Commit graph

31 commits

Author SHA1 Message Date
Mariano Cano
23b8f45b37 Address gosec warnings
Most if not all false positives
2022-08-18 17:46:20 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms
Fixes #975
2022-08-08 17:58:18 -07:00
Gary Belvin
fed09047f9 pinfile 2022-06-09 13:51:14 -04:00
Herman Slatman
af17b6a6f3
Make copyright year dynamic 2022-02-16 11:08:26 +01:00
Mariano Cano
febb619882 Add some extra validation and print certificate objects
This commit also changes the following flags for consistency:
  - --crt-cert to --crt-cert-obj
  - --crt-key to --crt-key-obj
2021-11-17 15:48:52 -08:00
Gary Belvin
bbb327c8c5 Make a csr if there's not a root 2021-11-12 14:24:26 -05:00
Gary Belvin
29f5a35965 simplify flags 2021-11-12 14:23:38 -05:00
Mariano Cano
8366b7ddf1 Revert "Remove extractable from StoreCertificate."
This reverts commit 614ee79489.
2021-10-29 14:45:10 -07:00
Mariano Cano
614ee79489 Remove extractable from StoreCertificate. 2021-10-29 12:02:24 -07:00
Mariano Cano
aa80bf9f07 Merge branch 'smallstep_master' into extractable 2021-10-28 18:11:42 -07:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
205148ad1f Fix exit after defer. 2021-10-07 12:43:24 -07:00
Mariano Cano
48549bf317 Initialize windows terminal on all binaries. 2021-10-07 11:09:32 -07:00
Gary Belvin
22b471acf9 Extractable certs 2021-06-17 09:29:38 -04:00
Gary Belvin
be89459524 Set key export bit 2021-06-17 09:29:32 -04:00
Mariano Cano
a0633a6efb
Merge pull request #612 from gdbelvin/kmspin
Allow reading pin from kms string
2021-06-15 12:05:34 -07:00
Gary Belvin
1fb4406801 minimize diff 2021-06-15 18:19:42 +01:00
Gary Belvin
c6bb7aa199 Add back UI check, but don't read file 2021-06-15 18:18:29 +01:00
Gary Belvin
a63a1d6482 Don't double read from u.Pin() 2021-06-15 18:13:08 +01:00
Gary Belvin
063a09a521 Allow reading pin from kms string 2021-06-15 13:16:54 +01:00
Mariano Cano
595f12505c
Merge branch 'master' into name 2021-06-01 10:29:40 -07:00
Gary Belvin
c264e8f580 Configurable pkcs11-init output paths 2021-06-01 17:46:00 +01:00
Gary Belvin
623e387fb0 Allow configuration of PKCS11 subject name 2021-06-01 17:35:36 +01:00
Gary Belvin
341966c30f Check pin flag 2021-03-23 22:13:35 +00:00
Gary Belvin
1ac838628a Add flag for setting the pin 2021-03-23 10:40:13 +00:00
Mariano Cano
e446e22520 Remove extra default. 2021-02-11 19:25:16 -08:00
Mariano Cano
3648c3fab6 Fix error message when --kms is not passed. 2021-02-11 19:24:09 -08:00
Mariano Cano
1d2146166b Close key manager. 2021-02-01 15:28:09 -08:00
Mariano Cano
7f9d7eadc9 Attempt to delete key and certificate with the same name.
Nitrokey will override the label of the key with the certificate one.
If they are stored with the same id.
2021-01-29 13:31:07 -08:00
Mariano Cano
162c535705 Add option to not store certificates in the pkcs11 module. 2021-01-28 20:13:28 -08:00
Mariano Cano
8dca652bc7 Add support for PKCS #11 KMS.
The implementation works with YubiHSM2. Unit tests are still pending.

Fixes #301
2021-01-26 20:03:53 -08:00