2 * Copyright (C) 2009 Martin Willi
3 * Copyright (C) 2014-2016 Andreas Steffen
5 * Copyright (C) secunet Security Networks AG
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * Generate a private key
25 cred_encoding_type_t form
= PRIVKEY_ASN1_DER
;
26 key_type_t type
= KEY_RSA
;
27 u_int size
= 0, shares
= 0, threshold
= 1;
30 bool safe_primes
= FALSE
;
35 switch (command_getopt(&arg
))
38 return command_usage(NULL
);
40 if (streq(arg
, "rsa"))
44 else if (streq(arg
, "ecdsa"))
48 else if (streq(arg
, "ed25519"))
52 else if (streq(arg
, "ed448"))
56 else if (streq(arg
, "bliss"))
62 return command_usage("invalid key type");
66 if (!get_form(arg
, &form
, CRED_PRIVATE_KEY
))
68 return command_usage("invalid key output format");
75 return command_usage("invalid key size");
85 return command_usage("invalid number of key shares");
89 threshold
= atoi(arg
);
92 return command_usage("invalid key share threshold");
98 return command_usage("invalid --gen option");
102 /* default key sizes */
126 if (type
== KEY_RSA
&& shares
)
128 if (threshold
> shares
)
130 return command_usage("threshold is larger than number of shares");
132 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
, type
,
133 BUILD_KEY_SIZE
, size
, BUILD_SAFE_PRIMES
,
134 BUILD_SHARES
, shares
, BUILD_THRESHOLD
, threshold
,
137 else if (type
== KEY_RSA
&& safe_primes
)
139 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
, type
,
140 BUILD_KEY_SIZE
, size
, BUILD_SAFE_PRIMES
, BUILD_END
);
144 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
, type
,
145 BUILD_KEY_SIZE
, size
, BUILD_END
);
149 fprintf(stderr
, "private key generation failed\n");
152 if (!key
->get_encoding(key
, form
, &encoding
))
154 fprintf(stderr
, "private key encoding failed\n");
159 set_file_mode(stdout
, form
);
160 if (fwrite(encoding
.ptr
, encoding
.len
, 1, stdout
) != 1)
162 fprintf(stderr
, "writing private key failed\n");
171 * Register the command.
173 static void __attribute__ ((constructor
))reg()
175 command_register((command_t
) {
176 gen
, 'g', "gen", "generate a new private key",
177 {"[--type rsa|ecdsa|ed25519|ed448|bliss] [--size bits] [--safe-primes]",
178 "[--shares n] [--threshold l] [--outform der|pem]"},
180 {"help", 'h', 0, "show usage information"},
181 {"type", 't', 1, "type of key, default: rsa"},
182 {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384, bliss 1"},
183 {"safe-primes", 'p', 0, "generate rsa safe primes"},
184 {"shares", 'n', 1, "number of private rsa key shares"},
185 {"threshold", 'l', 1, "minimum number of participating rsa key shares"},
186 {"outform", 'f', 1, "encoding of generated private key, default: der"},