diff --git a/flags.go b/flags.go index a78cd56..b93c156 100644 --- a/flags.go +++ b/flags.go @@ -21,14 +21,7 @@ import ( "github.com/gibheer/pki" ) -const ( - RsaLowerLength = 2048 - RsaUpperLength = 16384 -) - var ( - // the possible ecdsa curves allowed to be used - EcdsaCurves = []int{224, 256, 384, 521} // the possible valid key usages to check against the commandline ValidKeyUsages = map[string]x509.KeyUsage{ "digitalsignature": x509.KeyUsageDigitalSignature, @@ -94,12 +87,6 @@ type ( certificatePath string // path to a certificate } - privateKeyGenerationFlags struct { - Type string // type of the private key (rsa, ecdsa) - Curve elliptic.Curve // curve for ecdsa - Size int // bitsize for rsa - } - certGenerationRaw struct { serial int64 notBefore string @@ -121,14 +108,6 @@ var ( certificate requests and certificates and sign/verify messages.`, } - CmdCreatePrivateKey = &Command{ - Use: "create-private", - Short: "create a private key", - Long: "Create an ecdsa or rsa key with this command", - Example: "create-private -type=ecdsa -length=521", - Run: create_private_key, - } - CmdCreatePublicKey = &Command{ Use: "create-public", Short: "create a public key from a private key", @@ -182,8 +161,6 @@ certificate requests and certificates and sign/verify messages.`, FlagOutput io.WriteCloser // signature from the args FlagSignature []byte - // private key specific stuff - FlagPrivateKeyGeneration privateKeyGenerationFlags // a certificate filled with the parameters FlagCertificateRequestData *pki.CertificateData // the certificate sign request @@ -238,39 +215,6 @@ func checkFlags(checks ...flagCheck) error { return nil } -//// print a message with the usage part -//func (f *Flags) Usagef(message string, args ...interface{}) { -// fmt.Fprintf(os.Stderr, "error: " + message + "\n", args...) -// f.flagset.Flags().Usage() -//} - -// add the private key option to the requested flags -func InitFlagPrivateKey(cmd *Command) { - cmd.Flags().StringVar(&flagContainer.privateKeyPath, "private-key", "", "path to the private key (required)") -} - -// check the private key flag and load the private key -func checkPrivateKey() error { - if flagContainer.privateKeyPath == "" { - return fmt.Errorf("No private key given!") - } - // check permissions of private key file - info, err := os.Stat(flagContainer.privateKeyPath) - if err != nil { - return fmt.Errorf("Error reading private key: %s", err) - } - if info.Mode().Perm().String()[4:] != "------" { - return fmt.Errorf("private key file modifyable by others!") - } - - pk, err := ReadPrivateKeyFile(flagContainer.privateKeyPath) - if err != nil { - return fmt.Errorf("Error reading private key: %s", err) - } - FlagPrivateKey = pk - return nil -} - // add the public key flag func InitFlagPublicKey(cmd *Command) { cmd.Flags().StringVar(&flagContainer.publicKeyPath, "public-key", "", "path to the public key (required)") @@ -454,47 +398,6 @@ func checkInput() error { return nil } -// This function adds the private key generation flags. -func InitFlagPrivateKeyGeneration(cmd *Command) { - cmd.Flags().StringVar(&flagContainer.cryptType, "type", "ecdsa", "the type of the private key (ecdsa, rsa)") - cmd.Flags().IntVar( - &flagContainer.length, - "length", 521, - fmt.Sprintf("%d - %d for rsa; one of %v for ecdsa", RsaLowerLength, RsaUpperLength, EcdsaCurves), - ) -} - -// check the private key generation variables and move them to the work space -func checkPrivateKeyGeneration() error { - pk_type := flagContainer.cryptType - FlagPrivateKeyGeneration.Type = pk_type - switch pk_type { - case "ecdsa": - switch flagContainer.length { - case 224: - FlagPrivateKeyGeneration.Curve = elliptic.P224() - case 256: - FlagPrivateKeyGeneration.Curve = elliptic.P256() - case 384: - FlagPrivateKeyGeneration.Curve = elliptic.P384() - case 521: - FlagPrivateKeyGeneration.Curve = elliptic.P521() - default: - return fmt.Errorf("Curve %d unknown!", flagContainer.length) - } - case "rsa": - size := flagContainer.length - if RsaLowerLength <= size && size <= RsaUpperLength { - FlagPrivateKeyGeneration.Size = size - } else { - return fmt.Errorf("Length of %d is not allowed for rsa!", size) - } - default: - return fmt.Errorf("Type %s is unknown!", pk_type) - } - return nil -} - // add the signature flag to load a signature from a signing process func InitFlagSignature(cmd *Command) { cmd.Flags().StringVar(&flagContainer.signature, "signature", "", "the base64 encoded signature to use for verification") diff --git a/main.go b/main.go index fff9e4d..a4eec3f 100644 --- a/main.go +++ b/main.go @@ -26,35 +26,6 @@ func main() { CmdRoot.Execute() } -// create a new private key -func create_private_key(cmd *Command, args []string) { - err := checkFlags(checkOutput, checkPrivateKeyGeneration) - if err != nil { - crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err) - } - - var pk pki.Pemmer - switch FlagPrivateKeyGeneration.Type { - case "ecdsa": - pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve) - case "rsa": - pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size) - default: - crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type) - } - if err != nil { - crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err) - } - marsh_pem, err := pk.MarshalPem() - if err != nil { - crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err) - } - _, err = marsh_pem.WriteTo(FlagOutput) - if err != nil { - crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err) - } -} - // create a public key derived from a private key func create_public_key(cmd *Command, args []string) { err := checkFlags(checkPrivateKey, checkOutput) diff --git a/private_key.go b/private_key.go index 4996f5e..335023e 100644 --- a/private_key.go +++ b/private_key.go @@ -5,12 +5,138 @@ import ( "github.com/gibheer/pki" ) +const ( + RsaLowerLength = 2048 + RsaUpperLength = 16384 +) + var ( + // error messages ErrNoPKFound = errors.New("no private key found") ErrNoPUFound = errors.New("no public key found") ErrUnknownFormat = errors.New("key is an unknown format") + + // the possible ecdsa curves allowed to be used + EcdsaCurves = []int{224, 256, 384, 521} + + // Command to create a private key + CmdCreatePrivateKey = &Command{ + Use: "create-private", + Short: "create a private key", + Long: "Create an ecdsa or rsa key with this command", + Example: "create-private -type=ecdsa -length=521", + Run: create_private_key, + } + // private key specific stuff + FlagPrivateKeyGeneration privateKeyGenerationFlags ) +type ( + // The flags specific to create a private key + privateKeyGenerationFlags struct { + Type string // type of the private key (rsa, ecdsa) + Curve elliptic.Curve // curve for ecdsa + Size int // bitsize for rsa + } +) + +// create a new private key +func create_private_key(cmd *Command, args []string) { + err := checkFlags(checkOutput, checkPrivateKeyGeneration) + if err != nil { + crash_with_help(cmd, ErrorFlagInput, "Flags invalid: %s", err) + } + + var pk pki.Pemmer + switch FlagPrivateKeyGeneration.Type { + case "ecdsa": + pk, err = pki.NewPrivateKeyEcdsa(FlagPrivateKeyGeneration.Curve) + case "rsa": + pk, err = pki.NewPrivateKeyRsa(FlagPrivateKeyGeneration.Size) + default: + crash_with_help(cmd, ErrorInput, "Unknown private key type '%s'", FlagPrivateKeyGeneration.Type) + } + if err != nil { + crash_with_help(cmd, ErrorProgram, "Error creating private key: %s", err) + } + marsh_pem, err := pk.MarshalPem() + if err != nil { + crash_with_help(cmd, ErrorProgram, "Error when marshalling to pem: %s", err) + } + _, err = marsh_pem.WriteTo(FlagOutput) + if err != nil { + crash_with_help(cmd, ErrorProgram, "Error when writing output: %s", err) + } +} + +// This function adds the private key generation flags. +func InitFlagPrivateKeyGeneration(cmd *Command) { + cmd.Flags().StringVar(&flagContainer.cryptType, "type", "ecdsa", "the type of the private key (ecdsa, rsa)") + cmd.Flags().IntVar( + &flagContainer.length, + "length", 521, + fmt.Sprintf("%d - %d for rsa; one of %v for ecdsa", RsaLowerLength, RsaUpperLength, EcdsaCurves), + ) +} + +// check the private key generation variables and move them to the work space +func checkPrivateKeyGeneration() error { + pk_type := flagContainer.cryptType + FlagPrivateKeyGeneration.Type = pk_type + switch pk_type { + case "ecdsa": + switch flagContainer.length { + case 224: + FlagPrivateKeyGeneration.Curve = elliptic.P224() + case 256: + FlagPrivateKeyGeneration.Curve = elliptic.P256() + case 384: + FlagPrivateKeyGeneration.Curve = elliptic.P384() + case 521: + FlagPrivateKeyGeneration.Curve = elliptic.P521() + default: + return fmt.Errorf("Curve %d unknown!", flagContainer.length) + } + case "rsa": + size := flagContainer.length + if RsaLowerLength <= size && size <= RsaUpperLength { + FlagPrivateKeyGeneration.Size = size + } else { + return fmt.Errorf("Length of %d is not allowed for rsa!", size) + } + default: + return fmt.Errorf("Type %s is unknown!", pk_type) + } + return nil +} + +// add the private key option to the requested flags +func InitFlagPrivateKey(cmd *Command) { + cmd.Flags().StringVar(&flagContainer.privateKeyPath, "private-key", "", "path to the private key (required)") +} + +// check the private key flag and load the private key +func checkPrivateKey() error { + if flagContainer.privateKeyPath == "" { + return fmt.Errorf("No private key given!") + } + // check permissions of private key file + info, err := os.Stat(flagContainer.privateKeyPath) + if err != nil { + return fmt.Errorf("Error reading private key: %s", err) + } + if info.Mode().Perm().String()[4:] != "------" { + return fmt.Errorf("private key file modifyable by others!") + } + + pk, err := ReadPrivateKeyFile(flagContainer.privateKeyPath) + if err != nil { + return fmt.Errorf("Error reading private key: %s", err) + } + FlagPrivateKey = pk + return nil +} + // Read the private key from the path and try to figure out which type of key it // might be. func ReadPrivateKeyFile(path string) (pki.PrivateKey, error) {