From 01782752b8f9ebeca8415d96bd416654a9af6e3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Mengu=C3=A9?= Date: Mon, 20 Apr 2026 15:16:32 +0200 Subject: [PATCH] Allow IdentityFile to point to a .pub file Improve handling of IdentityFile (also flag -i) to allow to point directly to a public key file (.pub). This is for the case where the private key is not stored on disk but in a more secure area. Thanks to agnosticlines for explaining the use case and providing a first version of the patch in #65. --- README.pod | 12 +++++++++++- bin/github-keygen | 17 ++++++++++++----- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/README.pod b/README.pod index 33eb04b..876d137 100644 --- a/README.pod +++ b/README.pod @@ -262,7 +262,15 @@ L. =over 4 -=item v1.401 +=item UNRELEASED + +Improve handling of C (either from config or given via C<-i>) to allow +to point directly to a public key file: this is for the case where the private key is +not stored on disk with the public key but in a more secure area (e.g. macOS SEP). +Thanks L +(L)! + +=item L Update key exchange algorithms: @@ -577,6 +585,8 @@ changes in 1.008. L: support for GitHub account with dashes (v1.009). +L: L. + If you want to contribute, have a look to L. =head1 COPYRIGHT & LICENSE diff --git a/bin/github-keygen b/bin/github-keygen index 38072d5..22e1021 100755 --- a/bin/github-keygen +++ b/bin/github-keygen @@ -416,7 +416,8 @@ if (@github_accounts) { foreach my $user (@github_accounts) { my $u = $github_accounts{$user}; - my $pub_key_file = $u->{key_file} . ".pub"; + my $pub_key_file = $u->{key_file}; + $pub_key_file .= '.pub' unless $pub_key_file =~ /\.pub\z/; if (-e $pub_key_file) { if (open my $f, '-|', qw, $pub_key_file) { chomp(my $fingerprint = <$f>); @@ -658,6 +659,9 @@ EOF ($u eq $github_default ? (GITHUB_HOSTS) : ()), ) . "\n", "IdentitiesOnly yes\n", + # Note: IdentityFile may be either a private key or a public key (.pub) + # depending on the storage method: when the private key is stored + # in a more secure area than that directory, the .pub is directly linked here 'IdentityFile '. compress_path($github_accounts{$u}->{key_file}) . "\n", "\n"; } @@ -834,7 +838,9 @@ if (@unregistered_users) { if (@clip_cmd && @unregistered_users == 1 && !$offline) { my $user = shift @unregistered_users; # Copy the first key created to the clipboard - my $pub_key_file = $github_accounts{$user}->{key_file}.".pub"; + my $pub_key_file = $github_accounts{$user}->{key_file}; + $pub_key_file .= '.pub' unless $pub_key_file =~ /\.pub\z/; + # Read the public key from the file open my $pub, '<', $pub_key_file; my $pubkey = <$pub>; @@ -854,11 +860,12 @@ if (@unregistered_users) { . ".\n"; # Help the user to copy the other keys foreach my $user (@unregistered_users) { - my $pub_key = compress_path($github_accounts{$user}{key_file}).".pub"; + my $pub_key_file = compress_path($github_accounts{$user}{key_file}); + $pub_key_file .= '.pub' unless $pub_key_file =~ /\.pub\z/; if (@clip_cmd) { - print " $user: @clip_cmd < $pub_key\n"; + print " $user: @clip_cmd < $pub_key_file\n"; } else { - print " $user: $pub_key\n"; + print " $user: $pub_key_file\n"; } } if ($offline) {