Commit 58296a95 authored by Matt Johnston's avatar Matt Johnston

Make dropbearkey only generate 1024 bit keys

--HG--
extra : convert_revision : 8a7db1e2fdc5636abb338adb636babc32f465739
parent ddb61adc
......@@ -21,6 +21,10 @@
- Add -K <keepalive_time> argument, ensuring that data is transmitted
over the connection at least every N seconds.
- dropbearkey will no longer generate DSS keys of sizes other than 1024
bits, as required by the DSS specification. (Other sizes are still
accepted for use to provide backwards compatibility).
0.49 - Fri 23 February 2007
- Security: dbclient previously would prompt to confirm a
......
......@@ -75,6 +75,7 @@ static void printhelp(char * progname) {
#endif
"-f filename Use filename for the secret key\n"
"-s bits Key size in bits, should be a multiple of 8 (optional)\n"
" (DSS has a fixed size of 1024 bits)\n"
"-y Just print the publickey and fingerprint for the\n private key in <filename>.\n"
#ifdef DEBUG_TRACE
"-v verbose\n"
......@@ -187,8 +188,11 @@ int main(int argc, char ** argv) {
fprintf(stderr, "Bits must be an integer\n");
exit(EXIT_FAILURE);
}
if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
if (keytype == DROPBEAR_SIGNKEY_DSS && bits != 1024) {
fprintf(stderr, "DSS keys have a fixed size of 1024 bits\n");
exit(EXIT_FAILURE);
} else if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a"
" multiple of 8\n");
exit(EXIT_FAILURE);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment