diff options
Diffstat (limited to 'cmd/tuf/gen_key.go')
-rw-r--r-- | cmd/tuf/gen_key.go | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/cmd/tuf/gen_key.go b/cmd/tuf/gen_key.go new file mode 100644 index 0000000..2ad77a5 --- /dev/null +++ b/cmd/tuf/gen_key.go @@ -0,0 +1,64 @@ +package main + +import ( + "fmt" + "os" + "time" + + "github.com/flynn/go-docopt" + "github.com/theupdateframework/go-tuf" + "github.com/theupdateframework/go-tuf/data" +) + +func init() { + register("gen-key", cmdGenKey, ` +usage: tuf gen-key [--expires=<days>] [--scheme=<scheme>] <role> + +Generate a new signing key for the given role. + +The key will be serialized to JSON and written to the "keys" directory with +filename pattern "ROLE-KEYID.json". The root metadata file will also be staged +with the addition of the key's ID to the role's list of key IDs. + +Alternatively, passphrases can be set via environment variables in the +form of TUF_{{ROLE}}_PASSPHRASE + +Options: + --expires=<days> Set the root metadata file to expire <days> days from now. + --scheme=<scheme> Set the key scheme to use [default: ed25519]. +`) +} + +func cmdGenKey(args *docopt.Args, repo *tuf.Repo) error { + role := args.String["<role>"] + var keyids []string + + keyScheme := data.KeySchemeEd25519 + switch t := args.String["--scheme"]; t { + case string(data.KeySchemeEd25519), + string(data.KeySchemeECDSA_SHA2_P256), + string(data.KeySchemeRSASSA_PSS_SHA256): + keyScheme = data.KeyScheme(t) + default: + fmt.Fprint(os.Stderr, "Using default key scheme", keyScheme) + } + + var err error + var expires time.Time + if arg := args.String["--expires"]; arg != "" { + expires, err = parseExpires(arg) + if err != nil { + return err + } + } else { + expires = data.DefaultExpires(role) + } + keyids, err = repo.GenKeyWithSchemeAndExpires(role, expires, keyScheme) + if err != nil { + return err + } + for _, id := range keyids { + fmt.Fprintf(os.Stdout, "Generated %s %s key with ID %s", role, keyScheme, id) + } + return nil +} |