aboutsummaryrefslogtreecommitdiffstats
path: root/src/pki/commands
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki/commands')
-rw-r--r--src/pki/commands/issue.c7
-rw-r--r--src/pki/commands/keyid.c11
-rw-r--r--src/pki/commands/print.c7
-rw-r--r--src/pki/commands/pub.c11
-rw-r--r--src/pki/commands/req.c10
-rw-r--r--src/pki/commands/self.c8
6 files changed, 41 insertions, 13 deletions
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index fdc43d705..b15f90199 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -117,6 +117,11 @@ static int issue()
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = CRED_PRIVATE_KEY;
+ subtype = KEY_ANY;
+ }
else if (!streq(arg, "pub"))
{
error = "invalid input type";
@@ -580,7 +585,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
issue, 'i', "issue",
"issue a certificate using a CA certificate and key",
- {"[--in file] [--type pub|pkcs10|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
+ {"[--in file] [--type pub|pkcs10|priv|rsa|ecdsa|bliss] --cakey file|--cakeyid hex",
" --cacert file [--dn subject-dn] [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 5dfb3374d..f79120b31 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -26,7 +26,7 @@
static int keyid()
{
credential_type_t type = CRED_PRIVATE_KEY;
- int subtype = KEY_RSA;
+ int subtype = KEY_ANY;
certificate_t *cert;
private_key_t *private;
public_key_t *public;
@@ -60,6 +60,11 @@ static int keyid()
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = CRED_PRIVATE_KEY;
+ subtype = KEY_ANY;
+ }
else if (streq(arg, "pub"))
{
type = CRED_PUBLIC_KEY;
@@ -172,11 +177,11 @@ static void __attribute__ ((constructor))reg()
command_register((command_t)
{ keyid, 'k', "keyid",
"calculate key identifiers of a key/certificate",
- {"[--in file] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]"},
+ {"[--in file] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
- {"type", 't', 1, "type of key, default: rsa"},
+ {"type", 't', 1, "type of key, default: priv"},
}
});
}
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 9dc080fbb..8cb0a7b5d 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -89,6 +89,11 @@ static int print()
type = CRED_CERTIFICATE;
subtype = CERT_TRUSTED_PUBKEY;
}
+ else if (streq(arg, "priv"))
+ {
+ type = CRED_PRIVATE_KEY;
+ subtype = KEY_ANY;
+ }
else if (streq(arg, "rsa") ||
streq(arg, "rsa-priv"))
{
@@ -176,7 +181,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t)
{ print, 'a', "print",
"print a credential in a human readable form",
- {"[--in file] [--type x509|crl|ac|pub|rsa|ecdsa|bliss]"},
+ {"[--in file] [--type x509|crl|ac|pub|priv|rsa|ecdsa|bliss]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index ccc3c4251..1d876f6f7 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -28,7 +28,7 @@ static int pub()
{
cred_encoding_type_t form = PUBKEY_SPKI_ASN1_DER;
credential_type_t type = CRED_PRIVATE_KEY;
- int subtype = KEY_RSA;
+ int subtype = KEY_ANY;
certificate_t *cert;
private_key_t *private;
public_key_t *public;
@@ -59,6 +59,11 @@ static int pub()
type = CRED_PRIVATE_KEY;
subtype = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = CRED_PRIVATE_KEY;
+ subtype = KEY_ANY;
+ }
else if (streq(arg, "pub"))
{
type = CRED_PUBLIC_KEY;
@@ -189,13 +194,13 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
pub, 'p', "pub",
"extract the public key from a private key/certificate",
- {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|pub|pkcs10|x509]",
+ {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv|pub|pkcs10|x509]",
"[--outform der|pem|dnskey|sshkey]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
{"keyid", 'x', 1, "keyid on smartcard of private key"},
- {"type", 't', 1, "type of credential, default: rsa"},
+ {"type", 't', 1, "type of credential, default: priv"},
{"outform", 'f', 1, "encoding of extracted public key, default: der"},
}
});
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index 68d611250..23d07a28d 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -30,7 +30,7 @@
static int req()
{
cred_encoding_type_t form = CERT_ASN1_DER;
- key_type_t type = KEY_RSA;
+ key_type_t type = KEY_ANY;
hash_algorithm_t digest = HASH_UNKNOWN;
certificate_t *cert = NULL;
private_key_t *private = NULL;
@@ -62,6 +62,10 @@ static int req()
{
type = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = KEY_ANY;
+ }
else
{
error = "invalid input type";
@@ -194,14 +198,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
req, 'r', "req",
"create a PKCS#10 certificate request",
- {" [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
+ {" [--in file] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name",
"[--san subjectAltName]+ [--password challengePassword]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
"[--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "private key input file, default: stdin"},
- {"type", 't', 1, "type of input key, default: rsa"},
+ {"type", 't', 1, "type of input key, default: priv"},
{"dn", 'd', 1, "subject distinguished name"},
{"san", 'a', 1, "subjectAltName to include in cert request"},
{"password",'p', 1, "challengePassword to include in cert request"},
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index f4e83c76c..6fb7b75ae 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -94,6 +94,10 @@ static int self()
{
type = KEY_BLISS;
}
+ else if (streq(arg, "priv"))
+ {
+ type = KEY_ANY;
+ }
else
{
error = "invalid input type";
@@ -417,7 +421,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
self, 's', "self",
"create a self signed certificate",
- {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss]",
+ {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv]",
" --dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
@@ -431,7 +435,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "private key input file, default: stdin"},
{"keyid", 'x', 1, "keyid on smartcard of private key"},
- {"type", 't', 1, "type of input key, default: rsa"},
+ {"type", 't', 1, "type of input key, default: priv"},
{"dn", 'd', 1, "subject and issuer distinguished name"},
{"san", 'a', 1, "subjectAltName to include in certificate"},
{"lifetime", 'l', 1, "days the certificate is valid, default: 1095"},
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 13:56:01 +0000