Skip to content

Commit

Permalink
Add command to generate keypair on a PKCS#11 token
Browse files Browse the repository at this point in the history
Signed-off-by: Zoltan Fridrich <[email protected]>
  • Loading branch information
ZoltanFridrich committed Sep 14, 2023
1 parent ef5a2b9 commit e0700dc
Show file tree
Hide file tree
Showing 9 changed files with 515 additions and 27 deletions.
2 changes: 1 addition & 1 deletion bash-completion/p11-kit
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ _p11-kit()
COMPREPLY=( $(compgen -W "$opts" -- "$cur") )
return
elif [[ $cword -eq 1 ]]; then
local commands='export-object delete-object list-objects add-profile delete-profile list-profiles list-modules print-config extract server remote'
local commands='generate-keypair export-object delete-object list-objects add-profile delete-profile list-profiles list-modules print-config extract server remote'
COMPREPLY=( $(compgen -W "$commands" -- "$cur") )
fi
} &&
Expand Down
10 changes: 10 additions & 0 deletions common/compat.c
Original file line number Diff line number Diff line change
Expand Up @@ -1051,3 +1051,13 @@ p11_ascii_toupper (int c)
return 'A' + (c - 'a');
return c;
}

bool
p11_ascii_strcaseeq (const char *s1,
const char *s2)
{
while (p11_ascii_tolower (*s1) == p11_ascii_tolower (*s2++))
if (*s1++ == '\0')
return true;
return !(p11_ascii_tolower (*s1) - p11_ascii_tolower (*--s2));
}
13 changes: 8 additions & 5 deletions common/compat.h
Original file line number Diff line number Diff line change
Expand Up @@ -394,11 +394,14 @@ int isatty (int fd);

#endif

void p11_strerror_r (int errnum,
char *buf,
size_t buflen);
void p11_strerror_r (int errnum,
char *buf,
size_t buflen);

int p11_ascii_tolower (int c);
int p11_ascii_toupper (int c);
int p11_ascii_tolower (int c);
int p11_ascii_toupper (int c);

bool p11_ascii_strcaseeq (const char *s1,
const char *s2);

#endif /* __COMPAT_H__ */
41 changes: 41 additions & 0 deletions doc/manual/p11-kit.xml
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@
<cmdsynopsis>
<command>p11-kit delete-object</command> ...
</cmdsynopsis>
<cmdsynopsis>
<command>p11-kit generate-keypair</command> ...
</cmdsynopsis>
<cmdsynopsis>
<command>p11-kit list-profiles</command> ...
</cmdsynopsis>
Expand Down Expand Up @@ -140,6 +143,44 @@ $ p11-kit delete-object pkcs11:token

</refsect1>

<refsect1 id="p11-kit-generate-keypair">
<title>Generate Key-pair</title>

<para>Generate key-pair on a PKCS#11 token.</para>

<programlisting>
$ p11-kit generate-keypair &lsqb;--label=label&rsqb; --type=algorithm &lcub;--bits=n|--curve=name&rcub; pkcs11:token
</programlisting>

<para>Generate private-public key-pair of given type on specified PKCS#11 token.
Should be used together with --type option and one of --bits or --curve options.</para>

<variablelist>
<varlistentry>
<term><option>--label=&lt;label&gt;</option></term>
<listitem><para>Assigns label to the generated key-pair objects.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--type=&lt;algorithm&gt;</option></term>
<listitem><para>Specify the type of keys to generate.
Supported values are rsa, ecdsa, ed25519.
This option is required.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--bits=&lt;n&gt;</option></term>
<listitem><para>Specify the number of bits for the key-pair generation.
Cannot be used together with --curve option.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--curve=&lt;name&gt;</option></term>
<listitem><para>Specify an elliptic curve for the key-pair generation.
Supported values are secp256r1, secp384r1, secp521r1.
Cannot be used together with --bits option.</para></listitem>
</varlistentry>
</variablelist>

</refsect1>

<refsect1 id="p11-kit-list-profiles">
<title>List Profiles</title>

Expand Down
3 changes: 3 additions & 0 deletions p11-kit/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,7 @@ p11_kit_p11_kit_SOURCES = \
p11-kit/delete-object.c \
p11-kit/delete-profile.c \
p11-kit/export-object.c \
p11-kit/generate-keypair.c \
p11-kit/list-objects.c \
p11-kit/list-profiles.c \
p11-kit/lists.c \
Expand All @@ -292,6 +293,7 @@ p11_kit_p11_kit_testable_SOURCES = \
p11-kit/delete-object.c \
p11-kit/delete-profile.c \
p11-kit/export-object.c \
p11-kit/generate-keypair.c \
p11-kit/list-objects.c \
p11-kit/list-profiles.c \
p11-kit/lists.c \
Expand All @@ -306,6 +308,7 @@ p11_kit_p11_kit_testable_LDADD = \
$(NULL)

p11_kit_p11_kit_testable_CFLAGS = \
-DP11_KIT_TESTABLE \
$(COMMON_CFLAGS) \
$(NULL)

Expand Down
Loading

0 comments on commit e0700dc

Please sign in to comment.