version 1.201, 2010/08/31 12:33:38 |
version 1.205, 2011/01/11 06:13:10 |
|
|
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */ |
#define DEFAULT_BITS 2048 |
#define DEFAULT_BITS 2048 |
#define DEFAULT_BITS_DSA 1024 |
#define DEFAULT_BITS_DSA 1024 |
#define DEFAULT_BITS_ECDSA 521 |
#define DEFAULT_BITS_ECDSA 256 |
u_int32_t bits = 0; |
u_int32_t bits = 0; |
|
|
/* |
/* |
|
|
*k = key_new(KEY_UNSPEC); |
*k = key_new(KEY_UNSPEC); |
(*k)->type = KEY_ECDSA; |
(*k)->type = KEY_ECDSA; |
(*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey); |
(*k)->ecdsa = EVP_PKEY_get1_EC_KEY(pubkey); |
(*k)->ecdsa_nid = key_ecdsa_group_to_nid( |
(*k)->ecdsa_nid = key_ecdsa_key_to_nid((*k)->ecdsa); |
EC_KEY_get0_group((*k)->ecdsa)); |
|
break; |
break; |
default: |
default: |
fatal("%s: unsupported pubkey type %d", __func__, |
fatal("%s: unsupported pubkey type %d", __func__, |
|
|
if (!quiet) { |
if (!quiet) { |
logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
logit("Signed %s key %s: id \"%s\" serial %llu%s%s " |
"valid %s", key_cert_type(public), |
"valid %s", key_cert_type(public), |
out, public->cert->key_id, public->cert->serial, |
out, public->cert->key_id, |
|
(unsigned long long)public->cert->serial, |
cert_principals != NULL ? " for " : "", |
cert_principals != NULL ? " for " : "", |
cert_principals != NULL ? cert_principals : "", |
cert_principals != NULL ? cert_principals : "", |
fmt_validity(cert_valid_from, cert_valid_to)); |
fmt_validity(cert_valid_from, cert_valid_to)); |
|
|
printf(" Signing CA: %s %s\n", |
printf(" Signing CA: %s %s\n", |
key_type(key->cert->signature_key), ca_fp); |
key_type(key->cert->signature_key), ca_fp); |
printf(" Key ID: \"%s\"\n", key->cert->key_id); |
printf(" Key ID: \"%s\"\n", key->cert->key_id); |
if (!v00) |
if (!v00) { |
printf(" Serial: %llu\n", key->cert->serial); |
printf(" Serial: %llu\n", |
|
(unsigned long long)key->cert->serial); |
|
} |
printf(" Valid: %s\n", |
printf(" Valid: %s\n", |
fmt_validity(key->cert->valid_after, key->cert->valid_before)); |
fmt_validity(key->cert->valid_after, key->cert->valid_before)); |
printf(" Principals: "); |
printf(" Principals: "); |
|
|
"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { |
"O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { |
switch (opt) { |
switch (opt) { |
case 'b': |
case 'b': |
bits = (u_int32_t)strtonum(optarg, 768, 32768, &errstr); |
bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr); |
if (errstr) |
if (errstr) |
fatal("Bits has bad value %s (%s)", |
fatal("Bits has bad value %s (%s)", |
optarg, errstr); |
optarg, errstr); |
|
|
} |
} |
if (type == KEY_DSA && bits != 1024) |
if (type == KEY_DSA && bits != 1024) |
fatal("DSA keys must be 1024 bits"); |
fatal("DSA keys must be 1024 bits"); |
|
else if (type != KEY_ECDSA && bits < 768) |
|
fatal("Key must at least be 768 bits"); |
else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1) |
else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1) |
fatal("Invalid ECDSA key length - valid lengths are " |
fatal("Invalid ECDSA key length - valid lengths are " |
"256, 384 or 521 bits"); |
"256, 384 or 521 bits"); |