Project

General

Profile

Feature #618

pki --issue --in option should also accept private keys

Added by Jonathan Davies over 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
pki
Target version:
Start date:
15.06.2014
Due date:
Estimated time:
Resolution:
Fixed

Description

I can't understand why this is happening:

$ pki --gen --type ecdsa >| gwKey.der
$ pki --issue --in gwKey.der --cacert caCert.der \
    --flag serverAuth --flag ikeIntermediate --cakey caKey.der --san \
    “123.abc.def.456” --dn "C=CH, O=Example AG, CN=vpn-gw.example.com" 
building CRED_PUBLIC_KEY - ANY failed, tried 3 builders
parsing public key failed

I think --in is much cleaner than the classic:

$ pki --pub --type ecdsa --in gwKey.der | pki --issue ...

And looks less like magic to new users.

Associated revisions

Revision 1bc25499 (diff)
Added by Tobias Brunner over 5 years ago

pki: Optionally extract public key from given private key in --issue

Fixes #618.

History

#1 Updated by Noel Kuntze over 6 years ago

Hello,

You need to extract the public key of the key pair before you try to sign it.

Regards,
Noel Kuntze

#2 Updated by Tobias Brunner over 5 years ago

  • Tracker changed from Issue to Feature
  • Subject changed from pki --issue --in option doesn't seem to work to pki --issue --in option should also accept private keys
  • Category set to pki
  • Status changed from New to Feedback
  • Resolution set to No feedback

As mentioned by Noel and documented on the wiki and, in more detail, the man page the --in option currently takes a public key or a PKCS#10 certificate request. I quickly threw together a patch that adds the possibility to extract the public key from the private key though (see pki-issue-in branch).

#3 Updated by Tobias Brunner over 5 years ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.3.3
  • Resolution changed from No feedback to Fixed

Merged to master.

Also available in: Atom PDF