630b2d83a7
Allow ASCII-armored PGP pub keys to be passed into -pgp-keys.
...
Fixes #940
2016-01-18 17:01:52 -05:00
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
8d1e5cb50d
Add returning which user names could not be looked up
2016-01-04 13:56:45 -05:00
90ec946dab
Address review feedback.
2016-01-04 11:18:04 -05:00
d11509830f
Happy New Year everyone! (Add keybase support for PGP keys.)
...
Keys specified in rekey and init operations can now be sourced from
keybase.io by using "keybase:[username]" as the key.
2015-12-31 20:47:41 -05:00
4dac5f5a0e
Merge pull request #829 from andrewstuart/master
...
Add parsing of pkcs#8-encoded bundles for pki/config/ca
2015-12-22 10:06:59 -05:00
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
4cb2941b77
[helper] support mlock on Solaris/SmartOS
2015-12-15 11:28:16 -08:00
c81e5c41d2
Update PrivateKeyType to string, update switch statement.
2015-12-14 11:16:47 -07:00
100465fee8
Remove unnecessary cast
2015-12-14 06:17:20 -07:00
567282170f
Remove printf call from test
2015-12-11 15:47:00 -07:00
ae9e842841
Merge branch 'pkcs8'
2015-12-11 15:22:43 -07:00
43bd14a755
Add benchmark for certutil bundle parsing
2015-12-11 15:17:49 -07:00
551591fb70
Remove debugging print statement in compareCertBundleToParsedCertBundle
2015-12-11 15:17:49 -07:00
b277eb9f14
Remove flag check before trying pkcs8 parsing.
2015-12-11 15:17:49 -07:00
6f672a9589
Add pkcs8 flag setting in ParsePEMBundle
2015-12-11 15:17:49 -07:00
4da225d39e
Update tests and finish implementation of PKCS8 handling
2015-12-11 15:17:49 -07:00
25667df5f7
Update ParsePEMBundle to properly handle pkcs#8
...
Implementation based on be16001187/src/crypto/tls/tls.go (L273-L290)
2015-12-11 15:17:49 -07:00
2861be29a4
Move to pem.Block.Type-based decoding
2015-12-11 14:57:33 -07:00
9d97cc36c9
Add benchmark for certutil bundle parsing
2015-12-11 09:58:49 -07:00
e70b0b86e2
Merge branch 'master' into pkcs8
2015-12-10 21:02:59 -07:00
572f587093
Update flag to field with format info
2015-12-10 21:02:31 -07:00
889245c990
Remove debugging print statement in compareCertBundleToParsedCertBundle
2015-12-10 16:33:42 -07:00
cdeca4ed92
Remove flag check before trying pkcs8 parsing.
2015-12-09 19:41:32 -07:00
ef2be34985
Remove flag check before trying pkcs8 parsing.
2015-12-09 15:33:25 -07:00
a3b096e3fe
Add pkcs8 flag setting in ParsePEMBundle
2015-12-09 15:33:25 -07:00
7d274cbb0b
Update tests and finish implementation of PKCS8 handling
2015-12-09 15:33:25 -07:00
db48b7fccf
Update ParsePEMBundle to properly handle pkcs#8
...
Implementation based on be16001187/src/crypto/tls/tls.go (L273-L290)
2015-12-09 15:29:13 -07:00
22a6d6fa22
Merge branch 'master' into pki-csrs
2015-11-20 12:48:38 -05:00
0dbe15cb87
Mostly revert changes to certutil as the embedded struct stuff was being
...
problematic.
2015-11-19 14:18:39 -05:00
f41a2e562a
fix tests
2015-11-19 10:13:28 -05:00
26c8cf874d
Move public key comparison logic to its own function
2015-11-19 09:51:18 -05:00
4681d027c0
Move serial number generation and key validation into certutil; centralize format and key verification
2015-11-19 09:51:18 -05:00
5510a2b16f
Add unit tests for CSR bundle conversion
2015-11-19 09:51:18 -05:00
54fccb2ff4
Add support for EC CA keys, output to base64-encoded DER instead of PEM, and tests for all of those. Also note that Go 1.5 is now required.
2015-11-19 09:51:17 -05:00
b2df079446
Add unit tests to test signing logic, fix up test logic for names
2015-11-19 09:51:17 -05:00
1cec03d9ca
Implement CA cert/CSR generation. CA certs can be self-signed or
...
generate an intermediate CSR, which can be signed.
2015-11-19 09:51:17 -05:00
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
c66f0918be
Add delete method, and ability to delete only one serial as well as an entire set.
2015-11-03 10:52:20 -05:00
2917e6be2f
helper/password: interrupt should exit readline
2015-10-16 16:01:19 -07:00
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
ad840233eb
Allow base64-encoded keys to be used on the CLI for init/rekey.
...
Fixes #653 .
2015-10-06 12:47:01 -04:00
8d71601221
Changes to salt to clean up HMAC stuff.
2015-09-18 18:13:10 -04:00
5dde76fa1c
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 17:38:30 -04:00
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
8669a87fdd
When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes.
2015-08-26 07:59:50 -07:00
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
Jeff Mitchell