Age | Commit message (Collapse) | Author | Files | Lines |
|
Creating CAs requires the CALength to be set to a specific value. But
with normal certificates, 99% of the use case, this is not needed.
By setting it to -1 by default, the flag will become ignored for all
signatures apart from CAs.
|
|
This fixes an issue with generating certificates with ed25519 private
keys.
|
|
|
|
|
|
|
|
diff was never implemented
|
|
Based on #13, we need more error checking when opening files. The CA and
CSR files are now checked and return proper error messages in case
something goes wrong.
|
|
There are still some cases where the input is not correctly checked, but
it is moving forward.
|
|
|
|
This was reported to me, that it makes no sense that csr, crt and so on
are written as 0700. And even in the case of private keys, why do they
need the executable bit set?
|
|
This commit is a complete rebuild of pkictl. Before everything was all
over the place and adding new commands was kind of a hassle.
Now each command has its own file and can be adjusted on a command
basis. Options are still used by the same name, but can now use
different descriptions.
|
|
|
|
This makes the documentation in the main.go readable on the godoc.org
website and through the godoc command.
|
|
|
|
|
|
This adds support for ed25519 keys for the following options
* create-private
* create-public
* sign-input
* verify-input
The format of the private key is purely PEM format and may change. But
as I did not find any documentation on that topic yet, I will keep it as
it is for the moment.
|
|
This fixes a bug where the public key was not used to verify messages.
|
|
|
|
This commit changes to API a bit. The following renames were done:
* csr-path => csr
* ca => is-ca
The following option was added
* ca
With that option it is now possible to add a certificate to sign the
newly created certificate.
|
|
With this option added, it is now possible to add crl urls to the
certificates.
|
|
I forgot to fix the imports after the split.
|
|
This moves the complicated certificate flag handling into its own file
to make it a bit easier to handle.
|
|
This moves all private key related functions out into a separate file to
get flags.go smaller.
|
|
|
|
This adds the extended key usage and makes the certificates useable in
the wild.
The only thing missing are the CRL distribution points and the policy
identifiers. These will get added after the code in flags.go is cleaned
up. At the moment, it is far too messy.
|
|
|
|
Yes, I know that this breaks the history search, but it had to be done
sooner or later. I also adjusted my editor to follow the guidelines more
closely.
|
|
This adds the start and end date flags for certificate generation and
also a flag to define, if the resulting certificate should be a CA or
not.
Next step in the implementation is to define the key usages.
|
|
When prsing the flags, instead of parsing everything given, only the
rest was parsed.
|
|
|
|
This makes it easier to distinguish between the csr data and cert data.
|
|
|
|
With this change it is now possible to provide help messages for all
commands. This will help to further cleanup and minimize the code base.
|
|
|
|
This is a small command flag parser hacked away in a couple hours. It is
built after cobra (https://github.com/spf13/cobra), but with some small
details changed.
Instead of breaking with the go flag API (single and double dashes) this
uses the golang flags package. This means, that single character flags
do not work, but in this case it wouldn't make much sense to replace
long clear argument names with short nothing saying arguments (-p for
--private-key or --public-key?).
This should definitely help with the help and error messages.
|
|
|
|
|
|
The hole certificate sign request and certificate creation process was
pulled into pki, which made pkictl a bit smaller in code.
There are still some things missing, but the initial support for
certificates is done!
|
|
This adds finally a way to create certificate sign requests. There are
still some options missing, but it is coming together.
With the next step, the ccertificate data container will probably be put
into the pki library.
|
|
|
|
This commit adds back the possibility to verify a message through a
public key and a signature. It works a little bit different than before
as it always prints the base64 version, but it makes it easier to use.
|
|
|
|
This adds again the possibility to sign messages through the API.
|
|
Activate the main help again.
|
|
When calling --help, this change prints only the usage itself. Before it
was calling the help, then continued parsing everything.
|
|
This changes the error message so that not the program help is printed
but instead the specific submenu help. This should result in much faster
and better understanding of the problematic situation.
|
|
This adds all options to create and store a public key.
|
|
|
|
|
|
This is a major rebuilding of the CLI. The library part is split out
into pkilib and the cli handles only the communication with the user,
I/O and the library.
The API will still look the same, but the code should be much better to
grasp. Instead of repeating everything, more will be grouped together
and reused.
|