| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This commit changes to API a bit. The following renames were done:
* csr-path => csr
* ca => is-ca
The following option was added
* ca
With that option it is now possible to add a certificate to sign the
newly created certificate.
|
|
With this option added, it is now possible to add crl urls to the
certificates.
|
|
I forgot to fix the imports after the split.
|
|
This moves the complicated certificate flag handling into its own file
to make it a bit easier to handle.
|
|
This moves all private key related functions out into a separate file to
get flags.go smaller.
|
|
|
|
This adds the extended key usage and makes the certificates useable in
the wild.
The only thing missing are the CRL distribution points and the policy
identifiers. These will get added after the code in flags.go is cleaned
up. At the moment, it is far too messy.
|
|
|
|
Yes, I know that this breaks the history search, but it had to be done
sooner or later. I also adjusted my editor to follow the guidelines more
closely.
|
|
This adds the start and end date flags for certificate generation and
also a flag to define, if the resulting certificate should be a CA or
not.
Next step in the implementation is to define the key usages.
|
|
When prsing the flags, instead of parsing everything given, only the
rest was parsed.
|
|
|
|
This makes it easier to distinguish between the csr data and cert data.
|
|
|
|
With this change it is now possible to provide help messages for all
commands. This will help to further cleanup and minimize the code base.
|
|
|
|
This is a small command flag parser hacked away in a couple hours. It is
built after cobra (https://github.com/spf13/cobra), but with some small
details changed.
Instead of breaking with the go flag API (single and double dashes) this
uses the golang flags package. This means, that single character flags
do not work, but in this case it wouldn't make much sense to replace
long clear argument names with short nothing saying arguments (-p for
--private-key or --public-key?).
This should definitely help with the help and error messages.
|
|
|
|
|
|
The hole certificate sign request and certificate creation process was
pulled into pki, which made pkictl a bit smaller in code.
There are still some things missing, but the initial support for
certificates is done!
|
|
This adds finally a way to create certificate sign requests. There are
still some options missing, but it is coming together.
With the next step, the ccertificate data container will probably be put
into the pki library.
|
|
|
|
This commit adds back the possibility to verify a message through a
public key and a signature. It works a little bit different than before
as it always prints the base64 version, but it makes it easier to use.
|
|
|
|
This adds again the possibility to sign messages through the API.
|
|
Activate the main help again.
|
|
When calling --help, this change prints only the usage itself. Before it
was calling the help, then continued parsing everything.
|
|
This changes the error message so that not the program help is printed
but instead the specific submenu help. This should result in much faster
and better understanding of the problematic situation.
|
|
This adds all options to create and store a public key.
|
|
|
|
|
|
This is a major rebuilding of the CLI. The library part is split out
into pkilib and the cli handles only the communication with the user,
I/O and the library.
The API will still look the same, but the code should be much better to
grasp. Instead of repeating everything, more will be grouped together
and reused.
|
|
|
|
|
|
|
|
If these options are not set, they would produce invalid values in the
resulting csr.
|
|
This adds the last missing fields of the pkix.Name and also adds a loop
which converts all fields from comma separated list to an array.
|
|
|
|
|
|
|
|
With this commit, both signing and verification get stream/file support
to read and write messages and signatures from and to files.
|
|
This way it is easier to open files for reading and writing.
|
|
|
|
With this it is possible to sign a message with a private key and verify
it with a public key.
The only problem is, that it is currently not compatible with openssl
yet.
|
|
|
|
|
|
|
|
This enables pkictl to generate public keys from private keys in the rsa
and ecdsa format.
|
|
|
