add rsa 1024 support (not recommended though)

2025-01-22 08:14:08 +00:00 · 2024-02-04 10:59:58 -05:00 · 2024-02-04 10:59:58 -05:00 · b633a357c7
commit b633a357c7
parent b878deaf2d
4 changed files with 14 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -7,10 +7,10 @@ proprietary tools (such as cryptlib).
 This tool's create functionality is modeled from the APC NMCSecurityWizardCLI 
 aka `NMC Security Wizard CLI Utility`. The files it generates should be 
-comaptible with any UPS that accepts p15 files from that tool, though 
+comaptible with any UPS that accepts p15 files from that tool. Only RSA 1,024
-currently my tool only supports RSA 2,048 bit keys. This was done since 
+and 2,048 bit keys are accepted. 1,024 bit RSA is no longer considered 
-1,024 is generally not considered secure any more and most (all?) public 
+completely secure; avoid keys of this size if possible. Most (all?) public 
-ACME services won't accept keys of this size.
+ACME services won't accept keys of this size anyway.
 The install functionality is a custom creation of mine so it may or may not 
 work depending on your exact setup. My setup (and therefore the testing 
--- a/pkg/app/config.go
+++ b/pkg/app/config.go
@ -65,9 +65,9 @@ func (app *app) getConfig(args []string) error {
 	// create -- subcommand
 	createFlags := ff.NewFlagSet("create").SetParent(rootFlags)
-	cfg.create.keyPemFilePath = createFlags.StringLong("keyfile", "", "path and filename of the rsa-2048 key in pem format")
+	cfg.create.keyPemFilePath = createFlags.StringLong("keyfile", "", "path and filename of the rsa-1024 or rsa-2048 key in pem format")
 	cfg.create.certPemFilePath = createFlags.StringLong("certfile", "", "path and filename of the certificate in pem format")
-	cfg.create.keyPem = createFlags.StringLong("keypem", "", "string of the rsa-2048 key in pem format")
+	cfg.create.keyPem = createFlags.StringLong("keypem", "", "string of the rsa-1024 or rsa-2048 key in pem format")
 	cfg.create.certPem = createFlags.StringLong("certpem", "", "string of the certificate in pem format")
 	cfg.create.outFilePath = createFlags.StringLong("outfile", createDefaultOutFilePath, "path and filename to write the p15 file to")
@ -84,9 +84,9 @@ func (app *app) getConfig(args []string) error {
 	// install -- subcommand
 	installFlags := ff.NewFlagSet("install").SetParent(rootFlags)
-	cfg.install.keyPemFilePath = installFlags.StringLong("keyfile", "", "path and filename of the rsa-2048 key in pem format")
+	cfg.install.keyPemFilePath = installFlags.StringLong("keyfile", "", "path and filename of the rsa-1024 or rsa-2048 key in pem format")
 	cfg.install.certPemFilePath = installFlags.StringLong("certfile", "", "path and filename of the certificate in pem format")
-	cfg.install.keyPem = installFlags.StringLong("keypem", "", "string of the rsa-2048 key in pem format")
+	cfg.install.keyPem = installFlags.StringLong("keypem", "", "string of the rsa-1024 or rsa-2048 key in pem format")
 	cfg.install.certPem = installFlags.StringLong("certpem", "", "string of the certificate in pem format")
 	cfg.install.hostAndPort = installFlags.StringLong("apchost", "", "hostname:port of the apc ups to install the certificate on")
 	cfg.install.fingerprint = installFlags.StringLong("fingerprint", "", "the SHA256 fingerprint value of the ups' ssh server")
--- a/pkg/app/file_header.go
+++ b/pkg/app/file_header.go
@ -8,8 +8,8 @@ import (
 )
 // makeFileHeader generates the 228 byte header to prepend to the .p15
-// as required by APC UPS NMC. Only 2,048 bit RSA keys are supported
+// as required by APC UPS NMC. Contrary to the apc_tools repo, it does
-// so the header will always be written with that key size assumption
+// mot appear the header changes based on key size.
 func makeFileHeader(p15File []byte) ([]byte, error) {
 	// original reference code from: https://github.com/bbczeuz/apc_tools
 	// // add APC header
--- a/pkg/pkcs15/pem_decode.go
+++ b/pkg/pkcs15/pem_decode.go
@ -13,7 +13,7 @@ var (
 	errPemKeyBadBlock       = errors.New("pkcs15: pem key: failed to decode pem block")
 	errPemKeyFailedToParse  = errors.New("pkcs15: pem key: failed to parse key")
 	errPemKeyWrongBlockType = errors.New("pkcs15: pem key: unsupported pem block type (only pkcs1 and pkcs8 supported)")
-	errPemKeyWrongType      = errors.New("pkcs15: pem key: unsupported key type (only rsa 2,048 supported)")
+	errPemKeyWrongType      = errors.New("pkcs15: pem key: unsupported key type (only rsa 1,024 or 2,048 supported)")
 	errPemCertBadBlock      = errors.New("pkcs15: pem cert: failed to decode pem block")
 	errPemCertFailedToParse = errors.New("pkcs15: pem cert: failed to parse cert")
@ -21,7 +21,7 @@ var (
 // pemKeyDecode attempts to decode a pem encoded byte slice and then attempts
 // to parse an RSA private key from the decoded pem block. an error is returned
-// if any of these steps fail OR if the rsa key is not of bitlen 2,048
+// if any of these steps fail OR if the key is not RSA and of bitlen 1,024 or 2,048
 func pemKeyDecode(keyPem []byte) (*rsa.PrivateKey, error) {
 	// decode
 	pemBlock, _ := pem.Decode([]byte(keyPem))
@ -48,7 +48,7 @@ func pemKeyDecode(keyPem []byte) (*rsa.PrivateKey, error) {
 		}
 		// verify proper bitlen
-		if rsaKey.N.BitLen() != 2048 {
+		if rsaKey.N.BitLen() != 1024 && rsaKey.N.BitLen() != 2048 {
 			return nil, errPemKeyWrongType
 		}
@ -71,7 +71,7 @@ func pemKeyDecode(keyPem []byte) (*rsa.PrivateKey, error) {
 			}
 			// verify proper bitlen
-			if rsaKey.N.BitLen() != 2048 {
+			if rsaKey.N.BitLen() != 1024 && rsaKey.N.BitLen() != 2048 {
 				return nil, errPemKeyWrongType
 			}