]>
git.ipfire.org Git - thirdparty/openssl.git/blob - apps/pkey.c
2 * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/pem.h>
14 #include <openssl/err.h>
15 #include <openssl/evp.h>
17 typedef enum OPTION_choice
{
18 OPT_ERR
= -1, OPT_EOF
= 0, OPT_HELP
,
19 OPT_INFORM
, OPT_OUTFORM
, OPT_PASSIN
, OPT_PASSOUT
, OPT_ENGINE
,
20 OPT_IN
, OPT_OUT
, OPT_PUBIN
, OPT_PUBOUT
, OPT_TEXT_PUB
,
21 OPT_TEXT
, OPT_NOOUT
, OPT_MD
, OPT_TRADITIONAL
, OPT_CHECK
24 const OPTIONS pkey_options
[] = {
25 {"help", OPT_HELP
, '-', "Display this summary"},
26 {"inform", OPT_INFORM
, 'f', "Input format (DER or PEM)"},
27 {"outform", OPT_OUTFORM
, 'F', "Output format (DER or PEM)"},
28 {"passin", OPT_PASSIN
, 's', "Input file pass phrase source"},
29 {"passout", OPT_PASSOUT
, 's', "Output file pass phrase source"},
30 {"in", OPT_IN
, 's', "Input key"},
31 {"out", OPT_OUT
, '>', "Output file"},
32 {"pubin", OPT_PUBIN
, '-',
33 "Read public key from input (default is private key)"},
34 {"pubout", OPT_PUBOUT
, '-', "Output public key, not private"},
35 {"text_pub", OPT_TEXT_PUB
, '-', "Only output public key components"},
36 {"text", OPT_TEXT
, '-', "Output in plaintext as well"},
37 {"noout", OPT_NOOUT
, '-', "Don't output the key"},
38 {"", OPT_MD
, '-', "Any supported cipher"},
39 {"traditional", OPT_TRADITIONAL
, '-',
40 "Use traditional format for private keys"},
41 #ifndef OPENSSL_NO_ENGINE
42 {"engine", OPT_ENGINE
, 's', "Use engine, possibly a hardware device"},
44 {"check", OPT_CHECK
, '-', "Check key consistency"},
48 int pkey_main(int argc
, char **argv
)
50 BIO
*in
= NULL
, *out
= NULL
;
52 EVP_PKEY
*pkey
= NULL
;
53 const EVP_CIPHER
*cipher
= NULL
;
54 char *infile
= NULL
, *outfile
= NULL
, *passin
= NULL
, *passout
= NULL
;
55 char *passinarg
= NULL
, *passoutarg
= NULL
, *prog
;
57 int informat
= FORMAT_PEM
, outformat
= FORMAT_PEM
;
58 int pubin
= 0, pubout
= 0, pubtext
= 0, text
= 0, noout
= 0, ret
= 1;
59 int private = 0, traditional
= 0, check
= 0;
61 prog
= opt_init(argc
, argv
, pkey_options
);
62 while ((o
= opt_next()) != OPT_EOF
) {
67 BIO_printf(bio_err
, "%s: Use -help for summary.\n", prog
);
70 opt_help(pkey_options
);
74 if (!opt_format(opt_arg(), OPT_FMT_ANY
, &informat
))
78 if (!opt_format(opt_arg(), OPT_FMT_PEMDER
, &outformat
))
82 passinarg
= opt_arg();
85 passoutarg
= opt_arg();
88 e
= setup_engine(opt_arg(), 0);
97 pubin
= pubout
= pubtext
= 1;
111 case OPT_TRADITIONAL
:
118 if (!opt_cipher(opt_unknown(), &cipher
))
122 argc
= opt_num_rest();
126 private = !noout
&& !pubout
? 1 : 0;
127 if (text
&& !pubtext
)
130 if (!app_passwd(passinarg
, passoutarg
, &passin
, &passout
)) {
131 BIO_printf(bio_err
, "Error getting passwords\n");
135 out
= bio_open_owner(outfile
, outformat
, private);
140 pkey
= load_pubkey(infile
, informat
, 1, passin
, e
, "Public Key");
142 pkey
= load_key(infile
, informat
, 1, passin
, e
, "key");
150 ctx
= EVP_PKEY_CTX_new(pkey
, e
);
152 ERR_print_errors(bio_err
);
156 r
= EVP_PKEY_check(ctx
);
159 BIO_printf(out
, "Key is valid\n");
162 * Note: at least for RSA keys if this function returns
163 * -1, there will be no error reasons.
167 BIO_printf(out
, "Key is invalid\n");
169 while ((err
= ERR_peek_error()) != 0) {
170 BIO_printf(out
, "Detailed error: %s\n",
171 ERR_reason_error_string(err
));
172 ERR_get_error(); /* remove err from error stack */
175 EVP_PKEY_CTX_free(ctx
);
179 if (outformat
== FORMAT_PEM
) {
181 PEM_write_bio_PUBKEY(out
, pkey
);
185 PEM_write_bio_PrivateKey_traditional(out
, pkey
, cipher
,
189 PEM_write_bio_PrivateKey(out
, pkey
, cipher
,
190 NULL
, 0, NULL
, passout
);
192 } else if (outformat
== FORMAT_ASN1
) {
194 i2d_PUBKEY_bio(out
, pkey
);
197 i2d_PrivateKey_bio(out
, pkey
);
200 BIO_printf(bio_err
, "Bad format specified for key\n");
207 EVP_PKEY_print_public(out
, pkey
, 0, NULL
);
210 EVP_PKEY_print_private(out
, pkey
, 0, NULL
);
218 ERR_print_errors(bio_err
);
223 OPENSSL_free(passin
);
224 OPENSSL_free(passout
);