"--issue-with",
help="Path to PEM with CA to issue the child",
)
+parser.add_argument(
+ "--reuse-key",
+ help="Path to PEM with the key to reuse",
+)
parser.add_argument(
"--out-key",
help="Path to PEM with the resulting key",
)
+parser.add_argument(
+ "--only-key",
+ action="store_true",
+ help="Only generate the key",
+)
parser.add_argument(
"--out-cert",
help="Path to PEM with the resulting certificate",
if params["publicKeyParamSet"] == curve_oid
]))
+key_params = GostR34102012PublicKeyParameters((
+ ("publicKeyParamSet", ai["publicKeyParamSet"]),
+))
+
def pem(obj):
return fill(standard_b64encode(obj.encode()).decode("ascii"), 64)
-key_params = GostR34102012PublicKeyParameters((
- ("publicKeyParamSet", ai["publicKeyParamSet"]),
-))
-
-prv_raw = urandom(ai["prv_len"])
-out = stdout if args.out_key is None else open(args.out_key, "w")
-print("-----BEGIN PRIVATE KEY-----", file=out)
-print(pem(PrivateKeyInfo((
- ("version", Integer(0)),
- ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier((
- ("algorithm", ai["key_algorithm"]),
- ("parameters", Any(key_params)),
- ))),
- ("privateKey", PrivateKey(OctetString(prv_raw).encode())),
-))), file=out)
-print("-----END PRIVATE KEY-----", file=out)
+if args.reuse_key is not None:
+ with open(args.reuse_key, "rb") as fd:
+ lines = fd.read().decode("ascii").split("-----")
+ idx = lines.index("BEGIN PRIVATE KEY")
+ if idx == -1:
+ raise ValueError("PEM has no PRIVATE KEY")
+ prv_raw = standard_b64decode(lines[idx + 1])
+ pki = PrivateKeyInfo().decod(prv_raw)
+ prv = prv_unmarshal(bytes(OctetString().decod(bytes(pki["privateKey"]))))
+else:
+ prv_raw = urandom(ai["prv_len"])
+ out = stdout if args.out_key is None else open(args.out_key, "w")
+ print("-----BEGIN PRIVATE KEY-----", file=out)
+ print(pem(PrivateKeyInfo((
+ ("version", Integer(0)),
+ ("privateKeyAlgorithm", PrivateKeyAlgorithmIdentifier((
+ ("algorithm", ai["key_algorithm"]),
+ ("parameters", Any(key_params)),
+ ))),
+ ("privateKey", PrivateKey(OctetString(prv_raw).encode())),
+ ))), file=out)
+ print("-----END PRIVATE KEY-----", file=out)
+ if args.only_key:
+ exit()
+ prv = prv_unmarshal(prv_raw)
-prv = prv_unmarshal(prv_raw)
curve = ai["curve"]
pub_raw = pub_marshal(public_key(curve, prv))
rdn = [RelativeDistinguishedName((