perl -w -T
 
+# keytrans: this is an RSA key translation utility; it is capable of
+# transforming RSA keys (both public keys and secret keys) between
+# several popular representations, including OpenPGP, PEM-encoded
+# PKCS#1 DER, and OpenSSH-style public key lines.
+
+# How it behaves depends on the name under which it is invoked.  The
+# two implementations currently are: pem2openpgp and openpgp2ssh.
+
+
+
 # pem2openpgp: take a PEM-encoded RSA private-key on standard input, a
 # User ID as the first argument, and generate an OpenPGP secret key
 # and certificate from it.
@@ -12,6 +22,23 @@
 
 # pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg --import
 
+
+
+
+# openpgp2ssh: take a stream of OpenPGP packets containing public or
+# secret key material on standard input, and a Key ID (or fingerprint)
+# as the first argument.  Find the matching key in the input stream,
+# and emit it on stdout in an OpenSSH-compatible format.  If the input
+# key is an OpenPGP public key (either primary or subkey), the output
+# will be an OpenSSH single-line public key.  If the input key is an
+# OpenPGP secret key, the output will be a PEM-encoded RSA key.
+
+# Example usage:
+
+# gpg --export-secret-subkeys --export-options export-reset-subkey-passwd $KEYID | \
+#  openpgp2ssh $KEYID | ssh-add /dev/stdin
+
+
 # Authors:
 #  Jameson Rollins <jrollins@finestructure.net>
 #  Daniel Kahn Gillmor <dkg@fifthhorseman.net>
@@ -168,11 +195,11 @@ my $keyserver_prefs = { nomodify => 0x80
 ########### Math/Utility Functions ##############
 
 
-# see the bottom of page 43 of RFC 4880
+# see the bottom of page 44 of RFC 4880 (http://tools.ietf.org/html/rfc4880#page-44)
 sub simple_checksum {
   my $bytes = shift;
 
-  return unpack("%32W*",$bytes) % 65536;
+  return unpack("%16C*",$bytes);
 }
 
 # calculate the multiplicative inverse of a mod b this is euclid's