2 * px5g - Embedded x509 key and certificate generator based on PolarSSL
4 * Copyright (C) 2009 Steven Barth <steven@midlink.org>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License, version 2.1 as published by the Free Software Foundation.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
25 #include "polarssl/havege.h"
26 #include "polarssl/bignum.h"
27 #include "polarssl/x509.h"
28 #include "polarssl/rsa.h"
30 #define PX5G_VERSION "0.1"
31 #define PX5G_COPY "Copyright (c) 2009 Steven Barth <steven@midlink.org>"
32 #define PX5G_LICENSE "Licensed under the GNU Lesser General Public License v2.1"
34 int rsakey(char **arg
) {
38 unsigned int ksize
= 512;
41 int flag
= X509_OUTPUT_PEM
;
43 while (*arg
&& **arg
== '-') {
44 if (!strcmp(*arg
, "-out") && arg
[1]) {
47 } else if (!strcmp(*arg
, "-3")) {
49 } else if (!strcmp(*arg
, "-der")) {
50 flag
= X509_OUTPUT_DER
;
56 ksize
= (unsigned int)atoi(*arg
);
60 rsa_init(&rsa
, RSA_PKCS_V15
, 0, havege_rand
, &hs
);
62 fprintf(stderr
, "Generating RSA private key, %i bit long modulus\n", ksize
);
63 if (rsa_gen_key(&rsa
, ksize
, exp
)) {
64 fprintf(stderr
, "error: key generation failed\n");
68 if (x509write_keyfile(&rsa
, path
, flag
)) {
69 fprintf(stderr
, "error: I/O error\n");
77 int selfsigned(char **arg
) {
83 unsigned int ksize
= 512;
85 unsigned int days
= 30;
86 char *keypath
= NULL
, *certpath
= NULL
;
87 int flag
= X509_OUTPUT_PEM
;
88 time_t from
= time(NULL
), to
;
89 char fstr
[20], tstr
[20];
91 while (*arg
&& **arg
== '-') {
92 if (!strcmp(*arg
, "-der")) {
93 flag
= X509_OUTPUT_DER
;
94 } else if (!strcmp(*arg
, "-newkey") && arg
[1]) {
95 if (strncmp(arg
[1], "rsa:", 4)) {
96 fprintf(stderr
, "error: invalid algorithm");
99 ksize
= (unsigned int)atoi(arg
[1] + 4);
101 } else if (!strcmp(*arg
, "-days") && arg
[1]) {
102 days
= (unsigned int)atoi(arg
[1]);
104 } else if (!strcmp(*arg
, "-keyout") && arg
[1]) {
107 } else if (!strcmp(*arg
, "-out") && arg
[1]) {
110 } else if (!strcmp(*arg
, "-subj") && arg
[1]) {
111 if (arg
[1][0] != '/' || strchr(arg
[1], ';')) {
112 fprintf(stderr
, "error: invalid subject");
115 subject
= calloc(strlen(arg
[1]) + 1, 1);
116 char *oldc
= arg
[1] + 1, *newc
= subject
, *delim
;
118 delim
= strchr(oldc
, '=');
120 fprintf(stderr
, "error: invalid subject");
123 memcpy(newc
, oldc
, delim
- oldc
+ 1);
124 newc
+= delim
- oldc
+ 1;
127 delim
= strchr(oldc
, '/');
129 delim
= arg
[1] + strlen(arg
[1]);
131 memcpy(newc
, oldc
, delim
- oldc
);
132 newc
+= delim
- oldc
;
142 rsa_init(&rsa
, RSA_PKCS_V15
, 0, havege_rand
, &hs
);
143 x509write_init_node(&node
);
144 fprintf(stderr
, "Generating RSA private key, %i bit long modulus\n", ksize
);
145 if (rsa_gen_key(&rsa
, ksize
, exp
)) {
146 fprintf(stderr
, "error: key generation failed\n");
151 if (x509write_keyfile(&rsa
, keypath
, flag
)) {
152 fprintf(stderr
, "error: I/O error\n");
157 from
= (from
< 1000000000) ? 1000000000 : from
;
158 strftime(fstr
, sizeof(fstr
), "%F %H:%M:%S", gmtime(&from
));
159 to
= from
+ 60 * 60 * 24 * days
;
160 strftime(tstr
, sizeof(tstr
), "%F %H:%M:%S", gmtime(&to
));
163 x509write_init_raw(&cert
);
164 x509write_add_pubkey(&cert
, &rsa
);
165 x509write_add_subject(&cert
, (unsigned char*)subject
);
166 x509write_add_validity(&cert
, (unsigned char*)fstr
, (unsigned char*)tstr
);
167 fprintf(stderr
, "Generating selfsigned certificate with subject '%s'"
168 " and validity %s-%s\n", subject
, fstr
, tstr
);
169 if (x509write_create_selfsign(&cert
, &rsa
)) {
170 fprintf(stderr
, "error: certificate generation failed\n");
173 if (x509write_crtfile(&cert
, (unsigned char*)certpath
, flag
)) {
174 fprintf(stderr
, "error: I/O error\n");
178 x509write_free_raw(&cert
);
183 int main(int argc
, char *argv
[]) {
186 } else if (!strcmp(argv
[1], "rsakey")) {
187 return rsakey(argv
+2);
188 } else if (!strcmp(argv
[1], "selfsigned")) {
189 return selfsigned(argv
+2);
193 "PX5G X.509 Certificate Generator Utility v" PX5G_VERSION
"\n" PX5G_COPY
194 "\nbased on PolarSSL by Christophe Devine and Paul Bakker\n\n");
195 fprintf(stderr
, "Usage: %s [rsakey|selfsigned]\n", *argv
);
This page took 0.052497 seconds and 5 git commands to generate.