Daniel Kahn Gillmor
2016-05-18 11:52:45 UTC
This documentation is based on sshkey_private_serialize() in sshkey.c,
which is eventually called by ssh-add.
---
PROTOCOL.agent | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/PROTOCOL.agent b/PROTOCOL.agent
index c386d16..5188225 100644
--- a/PROTOCOL.agent
+++ b/PROTOCOL.agent
@@ -252,13 +252,34 @@ RSA certificates may be added with this request:
string key_comment
constraint[] key_constraints
+ED25519 keys may be added with this request:
+
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-ed25519"
+ mpint ed25519_pk
+ mpint ed25519_sk
+ string key_comment
+ constraint[] key_constraints
+
+ED25519 certificates may be added with this request:
+
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-ed25519-cert-***@openssh.com"
+ string certificate
+ mpint ed25519_pk
+ mpint ed25519_sk
+ string key_comment
+ constraint[] key_constraints
+
Note that the 'rsa_p' and 'rsa_q' parameters are sent in the reverse
order to the protocol 1 add keys message. As with the corresponding
protocol 1 "add key" request, the private key is overspecified to avoid
redundant processing.
-For DSA, ECDSA and RSA key add requests, "key_constraints" may only be
-present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED.
+For DSA, ECDSA, RSA, and ED25519 key add requests, "key_constraints" may
+only be present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED.
The agent will reply with a SSH_AGENT_SUCCESS if the key has been
successfully added or a SSH_AGENT_FAILURE if an error occurred.
which is eventually called by ssh-add.
---
PROTOCOL.agent | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/PROTOCOL.agent b/PROTOCOL.agent
index c386d16..5188225 100644
--- a/PROTOCOL.agent
+++ b/PROTOCOL.agent
@@ -252,13 +252,34 @@ RSA certificates may be added with this request:
string key_comment
constraint[] key_constraints
+ED25519 keys may be added with this request:
+
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-ed25519"
+ mpint ed25519_pk
+ mpint ed25519_sk
+ string key_comment
+ constraint[] key_constraints
+
+ED25519 certificates may be added with this request:
+
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-ed25519-cert-***@openssh.com"
+ string certificate
+ mpint ed25519_pk
+ mpint ed25519_sk
+ string key_comment
+ constraint[] key_constraints
+
Note that the 'rsa_p' and 'rsa_q' parameters are sent in the reverse
order to the protocol 1 add keys message. As with the corresponding
protocol 1 "add key" request, the private key is overspecified to avoid
redundant processing.
-For DSA, ECDSA and RSA key add requests, "key_constraints" may only be
-present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED.
+For DSA, ECDSA, RSA, and ED25519 key add requests, "key_constraints" may
+only be present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED.
The agent will reply with a SSH_AGENT_SUCCESS if the key has been
successfully added or a SSH_AGENT_FAILURE if an error occurred.
--
2.8.1
2.8.1