4 files changed, 38 insertions, 43 deletions

diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 2300ce3937..940585575c 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -331,14 +331,15 @@
   </func>   
   
   <func>
-    <name>generate_key(Params) -> {Public::binary(), Private::binary()}  | #'ECPrivateKey'{} | {#'RSAPublicKey'{}, #'RSAPrivateKey'{}}</name>
+    <name>generate_key(Params) -> {Public::binary(), Private::binary()}  | #'ECPrivateKey'{} | #'RSAPrivateKey'{}</name>
     <fsummary>Generates a new keypair.</fsummary>
     <type>
       <v>Params = #'DHParameter'{} |  {namedCurve, oid()} |  #'ECParameters'{} 
       | {rsa, Size::integer(), PubExp::integer} </v>
     </type>
   <desc>
-    <p>Generates a new keypair. See also
+    <p>Generates a new keypair. Note that except for Diffie-Hellman
+    the public key is included in the private key structure. See also
     <seealso marker="crypto:crypto#generate_key/2">crypto:generate_key/2</seealso>
     </p>
   </desc>
diff --git a/lib/public_key/src/pubkey_ssh.erl b/lib/public_key/src/pubkey_ssh.erl
index 90726b1eb3..816d7b3336 100644
--- a/lib/public_key/src/pubkey_ssh.erl
+++ b/lib/public_key/src/pubkey_ssh.erl
@@ -44,11 +44,6 @@
 %%====================================================================
 
 %%--------------------------------------------------------------------
--spec decode(binary(), public_key | public_key:ssh_file()) -> 
-		    [{public_key:public_key(), Attributes::list()}]
-	  ; (binary(), ssh2_pubkey) ->  public_key:public_key()
-	  .
-%%
 %% Description: Decodes a ssh file-binary.
 %%--------------------------------------------------------------------
 decode(Bin, public_key)->
@@ -66,11 +61,6 @@ decode(Bin, Type) ->
     openssh_decode(Bin, Type).
 
 %%--------------------------------------------------------------------
--spec encode([{public_key:public_key(), Attributes::list()}], public_key:ssh_file()) ->
-		    binary()
-	  ; (public_key:public_key(), ssh2_pubkey) -> binary()
-	  .
-%%
 %% Description: Encodes a list of ssh file entries.
 %%--------------------------------------------------------------------
 encode(Bin, ssh2_pubkey) ->
@@ -81,10 +71,6 @@ encode(Entries, Type) ->
 				      end, Entries)).
 
 %%--------------------------------------------------------------------
--spec dh_gex_group(integer(), integer(), integer(), 
-		   undefined | [{integer(),[{integer(),integer()}]}]) ->
-			  {ok,{integer(),{integer(),integer()}}} | {error,any()} .
-%%
 %% Description: Returns Generator and Modulus given MinSize, WantedSize
 %%              and MaxSize
 %%--------------------------------------------------------------------
@@ -421,14 +407,21 @@ comma_list_encode([Option | Rest], []) ->
 comma_list_encode([Option | Rest], Acc) ->
     comma_list_encode(Rest, Acc ++ "," ++ Option).
 
+
+%% An experimental fix adding the signature algorithm name as the last element in a tuple...
+
 ssh2_pubkey_encode(#'RSAPublicKey'{modulus = N, publicExponent = E}) ->
-    TypeStr = <<"ssh-rsa">>,
-    StrLen = size(TypeStr),
+    ssh2_pubkey_encode({#'RSAPublicKey'{modulus = N, publicExponent = E}, 'ssh-rsa'});
+ssh2_pubkey_encode({#'RSAPublicKey'{modulus = N, publicExponent = E}, SignAlg}) ->
+    SignAlgName = list_to_binary(atom_to_list(SignAlg)),
+    StrLen = size(SignAlgName),
     EBin = mpint(E),
     NBin = mpint(N),
-    <<?UINT32(StrLen), TypeStr:StrLen/binary,
+    <<?UINT32(StrLen), SignAlgName:StrLen/binary,
       EBin/binary,
       NBin/binary>>;
+ssh2_pubkey_encode({{_,#'Dss-Parms'{}}=Key, _}) ->
+    ssh2_pubkey_encode(Key);
 ssh2_pubkey_encode({Y,  #'Dss-Parms'{p = P, q = Q, g = G}}) ->
     TypeStr = <<"ssh-dss">>,
     StrLen = size(TypeStr),
@@ -441,6 +434,8 @@ ssh2_pubkey_encode({Y,  #'Dss-Parms'{p = P, q = Q, g = G}}) ->
       QBin/binary,
       GBin/binary,
       YBin/binary>>;
+ssh2_pubkey_encode({{#'ECPoint'{},_}=Key, _}) ->
+    ssh2_pubkey_encode(Key);
 ssh2_pubkey_encode(Key={#'ECPoint'{point = Q}, {namedCurve,OID}}) ->
     TypeStr = key_type(Key),
     StrLen = size(TypeStr),
@@ -453,10 +448,16 @@ ssh2_pubkey_encode(Key={#'ECPoint'{point = Q}, {namedCurve,OID}}) ->
 ssh2_pubkey_decode(Bin = <<?UINT32(Len), Type:Len/binary, _/binary>>) ->
     ssh2_pubkey_decode(Type, Bin).
 
-ssh2_pubkey_decode(<<"ssh-rsa">>,
+%% An experimental fix with the Signature Algorithm Name
+ssh2_pubkey_decode(SignAlgName,
 		   <<?UINT32(Len),   _:Len/binary,
 		     ?UINT32(SizeE), E:SizeE/binary,
-		     ?UINT32(SizeN), N:SizeN/binary>>) ->
+		     ?UINT32(SizeN), N:SizeN/binary>>)
+  when SignAlgName == <<"ssh-rsa">> ;
+       SignAlgName == <<"rsa-sha2-256">> ;
+       SignAlgName == <<"rsa-sha2-384">> ;
+       SignAlgName == <<"rsa-sha2-512">> 
+       ->
     #'RSAPublicKey'{modulus = erlint(SizeN, N),
 		    publicExponent = erlint(SizeE, E)};
 
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 8f185bbbd4..0894e1860b 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -402,7 +402,7 @@ dh_gex_group(Min, N, Max, Groups) ->
                   (#'ECParameters'{}) ->
                           #'ECPrivateKey'{};
                   ({rsa, Size::pos_integer(), PubExp::pos_integer()}) ->
-                          {#'RSAPublicKey'{}, #'RSAPrivateKey'{}}.
+                          #'RSAPrivateKey'{}.
 
 %% Description: Generates a new keypair
 %%--------------------------------------------------------------------
@@ -417,18 +417,15 @@ generate_key({rsa, ModulusSize, PublicExponent}) ->
         {[E, N], [E, N, D, P, Q, D_mod_P_1, D_mod_Q_1, InvQ_mod_P]} ->
             Nint = crypto:bytes_to_integer(N),
             Eint = crypto:bytes_to_integer(E),
-            {#'RSAPublicKey'{modulus = Nint,
-                             publicExponent = Eint},
-             #'RSAPrivateKey'{version = 0, % Two-factor (I guess since otherPrimeInfos is not given)
-                              modulus = Nint,
-                              publicExponent = Eint,
-                              privateExponent = crypto:bytes_to_integer(D),
-                              prime1 = crypto:bytes_to_integer(P),
-                              prime2 = crypto:bytes_to_integer(Q),
-                              exponent1 = crypto:bytes_to_integer(D_mod_P_1),
-                              exponent2 = crypto:bytes_to_integer(D_mod_Q_1),
-                              coefficient = crypto:bytes_to_integer(InvQ_mod_P)}
-            };
+            #'RSAPrivateKey'{version = 0, % Two-factor (I guess since otherPrimeInfos is not given)
+                             modulus = Nint,
+                             publicExponent = Eint,
+                             privateExponent = crypto:bytes_to_integer(D),
+                             prime1 = crypto:bytes_to_integer(P),
+                             prime2 = crypto:bytes_to_integer(Q),
+                             exponent1 = crypto:bytes_to_integer(D_mod_P_1),
+                             exponent2 = crypto:bytes_to_integer(D_mod_Q_1),
+                             coefficient = crypto:bytes_to_integer(InvQ_mod_P)};
 
         {[E, N], [E, N, D]} -> % FIXME: what to set the other fields in #'RSAPrivateKey'?
                                % Answer: Miller [Mil76]
@@ -438,9 +435,7 @@ generate_key({rsa, ModulusSize, PublicExponent}) ->
                                %   1976.
             Nint = crypto:bytes_to_integer(N),
             Eint = crypto:bytes_to_integer(E),
-            {#'RSAPublicKey'{modulus = Nint,
-                             publicExponent = Eint},
-             #'RSAPrivateKey'{version = 0, % Two-factor (I guess since otherPrimeInfos is not given)
+            #'RSAPrivateKey'{version = 0, % Two-factor (I guess since otherPrimeInfos is not given)
                               modulus = Nint,
                               publicExponent = Eint,
                               privateExponent = crypto:bytes_to_integer(D),
@@ -448,9 +443,8 @@ generate_key({rsa, ModulusSize, PublicExponent}) ->
                               prime2 = '?',
                               exponent1 = '?',
                               exponent2 = '?',
-                              coefficient = '?'}
-            };
-
+                              coefficient = '?'};
+        
         Other ->
             Other
     end.
@@ -610,7 +604,7 @@ pkix_match_dist_point(#'CertificateList'{
 
 %%--------------------------------------------------------------------
 -spec pkix_sign(#'OTPTBSCertificate'{},
-		rsa_private_key() | dsa_private_key()) -> Der::binary().
+		rsa_private_key() | dsa_private_key() | ec_private_key()) -> Der::binary().
 %%
 %% Description: Sign a pkix x.509 certificate. Returns the corresponding
 %% der encoded 'Certificate'{}
@@ -906,6 +900,7 @@ ssh_decode(SshBin, Type) when is_binary(SshBin),
 %%--------------------------------------------------------------------
 -spec ssh_encode([{public_key(), Attributes::list()}], ssh_file()) -> binary()
 	      ; (public_key(), ssh2_pubkey) -> binary()
+	      ; ({public_key(),atom()}, ssh2_pubkey) -> binary()
 	      .
 %%
 %% Description: Encodes a list of ssh file entries (public keys and
diff --git a/lib/public_key/test/erl_make_certs.erl b/lib/public_key/test/erl_make_certs.erl
index 00be7dd5b3..95d0dec920 100644
--- a/lib/public_key/test/erl_make_certs.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -351,8 +351,6 @@ gen_rsa2(Size) ->
         %% The numbers 2048,17 is choosen to not cause the cryptolib on
         %% FIPS-enabled test machines be mad at us.
         public_key:generate_key({rsa, 2048, 17})
-    of
-        {_Public, Private} -> Private
     catch
         error:notsup ->
             %% Disabled dirty_schedulers => crypto:generate_key not working