diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 33e77c62..147b2035 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -80,7 +80,11 @@ ssh_key pki_key_dup(const ssh_key key, int demote) new->type = key->type; new->type_c = key->type_c; - new->flags = key->flags; + if (demote) { + new->flags = SSH_KEY_FLAG_PUBLIC; + } else { + new->flags = key->flags; + } switch (key->type) { case SSH_KEYTYPE_DSS: diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index a39b2607..65c9107f 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -749,6 +749,11 @@ ssh_key pki_key_dup(const ssh_key key, int demote) } new->type = key->type; new->type_c = key->type_c; + if (demote) { + new->flags = SSH_KEY_FLAG_PUBLIC; + } else { + new->flags = key->flags; + } switch(key->type) { case SSH_KEYTYPE_DSS: @@ -845,18 +850,6 @@ ssh_key pki_key_dup(const ssh_key key, int demote) break; case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA1: - sexp = gcry_sexp_find_token(key->rsa, "n", 0); - if (sexp == NULL) { - goto fail; - } - tmp = gcry_sexp_nth_data(sexp, 1, &size); - n = ssh_string_new(size); - if (n == NULL) { - goto fail; - } - ssh_string_fill(n, (char *)tmp, size); - gcry_sexp_release(sexp); - sexp = gcry_sexp_find_token(key->rsa, "e", 0); if (sexp == NULL) { goto fail; @@ -869,6 +862,18 @@ ssh_key pki_key_dup(const ssh_key key, int demote) ssh_string_fill(e, (char *)tmp, size); gcry_sexp_release(sexp); + sexp = gcry_sexp_find_token(key->rsa, "n", 0); + if (sexp == NULL) { + goto fail; + } + tmp = gcry_sexp_nth_data(sexp, 1, &size); + n = ssh_string_new(size); + if (n == NULL) { + goto fail; + } + ssh_string_fill(n, (char *)tmp, size); + gcry_sexp_release(sexp); + if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) { sexp = gcry_sexp_find_token(key->rsa, "d", 0); if (sexp == NULL) {