From d01892150eed9d58210eb40b7c005d5fa8e93238 Mon Sep 17 00:00:00 2001 From: Gibheer Date: Sat, 1 Oct 2016 21:56:29 +0200 Subject: rework program flow This commit is a complete rebuild of pkictl. Before everything was all over the place and adding new commands was kind of a hassle. Now each command has its own file and can be adjusted on a command basis. Options are still used by the same name, but can now use different descriptions. --- create_private_key.go | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 create_private_key.go (limited to 'create_private_key.go') diff --git a/create_private_key.go b/create_private_key.go new file mode 100644 index 0000000..c13889f --- /dev/null +++ b/create_private_key.go @@ -0,0 +1,80 @@ +package main + +import ( + "crypto/elliptic" + "flag" + "fmt" + "io" + "os" + + "github.com/gibheer/pki" +) + +const ( + // Lower boundary limit for RSA private keys + RsaLowerLength = 1024 + // Upper boundary limit for RSA private keys + RsaUpperLength = 65536 +) + +var ( + // the possible ecdsa curves allowed to be used + ecdsaCurves = map[uint]elliptic.Curve{ + 224: elliptic.P224(), + 256: elliptic.P256(), + 384: elliptic.P384(), + 521: elliptic.P521(), + } +) + +func CreatePrivateKey(args []string) error { + fs := flag.NewFlagSet("pkiadm create-private-key", flag.ExitOnError) + fs.Usage = func() { + fmt.Fprintf(os.Stderr, "The length depends on the key type. Possible values are:\n") + fmt.Fprintf(os.Stderr, " * ed25519 - 256\n") + fmt.Fprintf(os.Stderr, " * ecdsa - 224, 256, 384, 521\n") + fmt.Fprintf(os.Stderr, " * rsa - from %d up to %d\n", RsaLowerLength, RsaUpperLength) + fmt.Fprintf(os.Stderr, "Usage of %s %s:\n", COMMAND, "create-private") + fs.PrintDefaults() + } + flagType := fs.String("type", "ed25519", "the type of the private key (ed25519, ecdsa, rsa)") + flagLength := fs.Uint("length", 256, "the bit length for the private key") + flagOutput := fs.String("output", "stdout", "write private key to file") + fs.Parse(args) + + var err error + var out io.WriteCloser + if *flagOutput == "stdout" { + out = os.Stdout + } else { + out, err = os.OpenFile(*flagOutput, os.O_WRONLY|os.O_CREATE|os.O_EXCL|os.O_SYNC, 0700) + if err != nil { + return err + } + } + defer out.Close() + + var pk pki.Pemmer + switch *flagType { + case "ed25519": + if *flagLength != 256 { + return fmt.Errorf("ed25519 only supports bit length of 256") + } + pk, err = pki.NewPrivateKeyEd25519() + case "ecdsa": + if curve, found := ecdsaCurves[*flagLength]; !found { + return fmt.Errorf("unknown bit length for ecdsa") + } else { + pk, err = pki.NewPrivateKeyEcdsa(curve) + } + case "rsa": + if RsaLowerLength > *flagLength || *flagLength > RsaUpperLength { + return fmt.Errorf("bit length outside of range for rsa") + } + pk, err = pki.NewPrivateKeyRsa(int(*flagLength)) + default: + return fmt.Errorf("unknown private key type") + } + + return writePem(pk, out) +} -- cgit v1.2.3-70-g09d2