hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.13.6

Browse Source
This commit is contained in:
Hatter Jiang
2025-05-14 00:30:19 +08:00
parent b4beaa3a75
commit 7fa6aa1146
3 changed files with 36 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -508,7 +508,7 @@ dependencies = [
[[package]] [[package]]
name = "card-cli" name = "card-cli"
version = "1.13.5" version = "1.13.6"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"authenticator 0.3.1", "authenticator 0.3.1",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "card-cli" name = "card-cli"
version = "1.13.5" version = "1.13.6"
authors = ["Hatter Jiang <jht5945@gmail.com>"] authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018" edition = "2018"

52
src/cmd_keypair_generate.rs
View File

@@ -1,6 +1,7 @@
use crate::ecdsautil::EcdsaAlgorithm; use crate::ecdsautil::EcdsaAlgorithm;
use crate::keychain::{KeychainKey, KeychainKeyValue}; use crate::keychain::{KeychainKey, KeychainKeyValue};
use crate::keyutil::{KeyAlgorithmId, KeyUri, YubikeyHmacEncSoftKey}; use crate::keyutil::{KeyAlgorithmId, KeyUri, YubikeyHmacEncSoftKey};
use crate::pivutil::FromStr;
use crate::util::base64_encode; use crate::util::base64_encode;
use crate::{cmd_hmac_encrypt, cmdutil, ecdsautil, hmacutil, pbeutil, rsautil, util, yubikeyutil}; use crate::{cmd_hmac_encrypt, cmdutil, ecdsautil, hmacutil, pbeutil, rsautil, util, yubikeyutil};
use clap::{App, Arg, ArgMatches, SubCommand}; use clap::{App, Arg, ArgMatches, SubCommand};
@@ -59,9 +60,8 @@ impl Command for CommandImpl {
_ => None, _ => None,
}; };
let ( let (pkcs8_base64, secret_key_pem, public_key_pem, public_key_der, jwk_key) =
pkcs8_base64, secret_key_pem, public_key_pem, public_key_der, jwk_key if let Some(ecdsa_algorithm) = ecdsa_algorithm {
) = if let Some(ecdsa_algorithm) = ecdsa_algorithm {
ecdsautil::generate_ecdsa_keypair(ecdsa_algorithm)? ecdsautil::generate_ecdsa_keypair(ecdsa_algorithm)?
} else if let Some(rsa_bit_size) = rsa_bit_size { } else if let Some(rsa_bit_size) = rsa_bit_size {
rsautil::generate_rsa_keypair(rsa_bit_size)? rsautil::generate_rsa_keypair(rsa_bit_size)?
@@ -93,34 +93,32 @@ impl Command for CommandImpl {
None None
}; };
if json_output { let algorithm_id = KeyAlgorithmId::from_str(&key_type);
let mut json = BTreeMap::<&'_ str, String>::new();
match keychain_key_uri { let with_encrypt = hmacutil::is_hmac_encrypted(&pkcs8_base64)
None => { || pbeutil::is_simple_pbe_encrypted(&pkcs8_base64);
json.insert("private_key_base64", pkcs8_base64.clone()); let yubikey_hmac_enc_soft_key_uri =
json.insert("private_key_pem", secret_key_pem);
let algorithm_id = match key_type.as_str() {
"p256" => Some(KeyAlgorithmId::EccP256),
"p384" => Some(KeyAlgorithmId::EccP384),
"p521" => Some(KeyAlgorithmId::EccP521),
"rsa1024" => Some(KeyAlgorithmId::Rsa1024),
"rsa2048" => Some(KeyAlgorithmId::Rsa2048),
"rsa3072" => Some(KeyAlgorithmId::Rsa3072),
"rsa4096" => Some(KeyAlgorithmId::Rsa4096),
_ => None,
};
let with_encrypt = hmacutil::is_hmac_encrypted(&pkcs8_base64) || pbeutil::is_simple_pbe_encrypted(&pkcs8_base64);
if let (true, Some(algorithm_id)) = (with_encrypt, algorithm_id) { if let (true, Some(algorithm_id)) = (with_encrypt, algorithm_id) {
let yk = yubikeyutil::open_yubikey()?; let yk = yubikeyutil::open_yubikey()?;
let yubikey_hmac_enc_soft_key = YubikeyHmacEncSoftKey { let yubikey_hmac_enc_soft_key = YubikeyHmacEncSoftKey {
key_name: format!("yubikey{}-{}", yk.version().major, yk.serial().0), key_name: format!("yubikey{}-{}", yk.version().major, yk.serial().0),
algorithm: algorithm_id, algorithm: algorithm_id,
hmac_enc_private_key: pkcs8_base64, hmac_enc_private_key: pkcs8_base64.clone(),
}; };
json.insert( Some(KeyUri::YubikeyHmacEncSoftKey(yubikey_hmac_enc_soft_key).to_string())
"key_uri", } else {
KeyUri::YubikeyHmacEncSoftKey(yubikey_hmac_enc_soft_key).to_string(), None
); };
if json_output {
let mut json = BTreeMap::<&'_ str, String>::new();
match keychain_key_uri {
None => {
json.insert("private_key_base64", pkcs8_base64);
json.insert("private_key_pem", secret_key_pem);
if let Some(yubikey_hmac_enc_soft_key_uri) = yubikey_hmac_enc_soft_key_uri {
json.insert("key_uri", yubikey_hmac_enc_soft_key_uri.to_string());
} }
} }
Some(keychain_key_uri) => { Some(keychain_key_uri) => {
@@ -137,6 +135,10 @@ impl Command for CommandImpl {
None => { None => {
information!("Private key base64:\n{}\n", pkcs8_base64); information!("Private key base64:\n{}\n", pkcs8_base64);
information!("Private key PEM:\n{}\n", secret_key_pem); information!("Private key PEM:\n{}\n", secret_key_pem);
if let Some(yubikey_hmac_enc_soft_key_uri) = yubikey_hmac_enc_soft_key_uri {
information!("Key URI:\n{}\n", yubikey_hmac_enc_soft_key_uri);
}
} }
Some(keychain_key_uri) => { Some(keychain_key_uri) => {
information!("Keychain key URI:\n{}\n", keychain_key_uri); information!("Keychain key URI:\n{}\n", keychain_key_uri);