feat: v1.13.6

Cargo.lock

@@ -508,7 +508,7 @@ dependencies = [
 
 [[package]]
 name = "card-cli"
-version = "1.13.5"
+version = "1.13.6"
 dependencies = [
  "aes-gcm-stream",
  "authenticator 0.3.1",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "card-cli"
-version = "1.13.5"
+version = "1.13.6"
 authors = ["Hatter Jiang <jht5945@gmail.com>"]
 edition = "2018"
 

src/cmd_keypair_generate.rs

@@ -1,6 +1,7 @@
 use crate::ecdsautil::EcdsaAlgorithm;
 use crate::keychain::{KeychainKey, KeychainKeyValue};
 use crate::keyutil::{KeyAlgorithmId, KeyUri, YubikeyHmacEncSoftKey};
+use crate::pivutil::FromStr;
 use crate::util::base64_encode;
 use crate::{cmd_hmac_encrypt, cmdutil, ecdsautil, hmacutil, pbeutil, rsautil, util, yubikeyutil};
 use clap::{App, Arg, ArgMatches, SubCommand};
@@ -59,15 +60,14 @@ impl Command for CommandImpl {
             _ => None,
         };
 
-        let (
+        let (pkcs8_base64, secret_key_pem, public_key_pem, public_key_der, jwk_key) =
-            pkcs8_base64, secret_key_pem, public_key_pem, public_key_der, jwk_key
+            if let Some(ecdsa_algorithm) = ecdsa_algorithm {
-        ) = if let Some(ecdsa_algorithm) = ecdsa_algorithm {
+                ecdsautil::generate_ecdsa_keypair(ecdsa_algorithm)?
-            ecdsautil::generate_ecdsa_keypair(ecdsa_algorithm)?
+            } else if let Some(rsa_bit_size) = rsa_bit_size {
-        } else if let Some(rsa_bit_size) = rsa_bit_size {
+                rsautil::generate_rsa_keypair(rsa_bit_size)?
-            rsautil::generate_rsa_keypair(rsa_bit_size)?
+            } else {
-        } else {
+                return simple_error!("Unsupported key type: {}", key_type);
-            return simple_error!("Unsupported key type: {}", key_type);
+            };
-        };
 
         let mut password_opt = None;
         let (pkcs8_base64, secret_key_pem) = (
@@ -93,34 +93,32 @@ impl Command for CommandImpl {
             None
         };
 
+        let algorithm_id = KeyAlgorithmId::from_str(&key_type);
+
+        let with_encrypt = hmacutil::is_hmac_encrypted(&pkcs8_base64)
+            || pbeutil::is_simple_pbe_encrypted(&pkcs8_base64);
+        let yubikey_hmac_enc_soft_key_uri =
+            if let (true, Some(algorithm_id)) = (with_encrypt, algorithm_id) {
+                let yk = yubikeyutil::open_yubikey()?;
+                let yubikey_hmac_enc_soft_key = YubikeyHmacEncSoftKey {
+                    key_name: format!("yubikey{}-{}", yk.version().major, yk.serial().0),
+                    algorithm: algorithm_id,
+                    hmac_enc_private_key: pkcs8_base64.clone(),
+                };
+                Some(KeyUri::YubikeyHmacEncSoftKey(yubikey_hmac_enc_soft_key).to_string())
+            } else {
+                None
+            };
+
         if json_output {
             let mut json = BTreeMap::<&'_ str, String>::new();
             match keychain_key_uri {
                 None => {
-                    json.insert("private_key_base64", pkcs8_base64.clone());
+                    json.insert("private_key_base64", pkcs8_base64);
                     json.insert("private_key_pem", secret_key_pem);
-                    let algorithm_id = match key_type.as_str() {
+
-                        "p256" => Some(KeyAlgorithmId::EccP256),
+                    if let Some(yubikey_hmac_enc_soft_key_uri) = yubikey_hmac_enc_soft_key_uri {
-                        "p384" => Some(KeyAlgorithmId::EccP384),
+                        json.insert("key_uri", yubikey_hmac_enc_soft_key_uri.to_string());
-                        "p521" => Some(KeyAlgorithmId::EccP521),
-                        "rsa1024" => Some(KeyAlgorithmId::Rsa1024),
-                        "rsa2048" => Some(KeyAlgorithmId::Rsa2048),
-                        "rsa3072" => Some(KeyAlgorithmId::Rsa3072),
-                        "rsa4096" => Some(KeyAlgorithmId::Rsa4096),
-                        _ => None,
-                    };
-                    let with_encrypt = hmacutil::is_hmac_encrypted(&pkcs8_base64) || pbeutil::is_simple_pbe_encrypted(&pkcs8_base64);
-                    if let (true, Some(algorithm_id)) = (with_encrypt, algorithm_id) {
-                        let yk = yubikeyutil::open_yubikey()?;
-                        let yubikey_hmac_enc_soft_key = YubikeyHmacEncSoftKey {
-                            key_name: format!("yubikey{}-{}", yk.version().major, yk.serial().0),
-                            algorithm: algorithm_id,
-                            hmac_enc_private_key: pkcs8_base64,
-                        };
-                        json.insert(
-                            "key_uri",
-                            KeyUri::YubikeyHmacEncSoftKey(yubikey_hmac_enc_soft_key).to_string(),
-                        );
                     }
                 }
                 Some(keychain_key_uri) => {
@@ -137,6 +135,10 @@ impl Command for CommandImpl {
                 None => {
                     information!("Private key base64:\n{}\n", pkcs8_base64);
                     information!("Private key PEM:\n{}\n", secret_key_pem);
+
+                    if let Some(yubikey_hmac_enc_soft_key_uri) = yubikey_hmac_enc_soft_key_uri {
+                        information!("Key URI:\n{}\n", yubikey_hmac_enc_soft_key_uri);
+                    }
                 }
                 Some(keychain_key_uri) => {
                     information!("Keychain key URI:\n{}\n", keychain_key_uri);