diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 502f26d..81d5ff2 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -42,6 +42,7 @@ Here is the list of commands available with a short syntax reminder. Use the show-cert [ cmd-opts ] show-ca [ cmd-opts ] import-req + export-p1 [ cmd-opts ] export-p7 [ cmd-opts ] export-p8 [ cmd-opts ] export-p12 [ cmd-opts ] @@ -175,6 +176,11 @@ cmd_help() { Export a PKCS#8 file with the private key specified by " opts=" noca - do not include the ca.crt file in the PKCS7 output" ;; + export-p1) text=" + export-p1 [ cmd-opts ] + Export a PKCS#1 (RSA format) file with the pubkey specified by " + opts=" + nopass - use no password and leave the key unencrypted" ;; set-rsa-pass|set-ec-pass) text=" set-rsa-pass [ cmd-opts ] set-ec-pass [ cmd-opts ] @@ -1712,7 +1718,7 @@ You may now use this name to perform signing operations on this request. return 0 } # => import_req() -# export pkcs#12 or pkcs#7 +# export pkcs#12, pkcs#7, pkcs#8 or pkcs#1 export_pkcs() { pkcs_type="$1" shift @@ -1805,6 +1811,18 @@ Export of p7 failed: see above for related openssl errors." ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\ Export of p8 failed: see above for related openssl errors." ;; + p1) + pkcs_out="$EASYRSA_PKI/private/$short_name.p1" + if [ -z "$want_pass" ]; then + opts="-aes256" + fi + + # export the p1: + # shellcheck disable=SC2086 + easyrsa_openssl rsa -in "$key_in" $opts \ + -out "$pkcs_out" ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\ +Export of p1 failed: see above for related openssl errors." + ;; esac notice "\ @@ -3030,6 +3048,9 @@ case "$cmd" in export-p8) export_pkcs p8 "$@" ;; + export-p1) + export_pkcs p1 "$@" + ;; set-rsa-pass) set_pass rsa "$@" ;;