hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: v1.9.13, support ssh-piv-cert, but not works

Browse Source
This commit is contained in:
Hatter Jiang
2024-09-06 23:06:21 +08:00
parent 1d2a00a0c8
commit cbf127a297
6 changed files with 769 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/cmd_sshpubkey.rs
View File

@@ -1,3 +1,7 @@
use crate::digest::sha256_bytes;
use crate::pivutil;
use crate::pivutil::{get_algorithm_id_by_certificate, slot_equals, ToStr};
use crate::sshutil::SshVecWriter;
use base64::engine::general_purpose::STANDARD;
use base64::Engine;
use clap::{App, Arg, ArgMatches, SubCommand};
@@ -5,10 +9,6 @@ use rust_util::util_clap::{Command, CommandError};
use yubikey::piv::AlgorithmId;
use yubikey::{Key, YubiKey};
use crate::pivutil;
use crate::pivutil::{get_algorithm_id_by_certificate, slot_equals, ToStr};
use crate::sshutil::SshVecWriter;
pub struct CommandImpl;
impl Command for CommandImpl {
@@ -17,10 +17,12 @@ impl Command for CommandImpl {
fn subcommand<'a>(&self) -> App<'a, 'a> {
SubCommand::with_name(self.name()).about("SSH public key subcommand")
.arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e"))
.arg(Arg::with_name("ca").long("ca").help("SSH cert-authority"))
}
fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ... 95, 9a, 9c, 9d, 9e");
let ca = sub_arg_matches.is_present("ca");
let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
let slot_id = pivutil::get_slot_id(slot)?;
@@ -59,7 +61,6 @@ impl Command for CommandImpl {
information!("SSH algorithm: {}", ssh_algorithm);
information!("ECDSA public key: {}", hex::encode(&ec_key_point));
println!();
// ECDSA SSH public key format:
// string ecdsa-sha2-[identifier]
@@ -77,7 +78,18 @@ impl Command for CommandImpl {
ecc_key_blob.write_string(&ec_key_point);
ssh_pub_key.write_bytes(&ecc_key_blob);
println!("ecdsa-sha2-{} {} Yubikey-PIV-{}", ssh_algorithm, STANDARD.encode(&ssh_pub_key), slot_id);
let ssh_pub_key_sha256 = sha256_bytes(&ssh_pub_key);
information!("SSH key SHA256: {} (base64)", STANDARD.encode(&ssh_pub_key_sha256));
information!("SSH key SHA256: {} (hex)", hex::encode(&ssh_pub_key_sha256));
println!();
println!(
"{}ecdsa-sha2-{} {} Yubikey-PIV-{}",
if ca { "cert-authority " } else { "" },
ssh_algorithm,
STANDARD.encode(&ssh_pub_key),
slot_id
);
Ok(None)
}