From 7fa6aa1146b56586b903e5d6179853dc76a54621 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Wed, 14 May 2025 00:30:19 +0800
Subject: [PATCH] feat: v1.13.6

---
 Cargo.lock                  |  2 +-
 Cargo.toml                  |  2 +-
 src/cmd_keypair_generate.rs | 66 +++++++++++++++++++------------------
 3 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index fd94d42..77a7267 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -508,7 +508,7 @@ dependencies = [
 
 [[package]]
 name = "card-cli"
-version = "1.13.5"
+version = "1.13.6"
 dependencies = [
  "aes-gcm-stream",
  "authenticator 0.3.1",
diff --git a/Cargo.toml b/Cargo.toml
index 9d90cec..599ce5b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "card-cli"
-version = "1.13.5"
+version = "1.13.6"
 authors = ["Hatter Jiang <jht5945@gmail.com>"]
 edition = "2018"
 
diff --git a/src/cmd_keypair_generate.rs b/src/cmd_keypair_generate.rs
index 9a1ab91..7e14d0d 100644
--- a/src/cmd_keypair_generate.rs
+++ b/src/cmd_keypair_generate.rs
@@ -1,6 +1,7 @@
 use crate::ecdsautil::EcdsaAlgorithm;
 use crate::keychain::{KeychainKey, KeychainKeyValue};
 use crate::keyutil::{KeyAlgorithmId, KeyUri, YubikeyHmacEncSoftKey};
+use crate::pivutil::FromStr;
 use crate::util::base64_encode;
 use crate::{cmd_hmac_encrypt, cmdutil, ecdsautil, hmacutil, pbeutil, rsautil, util, yubikeyutil};
 use clap::{App, Arg, ArgMatches, SubCommand};
@@ -59,15 +60,14 @@ impl Command for CommandImpl {
             _ => None,
         };
 
-        let (
-            pkcs8_base64, secret_key_pem, public_key_pem, public_key_der, jwk_key
-        ) = if let Some(ecdsa_algorithm) = ecdsa_algorithm {
-            ecdsautil::generate_ecdsa_keypair(ecdsa_algorithm)?
-        } else if let Some(rsa_bit_size) = rsa_bit_size {
-            rsautil::generate_rsa_keypair(rsa_bit_size)?
-        } else {
-            return simple_error!("Unsupported key type: {}", key_type);
-        };
+        let (pkcs8_base64, secret_key_pem, public_key_pem, public_key_der, jwk_key) =
+            if let Some(ecdsa_algorithm) = ecdsa_algorithm {
+                ecdsautil::generate_ecdsa_keypair(ecdsa_algorithm)?
+            } else if let Some(rsa_bit_size) = rsa_bit_size {
+                rsautil::generate_rsa_keypair(rsa_bit_size)?
+            } else {
+                return simple_error!("Unsupported key type: {}", key_type);
+            };
 
         let mut password_opt = None;
         let (pkcs8_base64, secret_key_pem) = (
@@ -93,34 +93,32 @@ impl Command for CommandImpl {
             None
         };
 
+        let algorithm_id = KeyAlgorithmId::from_str(&key_type);
+
+        let with_encrypt = hmacutil::is_hmac_encrypted(&pkcs8_base64)
+            || pbeutil::is_simple_pbe_encrypted(&pkcs8_base64);
+        let yubikey_hmac_enc_soft_key_uri =
+            if let (true, Some(algorithm_id)) = (with_encrypt, algorithm_id) {
+                let yk = yubikeyutil::open_yubikey()?;
+                let yubikey_hmac_enc_soft_key = YubikeyHmacEncSoftKey {
+                    key_name: format!("yubikey{}-{}", yk.version().major, yk.serial().0),
+                    algorithm: algorithm_id,
+                    hmac_enc_private_key: pkcs8_base64.clone(),
+                };
+                Some(KeyUri::YubikeyHmacEncSoftKey(yubikey_hmac_enc_soft_key).to_string())
+            } else {
+                None
+            };
+
         if json_output {
             let mut json = BTreeMap::<&'_ str, String>::new();
             match keychain_key_uri {
                 None => {
-                    json.insert("private_key_base64", pkcs8_base64.clone());
+                    json.insert("private_key_base64", pkcs8_base64);
                     json.insert("private_key_pem", secret_key_pem);
-                    let algorithm_id = match key_type.as_str() {
-                        "p256" => Some(KeyAlgorithmId::EccP256),
-                        "p384" => Some(KeyAlgorithmId::EccP384),
-                        "p521" => Some(KeyAlgorithmId::EccP521),
-                        "rsa1024" => Some(KeyAlgorithmId::Rsa1024),
-                        "rsa2048" => Some(KeyAlgorithmId::Rsa2048),
-                        "rsa3072" => Some(KeyAlgorithmId::Rsa3072),
-                        "rsa4096" => Some(KeyAlgorithmId::Rsa4096),
-                        _ => None,
-                    };
-                    let with_encrypt = hmacutil::is_hmac_encrypted(&pkcs8_base64) || pbeutil::is_simple_pbe_encrypted(&pkcs8_base64);
-                    if let (true, Some(algorithm_id)) = (with_encrypt, algorithm_id) {
-                        let yk = yubikeyutil::open_yubikey()?;
-                        let yubikey_hmac_enc_soft_key = YubikeyHmacEncSoftKey {
-                            key_name: format!("yubikey{}-{}", yk.version().major, yk.serial().0),
-                            algorithm: algorithm_id,
-                            hmac_enc_private_key: pkcs8_base64,
-                        };
-                        json.insert(
-                            "key_uri",
-                            KeyUri::YubikeyHmacEncSoftKey(yubikey_hmac_enc_soft_key).to_string(),
-                        );
+
+                    if let Some(yubikey_hmac_enc_soft_key_uri) = yubikey_hmac_enc_soft_key_uri {
+                        json.insert("key_uri", yubikey_hmac_enc_soft_key_uri.to_string());
                     }
                 }
                 Some(keychain_key_uri) => {
@@ -137,6 +135,10 @@ impl Command for CommandImpl {
                 None => {
                     information!("Private key base64:\n{}\n", pkcs8_base64);
                     information!("Private key PEM:\n{}\n", secret_key_pem);
+
+                    if let Some(yubikey_hmac_enc_soft_key_uri) = yubikey_hmac_enc_soft_key_uri {
+                        information!("Key URI:\n{}\n", yubikey_hmac_enc_soft_key_uri);
+                    }
                 }
                 Some(keychain_key_uri) => {
                     information!("Keychain key URI:\n{}\n", keychain_key_uri);