mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
agent: Make digest algorithms for ssh fingerprints configurable.
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'. * agent/command-ssh.c (data_sign, ssh_identity_register): Honor the option for strings used to communicate with the user. * agent/findkey.c (agent_modify_description): Likewise. * agent/gpg-agent.c (cmd_and_opt_values): New value. (opts): New option '--ssh-fingerprint-digest'. (parse_rereadable_options): Set the default to MD5 for now. (main): Handle the new option. * doc/gpg-agent.texi: Document the new option. -- OpenSSH has transitioned from using MD5 to compute key fingerprints to SHA256. This patch makes the digest used when communicating key fingerprints to the user (e.g. in pinentry dialogs) configurable. For now this patch conservatively defaults to MD5. GnuPG-bug-id: 2106 Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
parent
a5f046d99a
commit
525f2c482a
5 changed files with 24 additions and 3 deletions
|
@ -636,6 +636,13 @@ and allows the use of gpg-agent with the ssh implementation
|
|||
@command{putty}. This is similar to the regular ssh-agent support but
|
||||
makes use of Windows message queue as required by @command{putty}.
|
||||
|
||||
@anchor{option --ssh-fingerprint-digest}
|
||||
@item --ssh-fingerprint-digest
|
||||
@opindex ssh-fingerprint-digest
|
||||
|
||||
Select the digest algorithm used to compute ssh fingerprints that are
|
||||
communicated to the user, e.g. in pinentry dialogs. OpenSSH has
|
||||
transitioned from using MD5 to the more secure SHA256.
|
||||
|
||||
@end table
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue