aboutsummaryrefslogtreecommitdiffstats
path: root/src/pki/commands
Commit message (Collapse)AuthorAgeFilesLines
* pki: Enable PSS padding if enabled in strongswan.confTobias Brunner2017-11-085-5/+11
|
* pki: Optionally generate RSA/PSS signaturesTobias Brunner2017-11-085-35/+102
|
* pki: Indent usage lines properly automaticallyTobias Brunner2017-11-084-9/+9
|
* pki: Properly forward digest to attribute certificate builderTobias Brunner2017-11-081-0/+1
|
* certificates: Use shared destructor for x509_cdp_tTobias Brunner2017-09-181-11/+2
|
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-261-10/+18
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* pki: Reset variable so error handling works properlyTobias Brunner2017-04-191-0/+1
| | | | | If we jump to `end` without this we crash (not necessarily visibly) due to a double free and the actual error message is not printed.
* pki: Actually make the default key type KEY_ANY for --selfTobias Brunner2017-03-241-1/+1
| | | | | Fixes: 05ccde0a8bd9 ("pki: Add generic 'priv' key type that loads any type of private key")
* pki: Add key object handle of smartcard or TPM private key as an argument to ↵Andreas Steffen2017-03-061-3/+17
| | | | pki --keyid
* pki: Edited keyid parameter use in various pki man pages and usage outputsAndreas Steffen2017-03-066-13/+14
|
* Add keyid of smartcard or TPM private key as an argument to pki --reqAndreas Steffen2017-03-021-2/+15
|
* pki: Support an --addrblock option for issued certificatesMartin Willi2017-02-271-1/+16
|
* pki: Support an --addrblock option for self-signed certificatesMartin Willi2017-02-271-0/+17
|
* Added support of EdDSA signaturesAndreas Steffen2016-12-144-8/+30
|
* pki: Don't remove zero bytes in CRL serials anymoreTobias Brunner2016-10-111-6/+7
| | | | | | This was added a few years ago because pki --signcrl once encoded serials incorrectly as eight byte blobs. But still ensure we have can handle overflows in case the serial is encoded incorrectly without zero-prefix.
* pki: Use serial of base CRL for delta CRLsTobias Brunner2016-10-111-1/+4
| | | | | According to RFC 5280 delta CRLs and complete CRLs MUST share one numbering sequence.
* pki: Add generic 'priv' key type that loads any type of private keyTobias Brunner2016-10-056-13/+41
|
* pki: Drop -priv suffix to specify private key typesTobias Brunner2016-10-052-9/+15
|
* pki: Allow to load CRLs from files in --verifyTobias Brunner2016-08-251-2/+16
|
* Standardized printing of certificate informationAndreas Steffen2015-12-111-523/+20
| | | | | | | The certificate_printer class allows the printing of certificate information to a text file (usually stdout). This class is used by the pki --print and swanctl --list-certs commands as well as by the stroke plugin.
* Support BLISS signatures with SHA-3 hashAndreas Steffen2015-11-035-5/+9
|
* pki: Add new type options to --issue command usage outputTobias Brunner2015-08-271-2/+2
|
* pki: Add --dn command to extract the subject DN of a certificateTobias Brunner2015-08-171-0/+146
|
* pki: Optionally extract public key from given private key in --issueTobias Brunner2015-08-101-4/+27
| | | | Fixes #618.
* pki: Choose default digest based on the signature keyTobias Brunner2015-03-235-10/+30
|
* pki: Use SHA-256 as default for signaturesTobias Brunner2015-03-235-50/+10
| | | | | | Since the BLISS private key supports this we don't do any special handling anymore (if the user choses a digest that is not supported, signing will simply fail later because no signature scheme will be found).
* Allow SHA256 and SHA384 data hash for BLISS signatures.Andreas Steffen2015-02-267-16/+36
| | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle.
* pki: Document correct output formats for --pkcs12 --exportTobias Brunner2014-12-191-2/+2
|
* pki: Properly clean up if output format for --pkcs12 is wrongTobias Brunner2014-12-191-0/+2
|
* pki: Add command to export certificates and keys from PKCS#12 containersTobias Brunner2014-12-121-9/+101
|
* pki: Reformat PKCS#12 output and add an index for each certificate/keyTobias Brunner2014-12-121-11/+14
|
* pki: Add simple PKCS#12 display commandTobias Brunner2014-12-121-0/+150
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-296-3/+37
| | | | pki tool
* Started implementing BLISS signature generationAndreas Steffen2014-11-291-2/+8
|
* Store and parse BLISS private and public keys in DER and PEM formatAndreas Steffen2014-11-292-4/+17
| | | | | | | | Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey and subjectPublicKeyInfo objects. Some basic functions used by the bliss_public_key class are shared with the bliss_private_key class.
* Created framework for BLISS post-quantum signature algorithmAndreas Steffen2014-11-291-3/+11
|
* pki: Print and document the name constraint type for DNS or email constraintsMartin Willi2014-10-301-2/+18
| | | | | As email constraints may be for a specific host, it is not clear from the name itself if it is a DNS or email constraint.
* pki: Support complex trustchain and revocation checking in --verifyMartin Willi2014-06-041-48/+86
|
* pki: Switch to binary mode on Windows when reading/writing DER to FDsMartin Willi2014-06-0411-1/+16
|
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-165-10/+5
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* pki: Fix memory leak when printing unknown AC group OIDsTobias Brunner2014-04-091-0/+1
|
* pki: Removed extra continue statementTobias Brunner2014-04-091-1/+0
|
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-083-2/+14
|
* pki: Support absolute --this/next-update CRL lifetimesMartin Willi2014-03-311-6/+22
|
* pki: Support absolute --not-before/after issued certificate lifetimesMartin Willi2014-03-311-6/+21
|
* pki: Support absolute --not-before/after self-signed certificate lifetimesMartin Willi2014-03-311-5/+22
|
* pki: Support absolute --not-before/after acert lifetimesMartin Willi2014-03-311-7/+26
|
* pki: Implement an acert command to issue attribute certificatesMartin Willi2014-03-311-0/+273
|
* pki: Support printing attribute certificatesMartin Willi2014-03-311-1/+89
|
* pki: Don't generate negative random serial numbers in X.509 certificatesMartin Willi2014-03-312-0/+2
| | | | According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-29 02:52:27 +0000