| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | pki: Choose default digest based on the signature key | Tobias Brunner | 2015-03-23 | 5 | -10/+30 |
| | | |||||
| * | pki: Use SHA-256 as default for signatures | Tobias Brunner | 2015-03-23 | 5 | -50/+10 |
| | | | | | | | Since the BLISS private key supports this we don't do any special handling anymore (if the user choses a digest that is not supported, signing will simply fail later because no signature scheme will be found). | ||||
| * | Allow SHA256 and SHA384 data hash for BLISS signatures. | Andreas Steffen | 2015-02-26 | 7 | -16/+36 |
| | | | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle. | ||||
| * | pki: Document correct output formats for --pkcs12 --export | Tobias Brunner | 2014-12-19 | 1 | -2/+2 |
| | | |||||
| * | pki: Properly clean up if output format for --pkcs12 is wrong | Tobias Brunner | 2014-12-19 | 1 | -0/+2 |
| | | |||||
| * | pki: Add command to export certificates and keys from PKCS#12 containers | Tobias Brunner | 2014-12-12 | 1 | -9/+101 |
| | | |||||
| * | pki: Reformat PKCS#12 output and add an index for each certificate/key | Tobias Brunner | 2014-12-12 | 1 | -11/+14 |
| | | |||||
| * | pki: Add simple PKCS#12 display command | Tobias Brunner | 2014-12-12 | 1 | -0/+150 |
| | | |||||
| * | Implemented full BLISS support for IKEv2 public key authentication and the ↵ | Andreas Steffen | 2014-11-29 | 6 | -3/+37 |
| | | | | | pki tool | ||||
| * | Started implementing BLISS signature generation | Andreas Steffen | 2014-11-29 | 1 | -2/+8 |
| | | |||||
| * | Store and parse BLISS private and public keys in DER and PEM format | Andreas Steffen | 2014-11-29 | 2 | -4/+17 |
| | | | | | | | | | Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey and subjectPublicKeyInfo objects. Some basic functions used by the bliss_public_key class are shared with the bliss_private_key class. | ||||
| * | Created framework for BLISS post-quantum signature algorithm | Andreas Steffen | 2014-11-29 | 1 | -3/+11 |
| | | |||||
| * | pki: Print and document the name constraint type for DNS or email constraints | Martin Willi | 2014-10-30 | 1 | -2/+18 |
| | | | | | | As email constraints may be for a specific host, it is not clear from the name itself if it is a DNS or email constraint. | ||||
| * | pki: Support complex trustchain and revocation checking in --verify | Martin Willi | 2014-06-04 | 1 | -48/+86 |
| | | |||||
| * | pki: Switch to binary mode on Windows when reading/writing DER to FDs | Martin Willi | 2014-06-04 | 11 | -1/+16 |
| | | |||||
| * | enum: Return boolean result for enum_from_name() lookup | Martin Willi | 2014-05-16 | 5 | -10/+5 |
| | | | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned. | ||||
| * | pki: Fix memory leak when printing unknown AC group OIDs | Tobias Brunner | 2014-04-09 | 1 | -0/+1 |
| | | |||||
| * | pki: Removed extra continue statement | Tobias Brunner | 2014-04-09 | 1 | -1/+0 |
| | | |||||
| * | Added support for msSmartcardLogon EKU | Andreas Steffen | 2014-04-08 | 3 | -2/+14 |
| | | |||||
| * | pki: Support absolute --this/next-update CRL lifetimes | Martin Willi | 2014-03-31 | 1 | -6/+22 |
| | | |||||
| * | pki: Support absolute --not-before/after issued certificate lifetimes | Martin Willi | 2014-03-31 | 1 | -6/+21 |
| | | |||||
| * | pki: Support absolute --not-before/after self-signed certificate lifetimes | Martin Willi | 2014-03-31 | 1 | -5/+22 |
| | | |||||
| * | pki: Support absolute --not-before/after acert lifetimes | Martin Willi | 2014-03-31 | 1 | -7/+26 |
| | | |||||
| * | pki: Implement an acert command to issue attribute certificates | Martin Willi | 2014-03-31 | 1 | -0/+273 |
| | | |||||
| * | pki: Support printing attribute certificates | Martin Willi | 2014-03-31 | 1 | -1/+89 |
| | | |||||
| * | pki: Don't generate negative random serial numbers in X.509 certificates | Martin Willi | 2014-03-31 | 2 | -0/+2 |
| | | | | | According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers. | ||||
| * | pki: Fix minor resource leak on failure to read the private key in --req5.1.2rc2 | Tobias Brunner | 2014-02-18 | 1 | -1/+2 |
| | | |||||
| * | chunk: Use dynamically allocated buffer in chunk_from_fd() | Martin Willi | 2014-01-23 | 7 | -11/+53 |
| | | | | | | | | | When acting on files, we can use fstat() to estimate the buffer size. On non-file FDs, we dynamically increase an allocated buffer. Additionally we slightly change the function signature to properly handle zero-length files and add appropriate unit tests. | ||||
| * | pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB | Tobias Brunner | 2013-10-23 | 7 | -10/+42 |
| | | | | | This allows more than one builder to try parsing the data read from STDIN. | ||||
| * | pki: --pub also accepts public keys (i.e. to convert them to a different format) | Tobias Brunner | 2013-09-13 | 1 | -1/+15 |
| | | |||||
| * | pki: Add support to encode public keys in SSH key format | Tobias Brunner | 2013-09-13 | 1 | -1/+1 |
| | | |||||
| * | pki: Add pki --verify man page | Tobias Brunner | 2013-09-13 | 1 | -2/+1 |
| | | |||||
| * | pki: Add pki --pub man page | Tobias Brunner | 2013-09-13 | 1 | -2/+2 |
| | | |||||
| * | pki: Add pki --pkcs7 man page | Tobias Brunner | 2013-09-13 | 1 | -4/+4 |
| | | |||||
| * | pki: Add pki --req man page | Tobias Brunner | 2013-09-13 | 1 | -3/+2 |
| | | |||||
| * | pki: Add pki --signcrl man page | Tobias Brunner | 2013-09-13 | 1 | -6/+6 |
| | | |||||
| * | pki: Add pki --issue man page | Tobias Brunner | 2013-09-13 | 1 | -6/+6 |
| | | |||||
| * | pki: Add pki --self man page | Tobias Brunner | 2013-09-13 | 1 | -2/+2 |
| | | | | | Can be opened with "man pki --self". | ||||
| * | pki: Add pki --gen man page | Tobias Brunner | 2013-09-13 | 1 | -2/+2 |
| | | | | | Can be opened with "man pki --gen". | ||||
| * | Encode RSA public keys in RFC 3110 DNSKEY format | Andreas Steffen | 2013-02-19 | 1 | -1/+1 |
| | | |||||
| * | Properly read data from stream in pki --pkcs7 | Tobias Brunner | 2013-01-24 | 1 | -6/+9 |
| | | |||||
| * | Properly destroy mem_cred object on pki --pkcs7 --help | Tobias Brunner | 2013-01-24 | 1 | -0/+1 |
| | | |||||
| * | Allocate data returned by pkcs7_t.get_attribute() | Martin Willi | 2012-12-19 | 1 | -0/+1 |
| | | |||||
| * | Add a --show option to pki --pkcs7 to print contained certificates | Martin Willi | 2012-12-19 | 1 | -1/+50 |
| | | |||||
| * | pki --pkcs7 --verify shows prints the signing time, if available | Martin Willi | 2012-12-19 | 1 | -1/+17 |
| | | |||||
| * | Fix leak in pki --pkcs7 --decrypt | Martin Willi | 2012-12-19 | 1 | -0/+1 |
| | | |||||
| * | Add a pki command to sign, verify, encrypt and decrypt PKCS#7 containers | Martin Willi | 2012-12-19 | 1 | -0/+391 |
| | | |||||
| * | allow the optional sharing if RSA private keys | Andreas Steffen | 2012-11-22 | 1 | -3/+31 |
| | | |||||
| * | implemented generation of safe primes | Andreas Steffen | 2012-11-18 | 1 | -7/+20 |
| | | |||||
| * | Moved debug.[ch] to utils folder | Tobias Brunner | 2012-10-24 | 2 | -2/+2 |
| | | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |