]>
git.ipfire.org Git - thirdparty/openssl.git/blob - apps/pkey.c
2 * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/pem.h>
15 #include <openssl/err.h>
16 #include <openssl/evp.h>
18 typedef enum OPTION_choice
{
19 OPT_ERR
= -1, OPT_EOF
= 0, OPT_HELP
,
20 OPT_INFORM
, OPT_OUTFORM
, OPT_PASSIN
, OPT_PASSOUT
, OPT_ENGINE
,
21 OPT_IN
, OPT_OUT
, OPT_PUBIN
, OPT_PUBOUT
, OPT_TEXT_PUB
,
22 OPT_TEXT
, OPT_NOOUT
, OPT_MD
, OPT_TRADITIONAL
, OPT_CHECK
, OPT_PUB_CHECK
25 const OPTIONS pkey_options
[] = {
26 {"help", OPT_HELP
, '-', "Display this summary"},
27 {"inform", OPT_INFORM
, 'f', "Input format (DER or PEM)"},
28 {"outform", OPT_OUTFORM
, 'F', "Output format (DER or PEM)"},
29 {"passin", OPT_PASSIN
, 's', "Input file pass phrase source"},
30 {"passout", OPT_PASSOUT
, 's', "Output file pass phrase source"},
31 {"in", OPT_IN
, 's', "Input key"},
32 {"out", OPT_OUT
, '>', "Output file"},
33 {"pubin", OPT_PUBIN
, '-',
34 "Read public key from input (default is private key)"},
35 {"pubout", OPT_PUBOUT
, '-', "Output public key, not private"},
36 {"text_pub", OPT_TEXT_PUB
, '-', "Only output public key components"},
37 {"text", OPT_TEXT
, '-', "Output in plaintext as well"},
38 {"noout", OPT_NOOUT
, '-', "Don't output the key"},
39 {"", OPT_MD
, '-', "Any supported cipher"},
40 {"traditional", OPT_TRADITIONAL
, '-',
41 "Use traditional format for private keys"},
42 #ifndef OPENSSL_NO_ENGINE
43 {"engine", OPT_ENGINE
, 's', "Use engine, possibly a hardware device"},
45 {"check", OPT_CHECK
, '-', "Check key consistency"},
46 {"pubcheck", OPT_PUB_CHECK
, '-', "Check public key consistency"},
50 int pkey_main(int argc
, char **argv
)
52 BIO
*in
= NULL
, *out
= NULL
;
54 EVP_PKEY
*pkey
= NULL
;
55 const EVP_CIPHER
*cipher
= NULL
;
56 char *infile
= NULL
, *outfile
= NULL
, *passin
= NULL
, *passout
= NULL
;
57 char *passinarg
= NULL
, *passoutarg
= NULL
, *prog
;
59 int informat
= FORMAT_PEM
, outformat
= FORMAT_PEM
;
60 int pubin
= 0, pubout
= 0, pubtext
= 0, text
= 0, noout
= 0, ret
= 1;
61 int private = 0, traditional
= 0, check
= 0, pub_check
= 0;
63 prog
= opt_init(argc
, argv
, pkey_options
);
64 while ((o
= opt_next()) != OPT_EOF
) {
69 BIO_printf(bio_err
, "%s: Use -help for summary.\n", prog
);
72 opt_help(pkey_options
);
76 if (!opt_format(opt_arg(), OPT_FMT_ANY
, &informat
))
80 if (!opt_format(opt_arg(), OPT_FMT_PEMDER
, &outformat
))
84 passinarg
= opt_arg();
87 passoutarg
= opt_arg();
90 e
= setup_engine(opt_arg(), 0);
99 pubin
= pubout
= pubtext
= 1;
113 case OPT_TRADITIONAL
:
123 if (!opt_cipher(opt_unknown(), &cipher
))
127 argc
= opt_num_rest();
131 private = !noout
&& !pubout
? 1 : 0;
132 if (text
&& !pubtext
)
135 if (!app_passwd(passinarg
, passoutarg
, &passin
, &passout
)) {
136 BIO_printf(bio_err
, "Error getting passwords\n");
140 out
= bio_open_owner(outfile
, outformat
, private);
145 pkey
= load_pubkey(infile
, informat
, 1, passin
, e
, "Public Key");
147 pkey
= load_key(infile
, informat
, 1, passin
, e
, "key");
151 if (check
|| pub_check
) {
155 ctx
= EVP_PKEY_CTX_new(pkey
, e
);
157 ERR_print_errors(bio_err
);
162 r
= EVP_PKEY_check(ctx
);
164 r
= EVP_PKEY_public_check(ctx
);
167 BIO_printf(out
, "Key is valid\n");
170 * Note: at least for RSA keys if this function returns
171 * -1, there will be no error reasons.
175 BIO_printf(out
, "Key is invalid\n");
177 while ((err
= ERR_peek_error()) != 0) {
178 BIO_printf(out
, "Detailed error: %s\n",
179 ERR_reason_error_string(err
));
180 ERR_get_error(); /* remove err from error stack */
183 EVP_PKEY_CTX_free(ctx
);
187 if (outformat
== FORMAT_PEM
) {
189 if (!PEM_write_bio_PUBKEY(out
, pkey
))
194 if (!PEM_write_bio_PrivateKey_traditional(out
, pkey
, cipher
,
199 if (!PEM_write_bio_PrivateKey(out
, pkey
, cipher
,
200 NULL
, 0, NULL
, passout
))
204 } else if (outformat
== FORMAT_ASN1
) {
206 if (!i2d_PUBKEY_bio(out
, pkey
))
210 if (!i2d_PrivateKey_bio(out
, pkey
))
214 BIO_printf(bio_err
, "Bad format specified for key\n");
221 if (EVP_PKEY_print_public(out
, pkey
, 0, NULL
) <= 0)
225 if (EVP_PKEY_print_private(out
, pkey
, 0, NULL
) <= 0)
234 ERR_print_errors(bio_err
);
239 OPENSSL_free(passin
);
240 OPENSSL_free(passout
);