This adds support for ed25519 keys for the following options
* create-private
* create-public
* sign-input
* verify-input
The format of the private key is purely PEM format and may change. But
as I did not find any documentation on that topic yet, I will keep it as
it is for the moment.
This commit changes to API a bit. The following renames were done:
* csr-path => csr
* ca => is-ca
The following option was added
* ca
With that option it is now possible to add a certificate to sign the
newly created certificate.
This adds the extended key usage and makes the certificates useable in
the wild.
The only thing missing are the CRL distribution points and the policy
identifiers. These will get added after the code in flags.go is cleaned
up. At the moment, it is far too messy.
Yes, I know that this breaks the history search, but it had to be done
sooner or later. I also adjusted my editor to follow the guidelines more
closely.
This adds the start and end date flags for certificate generation and
also a flag to define, if the resulting certificate should be a CA or
not.
Next step in the implementation is to define the key usages.
This is a small command flag parser hacked away in a couple hours. It is
built after cobra (https://github.com/spf13/cobra), but with some small
details changed.
Instead of breaking with the go flag API (single and double dashes) this
uses the golang flags package. This means, that single character flags
do not work, but in this case it wouldn't make much sense to replace
long clear argument names with short nothing saying arguments (-p for
--private-key or --public-key?).
This should definitely help with the help and error messages.
The hole certificate sign request and certificate creation process was
pulled into pki, which made pkictl a bit smaller in code.
There are still some things missing, but the initial support for
certificates is done!
This adds finally a way to create certificate sign requests. There are
still some options missing, but it is coming together.
With the next step, the ccertificate data container will probably be put
into the pki library.
This commit adds back the possibility to verify a message through a
public key and a signature. It works a little bit different than before
as it always prints the base64 version, but it makes it easier to use.
This changes the error message so that not the program help is printed
but instead the specific submenu help. This should result in much faster
and better understanding of the problematic situation.
This is a major rebuilding of the CLI. The library part is split out
into pkilib and the cli handles only the communication with the user,
I/O and the library.
The API will still look the same, but the code should be much better to
grasp. Instead of repeating everything, more will be grouped together
and reused.