diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-03-02 20:30:24 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-03-02 20:30:24 +0100 |
| commit | 2da6a5f5419fae0b445136de2173e2fa9c5ba306 (patch) | |
| tree | 91e3f35d29aa830511da3bd553b90cb83fae42c0 | |
| parent | 3fb68ac211578ec2c5125f7a89df05ab3b7f10cb (diff) | |
| download | strongswan-2da6a5f5419fae0b445136de2173e2fa9c5ba306.tar.bz2 strongswan-2da6a5f5419fae0b445136de2173e2fa9c5ba306.tar.xz | |
Add keyid of smartcard or TPM private key as an argument to pki --req
| -rw-r--r-- | src/pki/commands/req.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index 23d07a28d..e0ab213ea 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -34,7 +34,7 @@ static int req() hash_algorithm_t digest = HASH_UNKNOWN; certificate_t *cert = NULL; private_key_t *private = NULL; - char *file = NULL, *dn = NULL, *error = NULL; + char *file = NULL, *keyid = NULL, *dn = NULL, *error = NULL; identification_t *id = NULL; linked_list_t *san; chunk_t encoding = chunk_empty; @@ -98,6 +98,9 @@ static int req() goto usage; } continue; + case 'x': + keyid = arg; + continue; case EOF: break; default: @@ -123,6 +126,15 @@ static int req() private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, BUILD_FROM_FILE, file, BUILD_END); } + else if (keyid) + { + chunk_t chunk; + + chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL); + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + BUILD_PKCS11_KEYID, chunk, BUILD_END); + free(chunk.ptr); + } else { chunk_t chunk; @@ -198,13 +210,14 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { req, 'r', "req", "create a PKCS#10 certificate request", - {" [--in file] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name", + {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name", "[--san subjectAltName]+ [--password challengePassword]", "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "private key input file, default: stdin"}, + {"keyid", 'x', 1, "keyid on smartcard of private key"}, {"type", 't', 1, "type of input key, default: priv"}, {"dn", 'd', 1, "subject distinguished name"}, {"san", 'a', 1, "subjectAltName to include in cert request"}, |