projects
/
monkeysphere.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
64f9366
)
added FIXMEs documenting next steps for gpg2ssh.
author
Daniel Kahn Gillmor
<dkg@fifthhorseman.net>
Wed, 9 Apr 2008 07:46:45 +0000
(
03:46
-0400)
committer
Daniel Kahn Gillmor
<dkg@fifthhorseman.net>
Wed, 9 Apr 2008 07:46:45 +0000
(
03:46
-0400)
gpg2ssh.c
patch
|
blob
|
history
diff --git
a/gpg2ssh.c
b/gpg2ssh.c
index a109943e2533fc4ed1000841f5bc90fe8f0576a7..f696f659cc903d8938f9cdb21efd14b5118a389c 100644
(file)
--- a/
gpg2ssh.c
+++ b/
gpg2ssh.c
@@
-80,6
+80,9
@@
int main(int argc, char* argv[]) {
GNUTLS_OPENPGP_FMT_BASE64; if MONKEYSPHERE_RAW is set, use RAW,
otherwise, use BASE64: */
GNUTLS_OPENPGP_FMT_BASE64; if MONKEYSPHERE_RAW is set, use RAW,
otherwise, use BASE64: */
+ /* FIXME: we should be auto-detecting the input format, and
+ translating it as needed. */
+
if (getenv("MONKEYSPHERE_RAW")) {
err("assuming RAW formatted certificate\n");
if (ret = gnutls_openpgp_crt_import(openpgp_crt, &data, GNUTLS_OPENPGP_FMT_RAW), ret) {
if (getenv("MONKEYSPHERE_RAW")) {
err("assuming RAW formatted certificate\n");
if (ret = gnutls_openpgp_crt_import(openpgp_crt, &data, GNUTLS_OPENPGP_FMT_RAW), ret) {
@@
-99,6
+102,15
@@
int main(int argc, char* argv[]) {
return 1;
}
return 1;
}
+ /* FIXME: We're currently looking at the primary key or maybe the
+ first authentication-capable subkey.
+
+ Instead, we should be iterating through the primary key and all
+ subkeys: for each one with the authentication usage flag set of a
+ algorithm we can handle, we should output matching UserIDs and
+ the SSH version of the key. */
+
+
if (ret = gnutls_openpgp_crt_get_key_usage(openpgp_crt, &usage), ret) {
err("failed to get the usage flags for the primary key (error: %d)\n", ret);
return ret;
if (ret = gnutls_openpgp_crt_get_key_usage(openpgp_crt, &usage), ret) {
err("failed to get the usage flags for the primary key (error: %d)\n", ret);
return ret;
@@
-194,8
+206,9
@@
int main(int argc, char* argv[]) {
uidsz--;
/* FIXME: we're just choosing the first UserID from the certificate:
uidsz--;
/* FIXME: we're just choosing the first UserID from the certificate:
- instead, we should be choosing the one that's adequately signed,
- and matches the monkeysphere specification. */
+ instead, we should be selecting every User ID that is adequately
+ signed and matches the spec, and aggregating them with commas for
+ known_hosts output */
if (ret = gnutls_openpgp_crt_get_name(openpgp_crt, 0, userid, &uidsz), ret) {
err("Failed to fetch the first UserID (error: %d)\n", ret);
if (ret = gnutls_openpgp_crt_get_name(openpgp_crt, 0, userid, &uidsz), ret) {
err("Failed to fetch the first UserID (error: %d)\n", ret);