add password for private keys
This commit is contained in:
+3
-2
@@ -31,8 +31,9 @@ option "action" a "Action to take" values="version","generate","set-mgm-key","re
|
|||||||
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional
|
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional
|
||||||
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048"
|
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048"
|
||||||
option "new-key" n "New authentication key to use" string optional
|
option "new-key" n "New authentication key to use" string optional
|
||||||
option "pin-retries" p "Number of retries before the pin code is blocked" int optional
|
option "pin-retries" - "Number of retries before the pin code is blocked" int optional
|
||||||
option "puk-retries" P "Number of retries before the puk code is blocked" int optional
|
option "puk-retries" - "Number of retries before the puk code is blocked" int optional
|
||||||
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
||||||
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
||||||
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12" enum optional default="PEM"
|
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12" enum optional default="PEM"
|
||||||
|
option "password" p "Password for decryption of private key file" string optional
|
||||||
|
|||||||
+12
-9
@@ -478,7 +478,7 @@ static bool set_pin_retries(SCARDHANDLE *card, int pin_retries, int puk_retries,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static bool import_key(SCARDHANDLE *card, enum enum_key_format key_format,
|
static bool import_key(SCARDHANDLE *card, enum enum_key_format key_format,
|
||||||
const char *input_file_name, const char *slot, int verbose) {
|
const char *input_file_name, const char *slot, char *password, int verbose) {
|
||||||
int key = 0;
|
int key = 0;
|
||||||
FILE *input_file;
|
FILE *input_file;
|
||||||
EVP_PKEY *private_key = NULL;
|
EVP_PKEY *private_key = NULL;
|
||||||
@@ -499,7 +499,7 @@ static bool import_key(SCARDHANDLE *card, enum enum_key_format key_format,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(key_format == key_format_arg_PEM) {
|
if(key_format == key_format_arg_PEM) {
|
||||||
private_key = PEM_read_PrivateKey(input_file, NULL, NULL, NULL);
|
private_key = PEM_read_PrivateKey(input_file, NULL, NULL, password);
|
||||||
if(!private_key) {
|
if(!private_key) {
|
||||||
fprintf(stderr, "Failed loading private key for import.\n");
|
fprintf(stderr, "Failed loading private key for import.\n");
|
||||||
ret = false;
|
ret = false;
|
||||||
@@ -512,8 +512,8 @@ static bool import_key(SCARDHANDLE *card, enum enum_key_format key_format,
|
|||||||
ret = false;
|
ret = false;
|
||||||
goto import_out;
|
goto import_out;
|
||||||
}
|
}
|
||||||
if(!PKCS12_parse(p12, NULL, &private_key, &cert, NULL)) {
|
if(PKCS12_parse(p12, password, &private_key, &cert, NULL) == 0) {
|
||||||
fprintf(stderr, "Failed to parse PKCS12 structure.\n");
|
fprintf(stderr, "Failed to parse PKCS12 structure. (password: %s)\n", password);
|
||||||
ret = false;
|
ret = false;
|
||||||
goto import_out;
|
goto import_out;
|
||||||
}
|
}
|
||||||
@@ -620,7 +620,7 @@ import_out:
|
|||||||
}
|
}
|
||||||
|
|
||||||
static bool import_cert(SCARDHANDLE *card, enum enum_key_format cert_format,
|
static bool import_cert(SCARDHANDLE *card, enum enum_key_format cert_format,
|
||||||
const char *input_file_name, enum enum_slot slot, int verbose) {
|
const char *input_file_name, enum enum_slot slot, char *password, int verbose) {
|
||||||
int object;
|
int object;
|
||||||
bool ret = true;
|
bool ret = true;
|
||||||
FILE *input_file;
|
FILE *input_file;
|
||||||
@@ -658,7 +658,7 @@ static bool import_cert(SCARDHANDLE *card, enum enum_key_format cert_format,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(cert_format == key_format_arg_PEM) {
|
if(cert_format == key_format_arg_PEM) {
|
||||||
cert = PEM_read_X509(input_file, NULL, NULL, NULL);
|
cert = PEM_read_X509(input_file, NULL, NULL, password);
|
||||||
if(!cert) {
|
if(!cert) {
|
||||||
fprintf(stderr, "Failed loading certificate for import.\n");
|
fprintf(stderr, "Failed loading certificate for import.\n");
|
||||||
goto import_cert_out;
|
goto import_cert_out;
|
||||||
@@ -671,7 +671,7 @@ static bool import_cert(SCARDHANDLE *card, enum enum_key_format cert_format,
|
|||||||
goto import_cert_out;
|
goto import_cert_out;
|
||||||
ret = false;
|
ret = false;
|
||||||
}
|
}
|
||||||
if(!PKCS12_parse(p12, NULL, &private_key, &cert, NULL)) {
|
if(!PKCS12_parse(p12, password, &private_key, &cert, NULL)) {
|
||||||
fprintf(stderr, "Failed to parse PKCS12 structure.\n");
|
fprintf(stderr, "Failed to parse PKCS12 structure.\n");
|
||||||
ret = false;
|
ret = false;
|
||||||
goto import_cert_out;
|
goto import_cert_out;
|
||||||
@@ -898,6 +898,9 @@ int main(int argc, char *argv[]) {
|
|||||||
fprintf(stderr, "Successfull applet authentication.\n");
|
fprintf(stderr, "Successfull applet authentication.\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* openssl setup.. */
|
||||||
|
OpenSSL_add_all_algorithms();
|
||||||
|
|
||||||
for(i = 0; i < args_info.action_given; i++) {
|
for(i = 0; i < args_info.action_given; i++) {
|
||||||
action = *args_info.action_arg++;
|
action = *args_info.action_arg++;
|
||||||
if(verbosity) {
|
if(verbosity) {
|
||||||
@@ -950,7 +953,7 @@ int main(int argc, char *argv[]) {
|
|||||||
break;
|
break;
|
||||||
case action_arg_importMINUS_key:
|
case action_arg_importMINUS_key:
|
||||||
if(args_info.slot_arg != slot__NULL) {
|
if(args_info.slot_arg != slot__NULL) {
|
||||||
if(import_key(&card, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, verbosity) == false) {
|
if(import_key(&card, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.password_arg, verbosity) == false) {
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
printf("Successfully imported a new private key.\n");
|
printf("Successfully imported a new private key.\n");
|
||||||
@@ -961,7 +964,7 @@ int main(int argc, char *argv[]) {
|
|||||||
break;
|
break;
|
||||||
case action_arg_importMINUS_certificate:
|
case action_arg_importMINUS_certificate:
|
||||||
if(args_info.slot_arg != slot__NULL) {
|
if(args_info.slot_arg != slot__NULL) {
|
||||||
if(import_cert(&card, args_info.key_format_arg, args_info.input_arg, args_info.slot_arg, verbosity) == false) {
|
if(import_cert(&card, args_info.key_format_arg, args_info.input_arg, args_info.slot_arg, args_info.password_arg, verbosity) == false) {
|
||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
printf("Successfully imported a new certificate.\n");
|
printf("Successfully imported a new certificate.\n");
|
||||||
|
|||||||
Reference in New Issue
Block a user