From 73aac163f87d07b4963890c224a552e6609a7251 Mon Sep 17 00:00:00 2001
From: Nikolaos Kakouros <nkak@kth.se>
Date: Thu, 7 Apr 2022 11:50:40 +0000
Subject: [PATCH 1/2] Adds export-p1 command

---
 easyrsa3/easyrsa | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 502f26d..81d5ff2 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -42,6 +42,7 @@ Here is the list of commands available with a short syntax reminder. Use the
   show-cert <filename_base> [ cmd-opts ]
   show-ca [ cmd-opts ]
   import-req <request_file_path> <short_basename>
+  export-p1 <filename_base> [ cmd-opts ]
   export-p7 <filename_base> [ cmd-opts ]
   export-p8 <filename_base> [ cmd-opts ]
   export-p12 <filename_base> [ cmd-opts ]
@@ -175,6 +176,11 @@ cmd_help() {
       Export a PKCS#8 file with the private key specified by <filename_base>"
 			opts="
         noca  - do not include the ca.crt file in the PKCS7 output" ;;
+		export-p1) text="
+  export-p1 <filename_base> [ cmd-opts ]
+	  Export a PKCS#1 (RSA format) file with the pubkey specified by <filename_base>"
+			opts="
+	nopass - use no password and leave the key unencrypted" ;;
 		set-rsa-pass|set-ec-pass) text="
   set-rsa-pass <filename_base> [ cmd-opts ]
   set-ec-pass <filename_base> [ cmd-opts ]
@@ -1712,7 +1718,7 @@ You may now use this name to perform signing operations on this request.
 	return 0
 } # => import_req()
 
-# export pkcs#12 or pkcs#7
+# export pkcs#12, pkcs#7, pkcs#8 or pkcs#1
 export_pkcs() {
 	pkcs_type="$1"
 	shift
@@ -1805,6 +1811,18 @@ Export of p7 failed: see above for related openssl errors."
 			${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
 Export of p8 failed: see above for related openssl errors."
       ;;
+	p1)
+		pkcs_out="$EASYRSA_PKI/private/$short_name.p1"
+		if [ -z "$want_pass" ]; then
+			opts="-aes256"
+		fi
+
+		# export the p1:
+		# shellcheck disable=SC2086
+		easyrsa_openssl rsa -in "$key_in" $opts \
+			-out "$pkcs_out" ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
+Export of p1 failed: see above for related openssl errors."
+	;;
 esac
 
 	notice "\
@@ -3030,6 +3048,9 @@ case "$cmd" in
 	export-p8)
 		export_pkcs p8 "$@"
 		;;
+	export-p1)
+		export_pkcs p1 "$@"
+		;;
 	set-rsa-pass)
 		set_pass rsa "$@"
 		;;

From 21ddca1af9e4ef273cc61dacdca7d43ee089c739 Mon Sep 17 00:00:00 2001
From: Nikolaos Kakouros <nkak@kth.se>
Date: Thu, 7 Apr 2022 11:51:14 +0000
Subject: [PATCH 2/2] Fixes export-p8 command help text

---
 easyrsa3/easyrsa | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index 81d5ff2..cf935d7 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -175,7 +175,7 @@ cmd_help() {
   export-p8 <filename_base> [ cmd-opts ]
       Export a PKCS#8 file with the private key specified by <filename_base>"
 			opts="
-        noca  - do not include the ca.crt file in the PKCS7 output" ;;
+	nopass - use or expect unencrypted private key" ;;
 		export-p1) text="
   export-p1 <filename_base> [ cmd-opts ]
 	  Export a PKCS#1 (RSA format) file with the pubkey specified by <filename_base>"