aipper/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2025-10-13 16:31:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add -ecdsa for generating certificates with ECDSA keys

Browse Source 
Fixes #118
This commit is contained in:
Filippo Valsorda
2019-02-02 15:26:03 -05:00
parent 821679b01f
commit 5bb0c47df7
3 changed files with 30 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
cert.go
View File

@@ -5,6 +5,9 @@
package main
import (
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/sha1"
@@ -44,8 +47,9 @@ func (m *mkcert) makeCert(hosts []string) {
log.Fatalln("ERROR: can't create new certificates because the CA key (rootCA-key.pem) is missing")
}
priv, err := rsa.GenerateKey(rand.Reader, 2048)
priv, err := m.generateKey(false)
fatalIfErr(err, "failed to generate certificate key")
pub := priv.(crypto.Signer).Public()
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
@@ -79,8 +83,7 @@ func (m *mkcert) makeCert(hosts []string) {
tpl.Subject.CommonName = hosts[0]
}
pub := priv.PublicKey
cert, err := x509.CreateCertificate(rand.Reader, tpl, m.caCert, &pub, m.caKey)
cert, err := x509.CreateCertificate(rand.Reader, tpl, m.caCert, pub, m.caKey)
fatalIfErr(err, "failed to generate certificate")
certFile, keyFile, p12File := m.fileNames(hosts)
@@ -127,6 +130,16 @@ func (m *mkcert) makeCert(hosts []string) {
}
}
func (m *mkcert) generateKey(rootCA bool) (crypto.PrivateKey, error) {
if m.ecdsa {
return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
}
if rootCA {
return rsa.GenerateKey(rand.Reader, 3072)
}
return rsa.GenerateKey(rand.Reader, 2048)
}
func (m *mkcert) fileNames(hosts []string) (certFile, keyFile, p12File string) {
defaultName := strings.Replace(hosts[0], ":", "_", -1)
defaultName = strings.Replace(defaultName, "*", "_wildcard", -1)
@@ -182,15 +195,15 @@ func (m *mkcert) loadCA() {
}
func (m *mkcert) newCA() {
priv, err := rsa.GenerateKey(rand.Reader, 3072)
priv, err := m.generateKey(true)
fatalIfErr(err, "failed to generate the CA key")
pub := priv.PublicKey
pub := priv.(crypto.Signer).Public()
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
fatalIfErr(err, "failed to generate serial number")
spkiASN1, err := x509.MarshalPKIXPublicKey(&pub)
spkiASN1, err := x509.MarshalPKIXPublicKey(pub)
fatalIfErr(err, "failed to encode public key")
var spki struct {
@@ -225,7 +238,7 @@ func (m *mkcert) newCA() {
MaxPathLenZero: true,
}
cert, err := x509.CreateCertificate(rand.Reader, tpl, tpl, &pub, priv)
cert, err := x509.CreateCertificate(rand.Reader, tpl, tpl, pub, priv)
fatalIfErr(err, "failed to generate CA certificate")
privDER, err := x509.MarshalPKCS8PrivateKey(priv)