Rename get_ca_comment_from_sk -> get_ca_sk_comment_from_pk

- Better explain what it does
- Don't fallback to public key fingerprint in function
- Use "cassh" as the fallback if the comment is empty
- Adjust manpage

cassh.1

@@ -11,7 +11,7 @@
 .\" along with this software. If not, see
 .\" <http://creativecommons.org/publicdomain/zero/1.0/>.
 .\"
-.Dd March 01, 2022
+.Dd April 19, 2022
 .Dt CASSH 1
 .Os
 .Sh NAME
@@ -84,7 +84,11 @@ The recognized tokens are:
 A literal
 .Sq % .
 .It \&%C
-The Certification Authority private key comment.
+The Certification Authority private key comment field as reported by
+.Xr ssh-add 1 ,
+or the string
+.Sq cassh
+if there is no comment reported.
 .It %f
 The basename of the public key being signed.
 .El

cassh.sh

@@ -29,9 +29,9 @@ err()
 	exit 1
 }
 
-# Returns comment from the ssh-agent if any is returned, otherwise it
-# returns the public key's fingerprint.
-get_ca_comment_from_sk()
+# Returns the comment from the loaded secret key in ssh-agent, if any is
+# present.
+get_ca_sk_comment_from_pk()
 {
 	ssh-keygen -lf "$1" | {
 		read -r pk_sz pk_fp pk_extra
@@ -41,7 +41,7 @@ get_ca_comment_from_sk()
 				break
 			fi
 		done)
-		echo "${_comment:-${pk_fp#*:}}"
+		echo "${_comment:-}"
 	}
 }
 
@@ -135,7 +135,8 @@ main_issue()
 	fi
 	read -r serial <"$PATH_CA_SERIAL"
 
-	_template_fmt_C=$(get_ca_comment_from_sk "$PATH_CA_PUB")
+	ca_comment=$(get_ca_sk_comment_from_pk "$PATH_CA_PUB")
+	_template_fmt_C=${ca_comment:-cassh}
 	find "$PATH_PUBKEYS_DIR/" -type f -name '*.pub' ! -name '*-cert.pub' | {
 		while read -r pk; do
 			pkname=${pk%.pub}