Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 2986ffb

Browse files
committed
Add -keyfile=*.pfx
Adjust related help too.
1 parent 87900c9 commit 2986ffb

File tree

2 files changed

+48
-22
lines changed

2 files changed

+48
-22
lines changed

‎README‎

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -147,6 +147,10 @@ Options:
147147
-no-prompt
148148
Prevent OpenSSL prompting for any part of the subject.
149149

150+
-ed25519
151+
-ed448
152+
Generate an ed25519 or ed448 private key.
153+
150154
-ec:prime256v1
151155
-ec:256
152156
-ec:curve:encoding
@@ -156,10 +160,6 @@ Options:
156160
and their X25519 and X448 counterparts. The numbers 256,384 and 521 are
157161
shorthands for the curves prime256v1, secp384r1 and secp521r1.
158162

159-
-ed25519
160-
-ed448
161-
Generate an ed25519 or ed448 private key.
162-
163163
-list-curves
164164
-show-curves
165165
List the EC curves that OpenSSL supports.
@@ -174,9 +174,15 @@ Options:
174174
NB: This also makes the default digest SHA1.
175175

176176
-keyfile=FileName
177-
Don't generate a key, use the one in FileName. If you're generating
178-
a "single use ca" the second throwaway key will be generated to be
179-
the same type as the key in this file if possible.
177+
Don't generate a key, use the one in FileName. If you're
178+
generating a "single use ca" the second throwaway key (for the
179+
CA) will be generated to be the same type as the key in this
180+
file, if possible.
181+
Note that if it's a PFX file it must have a ".pfx" extension.
182+
183+
-sign=FileName
184+
Use the key and certificate in FileName to sign the certificate.
185+
Note that if it's a PFX file it must have a ".pfx" extension.
180186

181187
-csrin=FileName
182188
Use the CSR from FileName instead of generating a new key.
@@ -196,10 +202,6 @@ Options:
196202
-showcsr
197203
Dump any CSR we use to the output too.
198204

199-
-sign=FileName
200-
Use the key and certificate in FileName to sign the certificate,
201-
note if it's a PFX file it must have a ".pfx" extension.
202-
203205
-singleuseca
204206
-suca
205207
Generate a new CA key for the CA certificate and to sign the standard

‎mk-cert‎

Lines changed: 35 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,10 @@ if [ -z "$BASH_VERSION" ];then exec bash "0ドル" "$@";else set +o posix;fi
77
set -e ; PROGRAM="0ドル"
88

99
show_help_text() {
10+
if [[ -t 1 && -t 0 ]]
11+
then show_help_text | "${PAGER:-more}" ; exit
12+
fi
13+
1014
echo "Usage: $(basename "$PROGRAM") [Common Name] [arguments]"
1115
version_warnings
1216

@@ -118,6 +122,10 @@ Options:
118122
-no-prompt
119123
Prevent OpenSSL prompting for any part of the subject.
120124
125+
-ed25519
126+
-ed448
127+
Generate an ed25519 or ed448 private key.
128+
121129
-ec:prime256v1
122130
-ec:256
123131
-ec:curve:encoding
@@ -127,10 +135,6 @@ Options:
127135
and their X25519 and X448 counterparts. The numbers 256,384 and 521 are
128136
shorthands for the curves prime256v1, secp384r1 and secp521r1.
129137
130-
-ed25519
131-
-ed448
132-
Generate an ed25519 or ed448 private key.
133-
134138
-list-curves
135139
-show-curves
136140
List the EC curves that OpenSSL supports.
@@ -145,9 +149,15 @@ Options:
145149
NB: This also makes the default digest SHA1.
146150
147151
-keyfile=FileName
148-
Don't generate a key, use the one in FileName. If you're generating
149-
a "single use ca" the second throwaway key will be generated to be
150-
the same type as the key in this file if possible.
152+
Don't generate a key, use the one in FileName. If you're
153+
generating a "single use ca" the second throwaway key (for the
154+
CA) will be generated to be the same type as the key in this
155+
file, if possible.
156+
Note that if it's a PFX file it must have a ".pfx" extension.
157+
158+
-sign=FileName
159+
Use the key and certificate in FileName to sign the certificate.
160+
Note that if it's a PFX file it must have a ".pfx" extension.
151161
152162
-csrin=FileName
153163
Use the CSR from FileName instead of generating a new key.
@@ -167,10 +177,6 @@ Options:
167177
-showcsr
168178
Dump any CSR we use to the output too.
169179
170-
-sign=FileName
171-
Use the key and certificate in FileName to sign the certificate,
172-
note if it's a PFX file it must have a ".pfx" extension.
173-
174180
-singleuseca
175181
-suca
176182
Generate a new CA key for the CA certificate and to sign the standard
@@ -361,6 +367,16 @@ version_warnings() {
361367
return 0
362368
}
363369

370+
edit_readme_help_text() {
371+
[[ -f README && -f mk-cert && -f README.md ]] || {
372+
echo This needs to be run in the source tree
373+
exit 1
374+
}
375+
sed -i '/^Usage: mk-cert/,$d' README
376+
bash mk-cert -help >> README
377+
exit 0
378+
}
379+
364380
main() {
365381
eval "typeset -A SANDUP # bash4/ksh" 2>/dev/null && BASH3=no || BASH3=yes
366382

@@ -555,6 +571,7 @@ decode_args() {
555571
for ar
556572
do case "$ar" in
557573
-h|-help|--help) show_help_text ;;
574+
-edit-readme ) edit_readme_help_text ;;
558575

559576
-showconf ) SHOWCONF=yes ;;
560577

@@ -695,6 +712,13 @@ decode_args() {
695712
-list[-_]curves|-show[_-]curves )
696713
openssl ecparam -list_curves ; exit ;;
697714

715+
-keyfile[=:]*|-key[=:]*.pfx )
716+
eval "mkkey() { openssl pkcs12 -nodes -out - -in '${ar#*[=:]}' | openssl pkey; }"
717+
[[ "$KFN" = "" ]] && KFN=/dev/null
718+
KEYCLASS='file'
719+
KEYSOURCE="$KEYSOURCE:keyfile"
720+
;;
721+
698722
-keyfile[=:]*|-key[=:]* )
699723
eval "mkkey() { cat < '${ar#*[=:]}' ; }"
700724
[[ "$KFN" = "" ]] && KFN=/dev/null

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /