openssh-portable icon indicating copy to clipboard operation
openssh-portable copied to clipboard
verified publisher icon openssh

require public key for signing only when necessary

Open sisp opened this issue 1 year ago • 1 comments

Signing a file with ssh-keygen -Y sign -n <namespace> -f <key_file> <file> does not actually require a public key when <key_file> is the path to a private key file, but ssh-keygen is currently failing when the public key file does not exist. To avoid being unnecessarily strict, I've moved the check for the existence of a public key file. Now, an attempt at loading the public key file is made in the same place as before, but its existence is only enforced when checking the SSH agent for the key. IIUC, this is the only place where the public key is required.

WDYT? :slightly_smiling_face:

sisp avatar Jun 06 '24 12:06 sisp

I don't see how this could work, because the code later does this:

        if (signer == NULL) {
                /* Not using agent - try to load private key */
                if ((privkey = load_sign_key(keypath, pubkey)) == NULL)
                        goto done;
                signkey = privkey;
        } else {

and load_sign_key() checks the pubkey against the private key unconditionally:

        if (!sshkey_equal_public(pubkey, privkey)) {
                error("Public key %s doesn't match private %s",
                    keypath, privpath);
                goto done;
        }

which will fail if pubkey is NULL

djmdjm avatar Nov 28 '24 16:11 djmdjm