diff --git a/tool/cmdline-signer.ggo b/tool/cmdline-signer.ggo index 38f9e6c..d758eb5 100644 --- a/tool/cmdline-signer.ggo +++ b/tool/cmdline-signer.ggo @@ -33,7 +33,7 @@ text " 9d is for Key Management 9e is for Card Authentication (PIN never checked)\n" option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048" -option "hash" H "Hash to use for the signature" values="SHA1","SHA256" enum optional default="SHA1" +option "hash" H "Hash to use for the signature" values="SHA1","SHA256","SHA512" enum optional default="SHA1" option "input" i "Filename to use as input, - for stdin" string optional default="-" option "output" o "Filename to use as output, - for stdout" string optional default="-" option "pin" P "Pin code for verification" string diff --git a/tool/yubico-piv-signer.c b/tool/yubico-piv-signer.c index a5d767b..69c19df 100644 --- a/tool/yubico-piv-signer.c +++ b/tool/yubico-piv-signer.c @@ -117,6 +117,10 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output, md = EVP_sha256(); nid = NID_sha256; break; + case hash_arg_SHA512: + md = EVP_sha512(); + nid = NID_sha512; + break; case hash__NULL: default: goto out;