feat: v0.2.1

2023-11-03 21:44:05 +08:00
parent a9f9c2266c
commit e0c615dbd0
3 changed files with 25 additions and 1 deletions
--- a/yubikey-ca-java/README.md
+++ b/yubikey-ca-java/README.md
@@ -4,11 +4,24 @@ ENV:
 * SIGN_REQUEST_SLOT - Sign request slot, default `82`

 # Generate Keypair
+> Generate `secp256r1` or `secp384r1` keypair

 ```shell
 $ java -jar yubikey-ca-java.jar --generate-keypair --keypair-type secp256r1
 ```

+# Write Keypair to Yubikey
+
+## Write private key to Yubikey
+```shell
+$ ykman piv keys import --pin-policy ONCE --touch-policy CACHED $SLOT$ private.pem
+```
+
+## Write public key to Yubikey and generate certificate
+```shell
+$ ykman piv certificates generate $SLOT$ public.pem -s 'O=Org,OU=OrgUnit,CN=CommonName'
+```
+
 # Issue ROOT CA

 ```shell
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java
@@ -2,5 +2,5 @@ package me.hatter.tools.yubikeyca;

 public interface YubikeyCaConstant {
    String NAME = "yubikey-ca";
-    String VERSION = "0.2.0";
+    String VERSION = "0.2.1";
 }
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
@@ -1,5 +1,6 @@
 package me.hatter.tools.yubikeyca;

+import me.hatter.tools.commons.io.RFile;
 import me.hatter.tools.commons.log.LogConfig;
 import me.hatter.tools.commons.log.LogTool;
 import me.hatter.tools.commons.log.LogTools;
@@ -186,6 +187,16 @@ public class YubikeyCaMain {

        System.out.println("Private key:\n" + KeyUtil.serializePrivateKeyToPEM(keyPair.getPrivate()) + "\n");
        System.out.println("Public key: \n" + KeyUtil.serializePublicKeyToPEM(keyPair.getPublic()) + "\n");
+
+        final RFile privateKeyFile = RFile.from("private.pem");
+        final RFile publicKeyFile = RFile.from("public.pem");
+        if (privateKeyFile.exists() || publicKeyFile.exists()) {
+            log.error("Key files exists (private.pem or public.pem).");
+            return;
+        }
+        privateKeyFile.write(KeyUtil.serializePrivateKeyToPEM(keyPair.getPrivate()) + "\n");
+        publicKeyFile.write(KeyUtil.serializePublicKeyToPEM(keyPair.getPublic()) + "\n");
+        log.info("Write files succeed: private.pem and public.pem");
    }

    private static PKType getPkTypeFromArgs(YubikeyCaArgs args) {