pki: Add generic 'priv' key type that loads any type of private key
This commit is contained in:
parent
4a6f97d00b
commit
05ccde0a8b
|
@ -117,6 +117,11 @@ static int issue()
|
|||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_BLISS;
|
||||
}
|
||||
else if (streq(arg, "priv"))
|
||||
{
|
||||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_ANY;
|
||||
}
|
||||
else if (!streq(arg, "pub"))
|
||||
{
|
||||
error = "invalid input type";
|
||||
|
@ -580,7 +585,7 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t) {
|
||||
issue, 'i', "issue",
|
||||
"issue a certificate using a CA certificate and key",
|
||||
{"[--in file] [--type pub|pkcs10|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
|
||||
{"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
|
||||
" --cacert file [--dn subject-dn] [--san subjectAltName]+",
|
||||
"[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
|
||||
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
static int keyid()
|
||||
{
|
||||
credential_type_t type = CRED_PRIVATE_KEY;
|
||||
int subtype = KEY_RSA;
|
||||
int subtype = KEY_ANY;
|
||||
certificate_t *cert;
|
||||
private_key_t *private;
|
||||
public_key_t *public;
|
||||
|
@ -60,6 +60,11 @@ static int keyid()
|
|||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_BLISS;
|
||||
}
|
||||
else if (streq(arg, "priv"))
|
||||
{
|
||||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_ANY;
|
||||
}
|
||||
else if (streq(arg, "pub"))
|
||||
{
|
||||
type = CRED_PUBLIC_KEY;
|
||||
|
@ -172,11 +177,11 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t)
|
||||
{ keyid, 'k', "keyid",
|
||||
"calculate key identifiers of a key/certificate",
|
||||
{"[--in file] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]"},
|
||||
{"[--in file] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "input file, default: stdin"},
|
||||
{"type", 't', 1, "type of key, default: rsa"},
|
||||
{"type", 't', 1, "type of key, default: priv"},
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
|
@ -89,6 +89,11 @@ static int print()
|
|||
type = CRED_CERTIFICATE;
|
||||
subtype = CERT_TRUSTED_PUBKEY;
|
||||
}
|
||||
else if (streq(arg, "priv"))
|
||||
{
|
||||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_ANY;
|
||||
}
|
||||
else if (streq(arg, "rsa") ||
|
||||
streq(arg, "rsa-priv"))
|
||||
{
|
||||
|
@ -176,7 +181,7 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t)
|
||||
{ print, 'a', "print",
|
||||
"print a credential in a human readable form",
|
||||
{"[--in file] [--type x509|crl|ac|pub|rsa|ecdsa|bliss]"},
|
||||
{"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|bliss]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "input file, default: stdin"},
|
||||
|
|
|
@ -28,7 +28,7 @@ static int pub()
|
|||
{
|
||||
cred_encoding_type_t form = PUBKEY_SPKI_ASN1_DER;
|
||||
credential_type_t type = CRED_PRIVATE_KEY;
|
||||
int subtype = KEY_RSA;
|
||||
int subtype = KEY_ANY;
|
||||
certificate_t *cert;
|
||||
private_key_t *private;
|
||||
public_key_t *public;
|
||||
|
@ -59,6 +59,11 @@ static int pub()
|
|||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_BLISS;
|
||||
}
|
||||
else if (streq(arg, "priv"))
|
||||
{
|
||||
type = CRED_PRIVATE_KEY;
|
||||
subtype = KEY_ANY;
|
||||
}
|
||||
else if (streq(arg, "pub"))
|
||||
{
|
||||
type = CRED_PUBLIC_KEY;
|
||||
|
@ -189,13 +194,13 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t) {
|
||||
pub, 'p', "pub",
|
||||
"extract the public key from a private key/certificate",
|
||||
{"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]",
|
||||
{"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv|pub|pkcs10|x509]",
|
||||
"[--outform der|pem|dnskey|sshkey]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "input file, default: stdin"},
|
||||
{"keyid", 'x', 1, "keyid on smartcard of private key"},
|
||||
{"type", 't', 1, "type of credential, default: rsa"},
|
||||
{"type", 't', 1, "type of credential, default: priv"},
|
||||
{"outform", 'f', 1, "encoding of extracted public key, default: der"},
|
||||
}
|
||||
});
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
static int req()
|
||||
{
|
||||
cred_encoding_type_t form = CERT_ASN1_DER;
|
||||
key_type_t type = KEY_RSA;
|
||||
key_type_t type = KEY_ANY;
|
||||
hash_algorithm_t digest = HASH_UNKNOWN;
|
||||
certificate_t *cert = NULL;
|
||||
private_key_t *private = NULL;
|
||||
|
@ -62,6 +62,10 @@ static int req()
|
|||
{
|
||||
type = KEY_BLISS;
|
||||
}
|
||||
else if (streq(arg, "priv"))
|
||||
{
|
||||
type = KEY_ANY;
|
||||
}
|
||||
else
|
||||
{
|
||||
error = "invalid input type";
|
||||
|
@ -194,14 +198,14 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t) {
|
||||
req, 'r', "req",
|
||||
"create a PKCS#10 certificate request",
|
||||
{" [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
|
||||
{" [--in file] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name",
|
||||
"[--san subjectAltName]+ [--password challengePassword]",
|
||||
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
|
||||
"[--outform der|pem]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "private key input file, default: stdin"},
|
||||
{"type", 't', 1, "type of input key, default: rsa"},
|
||||
{"type", 't', 1, "type of input key, default: priv"},
|
||||
{"dn", 'd', 1, "subject distinguished name"},
|
||||
{"san", 'a', 1, "subjectAltName to include in cert request"},
|
||||
{"password",'p', 1, "challengePassword to include in cert request"},
|
||||
|
|
|
@ -94,6 +94,10 @@ static int self()
|
|||
{
|
||||
type = KEY_BLISS;
|
||||
}
|
||||
else if (streq(arg, "priv"))
|
||||
{
|
||||
type = KEY_ANY;
|
||||
}
|
||||
else
|
||||
{
|
||||
error = "invalid input type";
|
||||
|
@ -417,7 +421,7 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t) {
|
||||
self, 's', "self",
|
||||
"create a self signed certificate",
|
||||
{" [--in file|--keyid hex] [--type rsa|ecdsa|bliss]",
|
||||
{" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]",
|
||||
" --dn distinguished-name [--san subjectAltName]+",
|
||||
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
|
||||
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
|
||||
|
@ -431,7 +435,7 @@ static void __attribute__ ((constructor))reg()
|
|||
{"help", 'h', 0, "show usage information"},
|
||||
{"in", 'i', 1, "private key input file, default: stdin"},
|
||||
{"keyid", 'x', 1, "keyid on smartcard of private key"},
|
||||
{"type", 't', 1, "type of input key, default: rsa"},
|
||||
{"type", 't', 1, "type of input key, default: priv"},
|
||||
{"dn", 'd', 1, "subject and issuer distinguished name"},
|
||||
{"san", 'a', 1, "subjectAltName to include in certificate"},
|
||||
{"lifetime", 'l', 1, "days the certificate is valid, default: 1095"},
|
||||
|
|
|
@ -67,9 +67,10 @@ Public key or PKCS#10 certificate request file to issue. If not given the
|
|||
key/request is read from \fISTDIN\fR.
|
||||
.TP
|
||||
.BI "\-t, \-\-type " type
|
||||
Type of the input. One of \fIpub\fR (public key), \fIrsa\fR (RSA private key),
|
||||
\fIecdsa\fR (ECDSA private key), or \fIpkcs10\fR (PKCS#10 certificate request),
|
||||
defaults to \fIpub\fR.
|
||||
Type of the input. One of \fIpub\fR (public key), \fIpriv\fR (private key),
|
||||
\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
|
||||
private key) or \fIpkcs10\fR (PKCS#10 certificate request), defaults to
|
||||
\fIpub\fR.
|
||||
.TP
|
||||
.BI "\-k, \-\-cakey " file
|
||||
CA private key file. Either this or
|
||||
|
|
|
@ -44,10 +44,10 @@ Read command line options from \fIfile\fR.
|
|||
Input file. If not given the input is read from \fISTDIN\fR.
|
||||
.TP
|
||||
.BI "\-t, \-\-type " type
|
||||
Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
|
||||
private key), \fIbliss\fR (BLISS private key), \fIpub\fR (public key),
|
||||
\fIpkcs10\fR (PKCS#10 certificate request), \fIx509\fR (X.509 certificate),
|
||||
defaults to \fIrsa\fR.
|
||||
Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
|
||||
\fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS private key),
|
||||
\fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate request),
|
||||
\fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
|
||||
.
|
||||
.SH "EXAMPLES"
|
||||
.
|
||||
|
|
|
@ -46,8 +46,9 @@ Input file. If not given the input is read from \fISTDIN\fR.
|
|||
.BI "\-t, \-\-type " type
|
||||
Type of input. One of \fIx509\fR (X.509 certificate), \fIcrl\fR (Certificate
|
||||
Revocation List, CRL), \fIac\fR (Attribute Certificate), \fIpub\fR (public key),
|
||||
\fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS
|
||||
private key), defaults to \fIx509\fR.
|
||||
\fpriv\fR (private key), \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA private
|
||||
key), \fIbliss\fR (BLISS private key), \fIpriv\fR (private key), defaults to
|
||||
\fIx509\fR.
|
||||
.
|
||||
.SH "SEE ALSO"
|
||||
.
|
||||
|
|
|
@ -47,10 +47,9 @@ Read command line options from \fIfile\fR.
|
|||
Input file. If not given the input is read from \fISTDIN\fR.
|
||||
.TP
|
||||
.BI "\-t, \-\-type " type
|
||||
Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
|
||||
private key), \fIpub\fR (public key),
|
||||
\fIpkcs10\fR (PKCS#10 certificate request), or \fIx509\fR (X.509 certificate),
|
||||
defaults to \fIrsa\fR.
|
||||
Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
|
||||
\fIecdsa\fR (ECDSA private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10
|
||||
certificate request), or \fIx509\fR (X.509 certificate), defaults to \fIpriv\fR.
|
||||
.TP
|
||||
.BI "\-f, \-\-outform " encoding
|
||||
Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR
|
||||
|
|
|
@ -49,7 +49,8 @@ Read command line options from \fIfile\fR.
|
|||
Private key input file. If not given the key is read from \fISTDIN\fR.
|
||||
.TP
|
||||
.BI "\-t, \-\-type " type
|
||||
Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
|
||||
Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
|
||||
defaults to \fIpriv\fR.
|
||||
.TP
|
||||
.BI "\-d, \-\-dn " distinguished-name
|
||||
Subject distinguished name (DN). Required.
|
||||
|
|
|
@ -68,7 +68,8 @@ Private key input file. If not given the key is read from \fISTDIN\fR.
|
|||
Key ID of a private key on a smartcard.
|
||||
.TP
|
||||
.BI "\-t, \-\-type " type
|
||||
Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
|
||||
Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR or \fIbliss\fR,
|
||||
defaults to \fIpriv\fR.
|
||||
.TP
|
||||
.BI "\-d, \-\-dn " distinguished-name
|
||||
Subject and issuer distinguished name (DN). Required.
|
||||
|
|
Loading…
Reference in New Issue