]>
git.ipfire.org Git - thirdparty/openssl.git/blob - apps/genpkey.c
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
6 /* ====================================================================
7 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
35 * 6. Redistributions of any form whatsoever must retain the following
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
62 #include <openssl/pem.h>
63 #include <openssl/err.h>
64 #include <openssl/evp.h>
65 #ifndef OPENSSL_NO_ENGINE
66 # include <openssl/engine.h>
69 static int init_keygen_file(BIO
*err
, EVP_PKEY_CTX
**pctx
,
70 const char *file
, ENGINE
*e
);
71 static int genpkey_cb(EVP_PKEY_CTX
*ctx
);
73 #define PROG genpkey_main
75 int MAIN(int, char **);
77 int MAIN(int argc
, char **argv
)
80 char **args
, *outfile
= NULL
;
82 BIO
*in
= NULL
, *out
= NULL
;
83 const EVP_CIPHER
*cipher
= NULL
;
86 EVP_PKEY
*pkey
= NULL
;
87 EVP_PKEY_CTX
*ctx
= NULL
;
95 bio_err
= BIO_new_fp(stderr
, BIO_NOCLOSE
);
97 if (!load_config(bio_err
, NULL
))
100 outformat
= FORMAT_PEM
;
102 ERR_load_crypto_strings();
103 OpenSSL_add_all_algorithms();
105 while (!badarg
&& *args
&& *args
[0] == '-') {
106 if (!strcmp(*args
, "-outform")) {
109 outformat
= str2fmt(*args
);
112 } else if (!strcmp(*args
, "-pass")) {
117 #ifndef OPENSSL_NO_ENGINE
118 else if (strcmp(*args
, "-engine") == 0) {
121 e
= setup_engine(bio_err
, *(++args
), 0);
124 else if (!strcmp(*args
, "-paramfile")) {
130 if (!init_keygen_file(bio_err
, &ctx
, *args
, e
))
132 } else if (!strcmp(*args
, "-out")) {
138 } else if (strcmp(*args
, "-algorithm") == 0) {
141 if (!init_gen_str(bio_err
, &ctx
, *(++args
), e
, do_param
))
143 } else if (strcmp(*args
, "-pkeyopt") == 0) {
147 BIO_puts(bio_err
, "No keytype specified\n");
149 } else if (pkey_ctrl_string(ctx
, *(++args
)) <= 0) {
150 BIO_puts(bio_err
, "parameter setting error\n");
151 ERR_print_errors(bio_err
);
154 } else if (strcmp(*args
, "-genparam") == 0) {
158 } else if (strcmp(*args
, "-text") == 0)
161 cipher
= EVP_get_cipherbyname(*args
+ 1);
163 BIO_printf(bio_err
, "Unknown cipher %s\n", *args
+ 1);
177 BIO_printf(bio_err
, "Usage: genpkey [options]\n");
178 BIO_printf(bio_err
, "where options may be\n");
179 BIO_printf(bio_err
, "-out file output file\n");
181 "-outform X output format (DER or PEM)\n");
183 "-pass arg output file pass phrase source\n");
185 "-<cipher> use cipher <cipher> to encrypt the key\n");
186 #ifndef OPENSSL_NO_ENGINE
188 "-engine e use engine e, possibly a hardware device.\n");
190 BIO_printf(bio_err
, "-paramfile file parameters file\n");
191 BIO_printf(bio_err
, "-algorithm alg the public key algorithm\n");
193 "-pkeyopt opt:value set the public key algorithm option <opt>\n"
194 " to value <value>\n");
196 "-genparam generate parameters, not key\n");
197 BIO_printf(bio_err
, "-text print the in text\n");
199 "NB: options order may be important! See the manual page.\n");
203 if (!app_passwd(bio_err
, passarg
, NULL
, &pass
, NULL
)) {
204 BIO_puts(bio_err
, "Error getting password\n");
209 if (!(out
= BIO_new_file(outfile
, "wb"))) {
210 BIO_printf(bio_err
, "Can't open output file %s\n", outfile
);
214 out
= BIO_new_fp(stdout
, BIO_NOCLOSE
);
215 #ifdef OPENSSL_SYS_VMS
217 BIO
*tmpbio
= BIO_new(BIO_f_linebuffer());
218 out
= BIO_push(tmpbio
, out
);
223 EVP_PKEY_CTX_set_cb(ctx
, genpkey_cb
);
224 EVP_PKEY_CTX_set_app_data(ctx
, bio_err
);
227 if (EVP_PKEY_paramgen(ctx
, &pkey
) <= 0) {
228 BIO_puts(bio_err
, "Error generating parameters\n");
229 ERR_print_errors(bio_err
);
233 if (EVP_PKEY_keygen(ctx
, &pkey
) <= 0) {
234 BIO_puts(bio_err
, "Error generating key\n");
235 ERR_print_errors(bio_err
);
241 rv
= PEM_write_bio_Parameters(out
, pkey
);
242 else if (outformat
== FORMAT_PEM
)
243 rv
= PEM_write_bio_PrivateKey(out
, pkey
, cipher
, NULL
, 0, NULL
, pass
);
244 else if (outformat
== FORMAT_ASN1
)
245 rv
= i2d_PrivateKey_bio(out
, pkey
);
247 BIO_printf(bio_err
, "Bad format specified for key\n");
252 BIO_puts(bio_err
, "Error writing key\n");
253 ERR_print_errors(bio_err
);
258 rv
= EVP_PKEY_print_params(out
, pkey
, 0, NULL
);
260 rv
= EVP_PKEY_print_private(out
, pkey
, 0, NULL
);
263 BIO_puts(bio_err
, "Error printing key\n");
264 ERR_print_errors(bio_err
);
274 EVP_PKEY_CTX_free(ctx
);
284 static int init_keygen_file(BIO
*err
, EVP_PKEY_CTX
**pctx
,
285 const char *file
, ENGINE
*e
)
288 EVP_PKEY
*pkey
= NULL
;
289 EVP_PKEY_CTX
*ctx
= NULL
;
291 BIO_puts(err
, "Parameters already set!\n");
295 pbio
= BIO_new_file(file
, "r");
297 BIO_printf(err
, "Can't open parameter file %s\n", file
);
301 pkey
= PEM_read_bio_Parameters(pbio
, NULL
);
305 BIO_printf(bio_err
, "Error reading parameter file %s\n", file
);
309 ctx
= EVP_PKEY_CTX_new(pkey
, e
);
312 if (EVP_PKEY_keygen_init(ctx
) <= 0)
319 BIO_puts(err
, "Error initializing context\n");
320 ERR_print_errors(err
);
322 EVP_PKEY_CTX_free(ctx
);
329 int init_gen_str(BIO
*err
, EVP_PKEY_CTX
**pctx
,
330 const char *algname
, ENGINE
*e
, int do_param
)
332 EVP_PKEY_CTX
*ctx
= NULL
;
333 const EVP_PKEY_ASN1_METHOD
*ameth
;
334 ENGINE
*tmpeng
= NULL
;
338 BIO_puts(err
, "Algorithm already set!\n");
342 ameth
= EVP_PKEY_asn1_find_str(&tmpeng
, algname
, -1);
344 #ifndef OPENSSL_NO_ENGINE
346 ameth
= ENGINE_get_pkey_asn1_meth_str(e
, algname
, -1);
350 BIO_printf(bio_err
, "Algorithm %s not found\n", algname
);
356 EVP_PKEY_asn1_get0_info(&pkey_id
, NULL
, NULL
, NULL
, NULL
, ameth
);
357 #ifndef OPENSSL_NO_ENGINE
359 ENGINE_finish(tmpeng
);
361 ctx
= EVP_PKEY_CTX_new_id(pkey_id
, e
);
366 if (EVP_PKEY_paramgen_init(ctx
) <= 0)
369 if (EVP_PKEY_keygen_init(ctx
) <= 0)
377 BIO_printf(err
, "Error initializing %s context\n", algname
);
378 ERR_print_errors(err
);
380 EVP_PKEY_CTX_free(ctx
);
385 static int genpkey_cb(EVP_PKEY_CTX
*ctx
)
388 BIO
*b
= EVP_PKEY_CTX_get_app_data(ctx
);
390 p
= EVP_PKEY_CTX_get_keygen_info(ctx
, 0);