From 2f32583fd11f76fe52fc9575c4cacb37be05f0e8 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Fri, 18 Mar 2022 15:03:20 +0100
Subject: [PATCH] Adjust `opgpcard ssh` output

---
 tools/README.md                | 8 ++++++++
 tools/src/bin/opgpcard/main.rs | 4 ++--
 tools/src/bin/opgpcard/util.rs | 6 +++---
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/tools/README.md b/tools/README.md
index 85b1aaa..471f779 100644
--- a/tools/README.md
+++ b/tools/README.md
@@ -67,6 +67,14 @@ algorithms of the card, if the card returns that list):
 $ opgpcard status -c ABCD:01234567 -v
 ```
 
+### Using a card for ssh auth
+
+To use an OpenPGP card for ssh login, an authentication key needs to exist on the card.
+
+To allow login, the ssh public key representation of the authentications key needs to be added to
+`.ssh/authorized_keys` on the remote machine. `opgpcard ssh` shows the ssh public key string for the authentication
+key on the card.
+
 ### Import keys
 
 Import private key onto a card. This works if at most one (sub)key per role (
diff --git a/tools/src/bin/opgpcard/main.rs b/tools/src/bin/opgpcard/main.rs
index 571c3cb..991214e 100644
--- a/tools/src/bin/opgpcard/main.rs
+++ b/tools/src/bin/opgpcard/main.rs
@@ -332,14 +332,14 @@ fn print_ssh(ident: Option<String>) -> Result<()> {
 
     println!();
     if let Some(fp) = fps.authentication() {
-        println!("Authentication subkey fingerprint:\n{}", fp);
+        println!("Authentication key fingerprint:\n{}", fp);
     }
 
     // Show authentication subkey as openssh public key string
     if let Ok(pkm) = open.public_key(KeyType::Authentication) {
         if let Ok(ssh) = util::get_ssh_pubkey_string(&pkm, ident) {
             println!();
-            println!("Authentication subkey as ssh public key:\n{}", ssh);
+            println!("Authentication key as ssh public key:\n{}", ssh);
         }
     }
 
diff --git a/tools/src/bin/opgpcard/util.rs b/tools/src/bin/opgpcard/util.rs
index 1f7e415..176facd 100644
--- a/tools/src/bin/opgpcard/util.rs
+++ b/tools/src/bin/opgpcard/util.rs
@@ -95,7 +95,7 @@ pub(crate) fn open_or_stdout(f: Option<&Path>) -> Result<Box<dyn std::io::Write
 }
 
 fn get_ssh_pubkey(pkm: &PublicKeyMaterial, ident: String) -> Result<sshkeys::PublicKey> {
-    let cardno = format!("cardno:{}", ident);
+    let cardname = format!("opgpcard:{}", ident);
 
     let (key_type, kind) = match pkm {
         PublicKeyMaterial::R(rsa) => {
@@ -159,7 +159,7 @@ fn get_ssh_pubkey(pkm: &PublicKeyMaterial, ident: String) -> Result<sshkeys::Pub
 
     let pk = sshkeys::PublicKey {
         key_type,
-        comment: Some(cardno),
+        comment: Some(cardname),
         kind,
     };
 
@@ -167,7 +167,7 @@ fn get_ssh_pubkey(pkm: &PublicKeyMaterial, ident: String) -> Result<sshkeys::Pub
 }
 
 /// Return a String representation of an ssh public key, in a form like:
-/// "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuTuxILMTvzTIRvaRqqUM3aRDoEBgz/JAoWKsD1ECxy cardno:FFFE:43194240"
+/// "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuTuxILMTvzTIRvaRqqUM3aRDoEBgz/JAoWKsD1ECxy opgpcard:FFFE:43194240"
 pub(crate) fn get_ssh_pubkey_string(pkm: &PublicKeyMaterial, ident: String) -> Result<String> {
     let pk = get_ssh_pubkey(pkm, ident)?;