From b3e13b7f0b8185223095257540090679e940a435 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 8 Jan 2026 12:55:06 +0100
Subject: [PATCH] pki: Discourage comparing private keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
---
 src/pki.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/pki.c b/src/pki.c
index 6fe0ff00..ef90df23 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -834,6 +834,10 @@ int ssh_key_is_private(const ssh_key k) {
 /**
  * @brief Compare keys if they are equal.
  *
+ * Note that comparing private keys is almost never needed. The private key
+ * is cryptographically bound to the public key and comparing public keys should
+ * always be preferred.
+ *
  * @param[in] k1        The first key to compare.
  *
  * @param[in] k2        The second key to compare.