diff options
| author | Gaurav Shah <gauravsh@chromium.org> | 2010-11-01 13:33:32 -0700 |
|---|---|---|
| committer | Gaurav Shah <gauravsh@chromium.org> | 2010-11-01 13:33:32 -0700 |
| commit | 551037b10e427687b7115751c7d613d66459c427 (patch) | |
| tree | 00995e8df8e8570cc5a19d6c077ffd05772e8e21 /utility/dumpRSAPublicKey.c | |
| parent | a98ad7aa247caf2eea820238d174c147d08f99bc (diff) | |
| download | vboot-551037b10e427687b7115751c7d613d66459c427.tar.gz | |
Make dumpRSAPublicKey also accept a public key in PEM format
This change makes dumpRSAPublicKey directly accept a public key in PEM format. This makes it possible to avoid the unnecessary step of generating a self-signed certificate to dump the public key in .keyb format.
The old style certificate input is still accepted.
Using certs (as done previously):
dumpRSAPublicKey -cert <certfile>
Directly using public keys:
dumpRSAPublicKey -pub <pubfile>
Change-Id: Ic35b59aff6613d145d7947212650da281f734b74
BUG=7576
TEST=manual
$ openssl genrsa -F4 -out test.pem 4096
$ openssl rsa -in test.pem -out test.pub
$ dumpRSAPublicKey -pub test.pub >test.pub.keyb
Verify that this matches the output we get using the old style <cert> input.
$ openssl req -batch -new -x509 -key test.pem -out test.cert
$ dumpRSAPublicKey -cert test.cert >test.cert.keyb
$ diff test.pub.keyb test.cert.keyb
$
Review URL: http://codereview.chromium.org/4215006
Diffstat (limited to 'utility/dumpRSAPublicKey.c')
| -rw-r--r-- | utility/dumpRSAPublicKey.c | 48 |
1 files changed, 30 insertions, 18 deletions
diff --git a/utility/dumpRSAPublicKey.c b/utility/dumpRSAPublicKey.c index 837303cb..da8597af 100644 --- a/utility/dumpRSAPublicKey.c +++ b/utility/dumpRSAPublicKey.c @@ -136,40 +136,52 @@ failure: } int main(int argc, char* argv[]) { + int cert_mode = 0; FILE* fp; X509* cert = NULL; RSA* pubkey = NULL; EVP_PKEY* key; - if (argc != 2) { - fprintf(stderr, "Usage: %s <certfile>\n", argv[0]); + if (argc != 3 || (strcmp(argv[1], "-cert") && strcmp(argv[1], "-pub"))) { + fprintf(stderr, "Usage: %s <-cert | -pub> <file>\n", argv[0]); return -1; } - fp = fopen(argv[1], "r"); + if (!strcmp(argv[1], "-cert")) + cert_mode = 1; + + fp = fopen(argv[2], "r"); if (!fp) { - fprintf(stderr, "Couldn't open certificate file!\n"); + fprintf(stderr, "Couldn't open file %s!\n", argv[2]); return -1; } - /* Read the certificate */ - if (!PEM_read_X509(fp, &cert, NULL, NULL)) { - fprintf(stderr, "Couldn't read certificate.\n"); - goto fail; - } - - /* Get the public key from the certificate. */ - key = X509_get_pubkey(cert); - - /* Convert to a RSA_style key. */ - if (!(pubkey = EVP_PKEY_get1_RSA(key))) { - fprintf(stderr, "Couldn't convert to a RSA style key.\n"); - goto fail; + if (cert_mode) { + /* Read the certificate */ + if (!PEM_read_X509(fp, &cert, NULL, NULL)) { + fprintf(stderr, "Couldn't read certificate.\n"); + goto fail; + } + + /* Get the public key from the certificate. */ + key = X509_get_pubkey(cert); + + /* Convert to a RSA_style key. */ + if (!(pubkey = EVP_PKEY_get1_RSA(key))) { + fprintf(stderr, "Couldn't convert to a RSA style key.\n"); + goto fail; + } + } else { + /* Read the pubkey in .PEM format. */ + if (!(pubkey = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))) { + fprintf(stderr, "Couldn't read public key file.\n"); + goto fail; + } } if (check(pubkey)) { - output (pubkey); + output(pubkey); } fail: |