diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2015-10-22 11:43:58 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2015-10-22 11:43:58 +0200 |
| commit | 5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (patch) | |
| tree | 037f1ec5bb860846938ddcf29771c24e9c529be0 /src/pki | |
| parent | b238cf34df3fe4476ae6b7012e7cb3e9769d4d51 (diff) | |
| download | vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.tar.gz vyos-strongswan-5dca9ea0e2931f0e2a056c7964d311bcc30a01b8.zip | |
Imported Upstream version 5.3.3
Diffstat (limited to 'src/pki')
| -rw-r--r-- | src/pki/Makefile.am | 9 | ||||
| -rw-r--r-- | src/pki/Makefile.in | 39 | ||||
| -rw-r--r-- | src/pki/command.h | 2 | ||||
| -rw-r--r-- | src/pki/commands/dn.c | 146 | ||||
| -rw-r--r-- | src/pki/commands/issue.c | 35 | ||||
| -rw-r--r-- | src/pki/man/Makefile.am | 11 | ||||
| -rw-r--r-- | src/pki/man/Makefile.in | 37 | ||||
| -rw-r--r-- | src/pki/man/pki---dn.1.in | 56 | ||||
| -rw-r--r-- | src/pki/man/pki---issue.1.in | 5 | ||||
| -rw-r--r-- | src/pki/man/pki.1.in | 6 |
10 files changed, 293 insertions, 53 deletions
diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am index ab407e021..a3da0ab04 100644 --- a/src/pki/Makefile.am +++ b/src/pki/Makefile.am @@ -3,17 +3,18 @@ SUBDIRS = man bin_PROGRAMS = pki pki_SOURCES = pki.c pki.h command.c command.h \ + commands/acert.c \ + commands/dn.c \ commands/gen.c \ commands/issue.c \ commands/keyid.c \ + commands/pkcs12.c \ + commands/pkcs7.c \ + commands/print.c \ commands/pub.c \ commands/req.c \ commands/self.c \ - commands/print.c \ commands/signcrl.c \ - commands/acert.c \ - commands/pkcs7.c \ - commands/pkcs12.c \ commands/verify.c pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 4205469fc..b4829f777 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -103,12 +103,13 @@ am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) am__dirstamp = $(am__leading_dot)dirstamp am_pki_OBJECTS = pki.$(OBJEXT) command.$(OBJEXT) \ + commands/acert.$(OBJEXT) commands/dn.$(OBJEXT) \ commands/gen.$(OBJEXT) commands/issue.$(OBJEXT) \ - commands/keyid.$(OBJEXT) commands/pub.$(OBJEXT) \ - commands/req.$(OBJEXT) commands/self.$(OBJEXT) \ - commands/print.$(OBJEXT) commands/signcrl.$(OBJEXT) \ - commands/acert.$(OBJEXT) commands/pkcs7.$(OBJEXT) \ - commands/pkcs12.$(OBJEXT) commands/verify.$(OBJEXT) + commands/keyid.$(OBJEXT) commands/pkcs12.$(OBJEXT) \ + commands/pkcs7.$(OBJEXT) commands/print.$(OBJEXT) \ + commands/pub.$(OBJEXT) commands/req.$(OBJEXT) \ + commands/self.$(OBJEXT) commands/signcrl.$(OBJEXT) \ + commands/verify.$(OBJEXT) pki_OBJECTS = $(am_pki_OBJECTS) pki_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la AM_V_lt = $(am__v_lt_@AM_V@) @@ -445,17 +446,18 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ SUBDIRS = man pki_SOURCES = pki.c pki.h command.c command.h \ + commands/acert.c \ + commands/dn.c \ commands/gen.c \ commands/issue.c \ commands/keyid.c \ + commands/pkcs12.c \ + commands/pkcs7.c \ + commands/print.c \ commands/pub.c \ commands/req.c \ commands/self.c \ - commands/print.c \ commands/signcrl.c \ - commands/acert.c \ - commands/pkcs7.c \ - commands/pkcs12.c \ commands/verify.c pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la @@ -552,27 +554,29 @@ commands/$(am__dirstamp): commands/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) commands/$(DEPDIR) @: > commands/$(DEPDIR)/$(am__dirstamp) +commands/acert.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/dn.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) commands/gen.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) commands/issue.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) commands/keyid.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) -commands/pub.$(OBJEXT): commands/$(am__dirstamp) \ - commands/$(DEPDIR)/$(am__dirstamp) -commands/req.$(OBJEXT): commands/$(am__dirstamp) \ +commands/pkcs12.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) -commands/self.$(OBJEXT): commands/$(am__dirstamp) \ +commands/pkcs7.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) commands/print.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) -commands/signcrl.$(OBJEXT): commands/$(am__dirstamp) \ +commands/pub.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) -commands/acert.$(OBJEXT): commands/$(am__dirstamp) \ +commands/req.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) -commands/pkcs7.$(OBJEXT): commands/$(am__dirstamp) \ +commands/self.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) -commands/pkcs12.$(OBJEXT): commands/$(am__dirstamp) \ +commands/signcrl.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) commands/verify.$(OBJEXT): commands/$(am__dirstamp) \ commands/$(DEPDIR)/$(am__dirstamp) @@ -591,6 +595,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pki.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/acert.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/dn.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/gen.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/issue.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/keyid.Po@am__quote@ diff --git a/src/pki/command.h b/src/pki/command.h index d49adda09..e55c579e4 100644 --- a/src/pki/command.h +++ b/src/pki/command.h @@ -24,7 +24,7 @@ /** * Maximum number of commands (+1). */ -#define MAX_COMMANDS 13 +#define MAX_COMMANDS 14 /** * Maximum number of options in a command (+3) diff --git a/src/pki/commands/dn.c b/src/pki/commands/dn.c new file mode 100644 index 000000000..75585fc16 --- /dev/null +++ b/src/pki/commands/dn.c @@ -0,0 +1,146 @@ +/* + * Copyright (C) 2015 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pki.h" + +#include <credentials/certificates/certificate.h> + +#include <errno.h> + +/** + * Extract subject DN + */ +static int dn() +{ + identification_t *id; + certificate_t *cert; + chunk_t chunk; + enum { + FORMAT_CONFIG, + FORMAT_HEX, + FORMAT_BASE64, + FORMAT_BINARY, + } format = FORMAT_CONFIG; + char *arg, *file = NULL, *fmt; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 'f': + if (streq(arg, "hex")) + { + format = FORMAT_HEX; + } + else if (streq(arg, "base64")) + { + format = FORMAT_BASE64; + } + else if (streq(arg, "bin")) + { + format = FORMAT_BINARY; + } + else if (!streq(arg, "config")) + { + return command_usage( "invalid output format"); + } + continue; + case 'i': + file = arg; + continue; + case EOF: + break; + default: + return command_usage("invalid --print option"); + } + break; + } + if (file) + { + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + chunk_t chunk; + + set_file_mode(stdin, CERT_ASN1_DER); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "reading input failed: %s\n", strerror(errno)); + return 1; + } + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); + } + if (!cert) + { + fprintf(stderr, "parsing input failed\n"); + return 1; + } + id = cert->get_subject(cert); + if (!id) + { + fprintf(stderr, "failed to get certificate's subject DN\n"); + cert->destroy(cert); + return 1; + } + fmt = "%.*s\n"; + switch (format) + { + case FORMAT_CONFIG: + fmt = "\"asn1dn:#%.*s\"\n"; + /* fall-through */ + case FORMAT_HEX: + chunk = chunk_to_hex(id->get_encoding(id), NULL, FALSE); + printf(fmt, (int)chunk.len, chunk.ptr); + chunk_free(&chunk); + break; + case FORMAT_BASE64: + chunk = chunk_to_base64(id->get_encoding(id), NULL); + printf(fmt, (int)chunk.len, chunk.ptr); + chunk_free(&chunk); + break; + case FORMAT_BINARY: + chunk = id->get_encoding(id); + if (fwrite(chunk.ptr, chunk.len, 1, stdout) != 1) + { + fprintf(stderr, "writing subject DN failed\n"); + } + break; + } + cert->destroy(cert); + return 0; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) + { dn, 'd', "dn", + "extract the subject DN of an X.509 certificate", + {"[--in file] [--format config|hex|base64|bin]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "input file, default: stdin"}, + {"format", 'f', 1, "output format, default: config"}, + } + }); +} diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 6a2d09d78..2dc9fcce3 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -64,6 +64,8 @@ static int issue() certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL; private_key_t *private = NULL; public_key_t *public = NULL; + credential_type_t type = CRED_PUBLIC_KEY; + key_type_t subtype = KEY_ANY; bool pkcs10 = FALSE; char *file = NULL, *dn = NULL, *hex = NULL, *cacert = NULL, *cakey = NULL; char *error = NULL, *keyid = NULL; @@ -100,6 +102,21 @@ static int issue() { pkcs10 = TRUE; } + else if (streq(arg, "rsa")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_RSA; + } + else if (streq(arg, "ecdsa")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_ECDSA; + } + else if (streq(arg, "bliss")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_BLISS; + } else if (!streq(arg, "pub")) { error = "invalid input type"; @@ -447,10 +464,10 @@ static int issue() } else { - DBG2(DBG_LIB, "Reading public key:"); + DBG2(DBG_LIB, "Reading key:"); if (file) { - public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + public = lib->creds->create(lib->creds, type, subtype, BUILD_FROM_FILE, file, BUILD_END); } else @@ -460,13 +477,19 @@ static int issue() if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "%s: ", strerror(errno)); - error = "reading public key failed"; + error = "reading key failed"; goto end; } - public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + public = lib->creds->create(lib->creds, type, subtype, BUILD_BLOB, chunk, BUILD_END); free(chunk.ptr); } + if (public && type == CRED_PRIVATE_KEY) + { + private_key_t *priv = (private_key_t*)public; + public = priv->get_public_key(priv); + priv->destroy(priv); + } } if (!public) { @@ -557,7 +580,7 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { issue, 'i', "issue", "issue a certificate using a CA certificate and key", - {"[--in file] [--type pub|pkcs10] --cakey file|--cakeyid hex", + {"[--in file] [--type pub|pkcs10|rsa|ecdsa|bliss] --cakey file|--cakeyid hex", " --cacert file [--dn subject-dn] [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--ca] [--pathlen len]", "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+", @@ -568,7 +591,7 @@ static void __attribute__ ((constructor))reg() "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, - {"in", 'i', 1, "public key/request file to issue, default: stdin"}, + {"in", 'i', 1, "key/request file to issue, default: stdin"}, {"type", 't', 1, "type of input, default: pub"}, {"cacert", 'c', 1, "CA certificate file"}, {"cakey", 'k', 1, "CA private key file"}, diff --git a/src/pki/man/Makefile.am b/src/pki/man/Makefile.am index 4c901ae3c..fc9440031 100644 --- a/src/pki/man/Makefile.am +++ b/src/pki/man/Makefile.am @@ -1,15 +1,16 @@ man1_MANS = \ pki.1 \ + pki---acert.1 \ + pki---dn.1 \ pki---gen.1 \ - pki---self.1 \ pki---issue.1 \ - pki---signcrl.1 \ - pki---acert.1 \ - pki---req.1 \ - pki---pkcs7.1 \ pki---keyid.1 \ + pki---pkcs7.1 \ pki---print.1 \ pki---pub.1 \ + pki---req.1 \ + pki---self.1 \ + pki---signcrl.1 \ pki---verify.1 CLEANFILES = $(man1_MANS) diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index 45355bacd..62942d108 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -79,13 +79,13 @@ build_triplet = @build@ host_triplet = @host@ subdir = src/pki/man DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/pki.1.in $(srcdir)/pki---gen.1.in \ + $(srcdir)/pki.1.in $(srcdir)/pki---acert.1.in \ + $(srcdir)/pki---dn.1.in $(srcdir)/pki---gen.1.in \ $(srcdir)/pki---issue.1.in $(srcdir)/pki---keyid.1.in \ - $(srcdir)/pki---pkcs7.1.in $(srcdir)/pki---pkcs12.1.in \ + $(srcdir)/pki---pkcs12.1.in $(srcdir)/pki---pkcs7.1.in \ $(srcdir)/pki---print.1.in $(srcdir)/pki---pub.1.in \ $(srcdir)/pki---req.1.in $(srcdir)/pki---self.1.in \ - $(srcdir)/pki---signcrl.1.in $(srcdir)/pki---acert.1.in \ - $(srcdir)/pki---verify.1.in + $(srcdir)/pki---signcrl.1.in $(srcdir)/pki---verify.1.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -101,10 +101,10 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = pki.1 pki---gen.1 pki---issue.1 pki---keyid.1 \ - pki---pkcs7.1 pki---pkcs12.1 pki---print.1 pki---pub.1 \ - pki---req.1 pki---self.1 pki---signcrl.1 pki---acert.1 \ - pki---verify.1 +CONFIG_CLEAN_FILES = pki.1 pki---acert.1 pki---dn.1 pki---gen.1 \ + pki---issue.1 pki---keyid.1 pki---pkcs12.1 pki---pkcs7.1 \ + pki---print.1 pki---pub.1 pki---req.1 pki---self.1 \ + pki---signcrl.1 pki---verify.1 CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -385,16 +385,17 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ man1_MANS = \ pki.1 \ + pki---acert.1 \ + pki---dn.1 \ pki---gen.1 \ - pki---self.1 \ pki---issue.1 \ - pki---signcrl.1 \ - pki---acert.1 \ - pki---req.1 \ - pki---pkcs7.1 \ pki---keyid.1 \ + pki---pkcs7.1 \ pki---print.1 \ pki---pub.1 \ + pki---req.1 \ + pki---self.1 \ + pki---signcrl.1 \ pki---verify.1 CLEANFILES = $(man1_MANS) @@ -433,16 +434,20 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__aclocal_m4_deps): pki.1: $(top_builddir)/config.status $(srcdir)/pki.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---acert.1: $(top_builddir)/config.status $(srcdir)/pki---acert.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---dn.1: $(top_builddir)/config.status $(srcdir)/pki---dn.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ pki---gen.1: $(top_builddir)/config.status $(srcdir)/pki---gen.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ pki---issue.1: $(top_builddir)/config.status $(srcdir)/pki---issue.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ pki---keyid.1: $(top_builddir)/config.status $(srcdir)/pki---keyid.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ -pki---pkcs7.1: $(top_builddir)/config.status $(srcdir)/pki---pkcs7.1.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ pki---pkcs12.1: $(top_builddir)/config.status $(srcdir)/pki---pkcs12.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---pkcs7.1: $(top_builddir)/config.status $(srcdir)/pki---pkcs7.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ pki---print.1: $(top_builddir)/config.status $(srcdir)/pki---print.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ pki---pub.1: $(top_builddir)/config.status $(srcdir)/pki---pub.1.in @@ -453,8 +458,6 @@ pki---self.1: $(top_builddir)/config.status $(srcdir)/pki---self.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ pki---signcrl.1: $(top_builddir)/config.status $(srcdir)/pki---signcrl.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ -pki---acert.1: $(top_builddir)/config.status $(srcdir)/pki---acert.1.in - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ pki---verify.1: $(top_builddir)/config.status $(srcdir)/pki---verify.1.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ diff --git a/src/pki/man/pki---dn.1.in b/src/pki/man/pki---dn.1.in new file mode 100644 index 000000000..ce1210fdb --- /dev/null +++ b/src/pki/man/pki---dn.1.in @@ -0,0 +1,56 @@ +.TH "PKI \-\-DN" 1 "2015-08-06" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-dn \- Extract the subject DN of an X.509 certificate +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-dn +.OP \-\-in file +.OP \-\-format format +.OP \-\-debug level +.YS +. +.SY pki\ \-\-dn +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-dn" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +extracts the ASN.1-encoded subject DistinguishedName (DN) of an X.509 +certificate and exports it in different formats. This may be useful when +strongSwan's identity parser is unable to produce the correct binary encoding +from a string. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-i, \-\-in " file +Input file. If not given the input is read from \fISTDIN\fR. +.TP +.BI "\-t, \-\-format " format +Output format. One of \fIconfig\fR (strongSwan configuration compatible), +\fIhex\fR (hexadecimal encoding, no prefix), \fIbase64\fR (Base64 encoding, +no prefix), \fIbin\fR (raw binary data), defaults to \fIconfig\fR. +. +.SH "SEE ALSO" +. +.BR pki (1) diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in index 3a89059c8..20238b73d 100644 --- a/src/pki/man/pki---issue.1.in +++ b/src/pki/man/pki---issue.1.in @@ -67,8 +67,9 @@ Public key or PKCS#10 certificate request file to issue. If not given the key/request is read from \fISTDIN\fR. .TP .BI "\-t, \-\-type " type -Type of the input. Either \fIpub\fR for a public key, or \fIpkcs10\fR for a -PKCS#10 certificate request, defaults to \fIpub\fR. +Type of the input. One of \fIpub\fR (public key), \fIrsa\fR (RSA private key), +\fIecdsa\fR (ECDSA private key), or \fIpkcs10\fR (PKCS#10 certificate request), +defaults to \fIpub\fR. .TP .BI "\-k, \-\-cakey " file CA private key file. Either this or diff --git a/src/pki/man/pki.1.in b/src/pki/man/pki.1.in index f347031b4..f1a2ae2c0 100644 --- a/src/pki/man/pki.1.in +++ b/src/pki/man/pki.1.in @@ -1,4 +1,4 @@ -.TH PKI 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH PKI 1 "2015-08-06" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -64,6 +64,9 @@ Calculate key identifiers of a key or certificate. .B "\-a, \-\-print" Print a credential (key, certificate etc.) in human readable form. .TP +.B "\-d, \-\-dn" +Extract the subject DN of an X.509 certificate. +.TP .B "\-p, \-\-pub" Extract a public key from a private key or certificate. .TP @@ -156,5 +159,6 @@ certificates with the \-\-crl option. .BR pki\ \-\-pkcs7 (1), .BR pki\ \-\-keyid (1), .BR pki\ \-\-print (1), +.BR pki\ \-\-dn (1), .BR pki\ \-\-pub (1), .BR pki\ \-\-verify (1) |