aboutsummaryrefslogtreecommitdiffstats
path: root/src/pki
Commit message (Collapse)AuthorAgeFilesLines
* pki: Choose default digest based on the signature keyTobias Brunner2015-03-2312-20/+69
|
* pki: Use SHA-256 as default for signaturesTobias Brunner2015-03-2310-55/+15
| | | | | | Since the BLISS private key supports this we don't do any special handling anymore (if the user choses a digest that is not supported, signing will simply fail later because no signature scheme will be found).
* Allow SHA256 and SHA384 data hash for BLISS signatures.Andreas Steffen2015-02-267-16/+36
| | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle.
* pki: Document correct output formats for --pkcs12 --exportTobias Brunner2014-12-191-2/+2
|
* pki: Properly clean up if output format for --pkcs12 is wrongTobias Brunner2014-12-191-0/+2
|
* pki: Add command to export certificates and keys from PKCS#12 containersTobias Brunner2014-12-122-9/+112
|
* pki: Reformat PKCS#12 output and add an index for each certificate/keyTobias Brunner2014-12-122-14/+17
|
* pki: Add simple PKCS#12 display commandTobias Brunner2014-12-124-1/+203
|
* pki: Cache entered secrets in case they are needed more than onceTobias Brunner2014-12-121-2/+23
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-296-3/+37
| | | | pki tool
* Started implementing BLISS signature generationAndreas Steffen2014-11-291-2/+8
|
* Store and parse BLISS private and public keys in DER and PEM formatAndreas Steffen2014-11-292-4/+17
| | | | | | | | Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey and subjectPublicKeyInfo objects. Some basic functions used by the bliss_public_key class are shared with the bliss_private_key class.
* Created framework for BLISS post-quantum signature algorithmAndreas Steffen2014-11-291-3/+11
|
* pki: Print and document the name constraint type for DNS or email constraintsMartin Willi2014-10-303-6/+46
| | | | | As email constraints may be for a specific host, it is not clear from the name itself if it is a DNS or email constraint.
* pki: Document --online option for pki --verify and all exit codesTobias Brunner2014-06-301-5/+11
|
* pki: Also check for MAX_COMMANDS when building getopt_long argumentsTobias Brunner2014-06-241-1/+1
| | | | Completes 87e53819a6 and 0a8c399a21.
* pki: Support complex trustchain and revocation checking in --verifyMartin Willi2014-06-041-48/+86
|
* pki: Provide a fallback if strptime() not supportedMartin Willi2014-06-041-9/+63
| | | | | For simplicity, we support the default pki datetime format only, but optionally accept four digit years for longer lifetimes.
* pki: Switch to binary mode on Windows when reading/writing DER to FDsMartin Willi2014-06-0413-1/+49
|
* pki: Stop prompting for password when entering empty stringMartin Willi2014-06-041-1/+1
|
* Make sure getpass() is availableTobias Brunner2014-05-291-1/+3
| | | | It's not on Android for example.
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-165-10/+5
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* pki: Fix memory leak when printing unknown AC group OIDsTobias Brunner2014-04-091-0/+1
|
* pki: Removed extra continue statementTobias Brunner2014-04-091-1/+0
|
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-083-2/+14
|
* pki: Document --not-before/after and --dateform options in manpagesMartin Willi2014-03-314-7/+99
|
* pki: Support absolute --this/next-update CRL lifetimesMartin Willi2014-03-311-6/+22
|
* pki: Support absolute --not-before/after issued certificate lifetimesMartin Willi2014-03-312-7/+22
|
* pki: Support absolute --not-before/after self-signed certificate lifetimesMartin Willi2014-03-311-5/+22
|
* pki: Support absolute --not-before/after acert lifetimesMartin Willi2014-03-311-7/+26
|
* pki: Add a certificate lifetime calculation helper functionMartin Willi2014-03-312-1/+69
|
* pki: Add acert and extend pki/print manpagesMartin Willi2014-03-314-2/+115
|
* pki: Implement an acert command to issue attribute certificatesMartin Willi2014-03-313-1/+275
|
* pki: Support printing attribute certificatesMartin Willi2014-03-311-1/+89
|
* pki: Don't generate negative random serial numbers in X.509 certificatesMartin Willi2014-03-312-0/+2
| | | | According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers.
* pki: When dispatching commands, don't look beyond non-null-terminated arrayMartin Willi2014-03-191-1/+1
|
* pki: Check length of commands array before accessing command in --helpMartin Willi2014-03-191-1/+1
| | | | | | | As --help is counted as command as well, the array is not null-terminated and we have to check for MAX_COMMANDS. Fixes #550.
* pki: Make cmds array static, ensuring that it is zero-initializedMartin Willi2014-02-201-2/+1
| | | | | As pki --help relies on a zero-terminated array, make the actually non-public cmds array static to ensure initialization.
* pki: Fix minor resource leak on failure to read the private key in --req5.1.2rc2Tobias Brunner2014-02-181-1/+2
|
* lib: Add global config namespaceTobias Brunner2014-02-121-1/+1
|
* pki: Declare correct section in pki --issue man pageTobias Brunner2014-01-241-1/+1
|
* chunk: Use dynamically allocated buffer in chunk_from_fd()Martin Willi2014-01-237-11/+53
| | | | | | | | When acting on files, we can use fstat() to estimate the buffer size. On non-file FDs, we dynamically increase an allocated buffer. Additionally we slightly change the function signature to properly handle zero-length files and add appropriate unit tests.
* pki: Make sure no command registers too many optionsTobias Brunner2014-01-232-4/+11
|
* pki: Increase MAX_COMMANDS to cover all currently available commandsTobias Brunner2014-01-231-2/+2
| | | | Fixes #452.
* pki: Print a warning if MAX_COMMANDS is too lowTobias Brunner2014-01-231-0/+7
|
* pki: Properly use ?: when defining option arraysTobias Brunner2014-01-231-2/+2
|
* pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOBTobias Brunner2013-10-237-10/+42
| | | | This allows more than one builder to try parsing the data read from STDIN.
* ignore *.1 manpage filesAndreas Steffen2013-09-171-1/+1
|
* pki: --pub also accepts public keys (i.e. to convert them to a different format)Tobias Brunner2013-09-132-3/+18
|
* pki: Add support to encode public keys in SSH key formatTobias Brunner2013-09-133-4/+16
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 06:44:56 +0000