bcollet/apc-p15-tool
1
0
Fork 0
mirror of https://github.com/gregtwallace/apc-p15-tool.git synced 2025-01-22 08:14:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add rsa 1024 support (not recommended though)

Browse source
This commit is contained in:
Greg T. Wallace 2024-02-04 10:59:58 -05:00
parent b878deaf2d
commit b633a357c7
4 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -7,10 +7,10 @@ proprietary tools (such as cryptlib).
This tool's create functionality is modeled from the APC NMCSecurityWizardCLI
aka `NMC Security Wizard CLI Utility`. The files it generates should be
comaptible with any UPS that accepts p15 files from that tool, though
currently my tool only supports RSA 2,048 bit keys. This was done since
1,024 is generally not considered secure any more and most (all?) public
ACME services won't accept keys of this size.
comaptible with any UPS that accepts p15 files from that tool. Only RSA 1,024
and 2,048 bit keys are accepted. 1,024 bit RSA is no longer considered
completely secure; avoid keys of this size if possible. Most (all?) public
ACME services won't accept keys of this size anyway.
The install functionality is a custom creation of mine so it may or may not
work depending on your exact setup. My setup (and therefore the testing

8
pkg/app/config.go
View file

@ -65,9 +65,9 @@ func (app *app) getConfig(args []string) error {
// create -- subcommand
createFlags := ff.NewFlagSet("create").SetParent(rootFlags)
cfg.create.keyPemFilePath = createFlags.StringLong("keyfile", "", "path and filename of the rsa-2048 key in pem format")
cfg.create.keyPemFilePath = createFlags.StringLong("keyfile", "", "path and filename of the rsa-1024 or rsa-2048 key in pem format")
cfg.create.certPemFilePath = createFlags.StringLong("certfile", "", "path and filename of the certificate in pem format")
cfg.create.keyPem = createFlags.StringLong("keypem", "", "string of the rsa-2048 key in pem format")
cfg.create.keyPem = createFlags.StringLong("keypem", "", "string of the rsa-1024 or rsa-2048 key in pem format")
cfg.create.certPem = createFlags.StringLong("certpem", "", "string of the certificate in pem format")
cfg.create.outFilePath = createFlags.StringLong("outfile", createDefaultOutFilePath, "path and filename to write the p15 file to")
@ -84,9 +84,9 @@ func (app *app) getConfig(args []string) error {
// install -- subcommand
installFlags := ff.NewFlagSet("install").SetParent(rootFlags)
cfg.install.keyPemFilePath = installFlags.StringLong("keyfile", "", "path and filename of the rsa-2048 key in pem format")
cfg.install.keyPemFilePath = installFlags.StringLong("keyfile", "", "path and filename of the rsa-1024 or rsa-2048 key in pem format")
cfg.install.certPemFilePath = installFlags.StringLong("certfile", "", "path and filename of the certificate in pem format")
cfg.install.keyPem = installFlags.StringLong("keypem", "", "string of the rsa-2048 key in pem format")
cfg.install.keyPem = installFlags.StringLong("keypem", "", "string of the rsa-1024 or rsa-2048 key in pem format")
cfg.install.certPem = installFlags.StringLong("certpem", "", "string of the certificate in pem format")
cfg.install.hostAndPort = installFlags.StringLong("apchost", "", "hostname:port of the apc ups to install the certificate on")
cfg.install.fingerprint = installFlags.StringLong("fingerprint", "", "the SHA256 fingerprint value of the ups' ssh server")

4
pkg/app/file_header.go
View file

@ -8,8 +8,8 @@ import (
)
// makeFileHeader generates the 228 byte header to prepend to the .p15
// as required by APC UPS NMC. Only 2,048 bit RSA keys are supported
// so the header will always be written with that key size assumption
// as required by APC UPS NMC. Contrary to the apc_tools repo, it does
// mot appear the header changes based on key size.
func makeFileHeader(p15File []byte) ([]byte, error) {
// original reference code from: https://github.com/bbczeuz/apc_tools
// // add APC header

8
pkg/pkcs15/pem_decode.go
View file

@ -13,7 +13,7 @@ var (
errPemKeyBadBlock = errors.New("pkcs15: pem key: failed to decode pem block")
errPemKeyFailedToParse = errors.New("pkcs15: pem key: failed to parse key")
errPemKeyWrongBlockType = errors.New("pkcs15: pem key: unsupported pem block type (only pkcs1 and pkcs8 supported)")
errPemKeyWrongType = errors.New("pkcs15: pem key: unsupported key type (only rsa 2,048 supported)")
errPemKeyWrongType = errors.New("pkcs15: pem key: unsupported key type (only rsa 1,024 or 2,048 supported)")
errPemCertBadBlock = errors.New("pkcs15: pem cert: failed to decode pem block")
errPemCertFailedToParse = errors.New("pkcs15: pem cert: failed to parse cert")
@ -21,7 +21,7 @@ var (
// pemKeyDecode attempts to decode a pem encoded byte slice and then attempts
// to parse an RSA private key from the decoded pem block. an error is returned
// if any of these steps fail OR if the rsa key is not of bitlen 2,048
// if any of these steps fail OR if the key is not RSA and of bitlen 1,024 or 2,048
func pemKeyDecode(keyPem []byte) (*rsa.PrivateKey, error) {
// decode
pemBlock, _ := pem.Decode([]byte(keyPem))
@ -48,7 +48,7 @@ func pemKeyDecode(keyPem []byte) (*rsa.PrivateKey, error) {
}
// verify proper bitlen
if rsaKey.N.BitLen() != 2048 {
if rsaKey.N.BitLen() != 1024 && rsaKey.N.BitLen() != 2048 {
return nil, errPemKeyWrongType
}
@ -71,7 +71,7 @@ func pemKeyDecode(keyPem []byte) (*rsa.PrivateKey, error) {
}
// verify proper bitlen
if rsaKey.N.BitLen() != 2048 {
if rsaKey.N.BitLen() != 1024 && rsaKey.N.BitLen() != 2048 {
return nil, errPemKeyWrongType
}