aboutsummaryrefslogtreecommitdiffstats
path: root/src/pki
Commit message (Collapse)AuthorAgeFilesLines
* pki: Enable PSS padding if enabled in strongswan.confTobias Brunner2017-11-085-5/+11
|
* pki: Optionally generate RSA/PSS signaturesTobias Brunner2017-11-0813-45/+179
|
* pki: Indent usage lines properly automaticallyTobias Brunner2017-11-085-13/+13
|
* pki: Properly forward digest to attribute certificate builderTobias Brunner2017-11-081-0/+1
|
* ikev2: Enumerate RSA/PSS schemes and use them if enabledTobias Brunner2017-11-081-3/+3
|
* auth-cfg: Store signature schemes as signature_params_t objectsTobias Brunner2017-11-081-1/+1
| | | | | Due to circular references the hasher_from_signature_scheme() helper does not take a signature_params_t object.
* certificates: Use shared destructor for x509_cdp_tTobias Brunner2017-09-181-11/+2
|
* pki: Fix typo in --print man pageTobias Brunner2017-07-051-3/+3
|
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-261-10/+18
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* pki: Reset variable so error handling works properlyTobias Brunner2017-04-191-0/+1
| | | | | If we jump to `end` without this we crash (not necessarily visibly) due to a double free and the actual error message is not printed.
* pki: Actually make the default key type KEY_ANY for --selfTobias Brunner2017-03-241-1/+1
| | | | | Fixes: 05ccde0a8bd9 ("pki: Add generic 'priv' key type that loads any type of private key")
* pki: Cast length derived from pointer arithmetic to intTobias Brunner2017-03-231-1/+1
|
* pki: Add key object handle of smartcard or TPM private key as an argument to ↵Andreas Steffen2017-03-062-5/+25
| | | | pki --keyid
* pki: Edited keyid parameter use in various pki man pages and usage outputsAndreas Steffen2017-03-0612-19/+34
|
* Add keyid of smartcard or TPM private key as an argument to pki --reqAndreas Steffen2017-03-021-2/+15
|
* pki: Add a note about constructing RFC 3779 compliant certificates to manpageMartin Willi2017-02-272-0/+6
|
* pki: Support an --addrblock option for issued certificatesMartin Willi2017-02-272-1/+22
|
* pki: Support an --addrblock option for self-signed certificatesMartin Willi2017-02-272-0/+23
|
* pki: Add a helper function parse traffic selectors from CIDR subnets or rangesMartin Willi2017-02-272-0/+31
|
* Added support of EdDSA signaturesAndreas Steffen2016-12-148-20/+43
|
* pki: Don't remove zero bytes in CRL serials anymoreTobias Brunner2016-10-111-6/+7
| | | | | | This was added a few years ago because pki --signcrl once encoded serials incorrectly as eight byte blobs. But still ensure we have can handle overflows in case the serial is encoded incorrectly without zero-prefix.
* pki: Use serial of base CRL for delta CRLsTobias Brunner2016-10-111-1/+4
| | | | | According to RFC 5280 delta CRLs and complete CRLs MUST share one numbering sequence.
* pki: Add generic 'priv' key type that loads any type of private keyTobias Brunner2016-10-0512-28/+59
|
* pki: Drop -priv suffix to specify private key typesTobias Brunner2016-10-054-16/+23
|
* pki: Allow to load CRLs from files in --verifyTobias Brunner2016-08-252-3/+21
|
* configure: Check for and explicitly link against -latomicMartin Willi2016-06-141-1/+1
| | | | | Some C libraries, such as uClibc, require an explicit link for some atomic functions. Check for any libatomic, and explcily link it.
* pki: Increase MAX_LINESTobias Brunner2015-12-161-1/+1
| | | | | The --issue and --self commands both define 10 lines of usage summary text.
* pki: Never print more than MAX_LINES of usage summaryTobias Brunner2015-12-161-1/+10
| | | | Print a warning if a registered command exceeds that limit.
* Standardized printing of certificate informationAndreas Steffen2015-12-111-523/+20
| | | | | | | The certificate_printer class allows the printing of certificate information to a text file (usually stdout). This class is used by the pki --print and swanctl --list-certs commands as well as by the stroke plugin.
* pki: Explicitly link against -lpthread and -ldl if requiredMartin Willi2015-12-041-1/+4
| | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it.
* Support BLISS signatures with SHA-3 hashAndreas Steffen2015-11-035-5/+9
|
* pki: Add new type options to --issue command usage outputTobias Brunner2015-08-271-2/+2
|
* pki: Add --dn command to extract the subject DN of a certificateTobias Brunner2015-08-176-11/+219
|
* pki: Optionally extract public key from given private key in --issueTobias Brunner2015-08-102-6/+30
| | | | Fixes #618.
* pki: Choose default digest based on the signature keyTobias Brunner2015-03-2312-20/+69
|
* pki: Use SHA-256 as default for signaturesTobias Brunner2015-03-2310-55/+15
| | | | | | Since the BLISS private key supports this we don't do any special handling anymore (if the user choses a digest that is not supported, signing will simply fail later because no signature scheme will be found).
* Allow SHA256 and SHA384 data hash for BLISS signatures.Andreas Steffen2015-02-267-16/+36
| | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle.
* pki: Document correct output formats for --pkcs12 --exportTobias Brunner2014-12-191-2/+2
|
* pki: Properly clean up if output format for --pkcs12 is wrongTobias Brunner2014-12-191-0/+2
|
* pki: Add command to export certificates and keys from PKCS#12 containersTobias Brunner2014-12-122-9/+112
|
* pki: Reformat PKCS#12 output and add an index for each certificate/keyTobias Brunner2014-12-122-14/+17
|
* pki: Add simple PKCS#12 display commandTobias Brunner2014-12-124-1/+203
|
* pki: Cache entered secrets in case they are needed more than onceTobias Brunner2014-12-121-2/+23
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-296-3/+37
| | | | pki tool
* Started implementing BLISS signature generationAndreas Steffen2014-11-291-2/+8
|
* Store and parse BLISS private and public keys in DER and PEM formatAndreas Steffen2014-11-292-4/+17
| | | | | | | | Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey and subjectPublicKeyInfo objects. Some basic functions used by the bliss_public_key class are shared with the bliss_private_key class.
* Created framework for BLISS post-quantum signature algorithmAndreas Steffen2014-11-291-3/+11
|
* pki: Print and document the name constraint type for DNS or email constraintsMartin Willi2014-10-303-6/+46
| | | | | As email constraints may be for a specific host, it is not clear from the name itself if it is a DNS or email constraint.
* pki: Document --online option for pki --verify and all exit codesTobias Brunner2014-06-301-5/+11
|
* pki: Also check for MAX_COMMANDS when building getopt_long argumentsTobias Brunner2014-06-241-1/+1
| | | | Completes 87e53819a6 and 0a8c399a21.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 06:25:41 +0000