diff --git a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md index d95e5a400..962baee20 100644 --- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md +++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_generate.md @@ -56,6 +56,7 @@ authelia crypto certificate ecdsa generate --help -o, --organization strings certificate organization (default [Authelia]) --organizational-unit strings certificate organizational unit --path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed + --pkcs8 force PKCS #8 ASN.1 format -p, --postcode strings certificate postcode --province strings certificate province --sans strings subject alternative names diff --git a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md index 093cff375..5ad0f7924 100644 --- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md +++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ecdsa_request.md @@ -48,6 +48,7 @@ authelia crypto certificate ecdsa request --help --not-before string earliest date and time the certificate is considered valid in various formats (default is now) -o, --organization strings certificate organization (default [Authelia]) --organizational-unit strings certificate organizational unit + --pkcs8 force PKCS #8 ASN.1 format -p, --postcode strings certificate postcode --province strings certificate province --sans strings subject alternative names diff --git a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md index f246998a9..51b811712 100644 --- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md +++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_generate.md @@ -55,6 +55,7 @@ authelia crypto certificate ed25519 request --help -o, --organization strings certificate organization (default [Authelia]) --organizational-unit strings certificate organizational unit --path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed + --pkcs8 force PKCS #8 ASN.1 format -p, --postcode strings certificate postcode --province strings certificate province --sans strings subject alternative names diff --git a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md index 66d687d98..a3723e168 100644 --- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md +++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_ed25519_request.md @@ -47,6 +47,7 @@ authelia crypto certificate ed25519 request --help --not-before string earliest date and time the certificate is considered valid in various formats (default is now) -o, --organization strings certificate organization (default [Authelia]) --organizational-unit strings certificate organizational unit + --pkcs8 force PKCS #8 ASN.1 format -p, --postcode strings certificate postcode --province strings certificate province --sans strings subject alternative names diff --git a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md index 03d4979ae..4147f3617 100644 --- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md +++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_generate.md @@ -56,6 +56,7 @@ authelia crypto certificate rsa generate --help -o, --organization strings certificate organization (default [Authelia]) --organizational-unit strings certificate organizational unit --path.ca string source directory of the certificate authority files, if not provided the certificate will be self-signed + --pkcs8 force PKCS #8 ASN.1 format -p, --postcode strings certificate postcode --province strings certificate province --sans strings subject alternative names diff --git a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md index 8280c4ee3..cc01f7c1d 100644 --- a/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md +++ b/docs/content/en/reference/cli/authelia/authelia_crypto_certificate_rsa_request.md @@ -48,6 +48,7 @@ authelia crypto certificate rsa request --help --not-before string earliest date and time the certificate is considered valid in various formats (default is now) -o, --organization strings certificate organization (default [Authelia]) --organizational-unit strings certificate organizational unit + --pkcs8 force PKCS #8 ASN.1 format -p, --postcode strings certificate postcode --province strings certificate province --sans strings subject alternative names diff --git a/internal/commands/crypto.go b/internal/commands/crypto.go index f8b934026..6df2a8e20 100644 --- a/internal/commands/crypto.go +++ b/internal/commands/crypto.go @@ -275,18 +275,20 @@ func (ctx *CmdCtx) CryptoGenerateRunE(cmd *cobra.Command, args []string) (err er // CryptoCertificateRequestRunE is the RunE for the authelia crypto certificate request command. func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) (err error) { var ( - privateKey any + template *x509.CertificateRequest + privateKey any + csr []byte + privateKeyPath, csrPath string + pkcs8 bool ) if privateKey, err = ctx.cryptoGenPrivateKeyFromCmd(cmd); err != nil { return err } - var ( - template *x509.CertificateRequest - csr []byte - privateKeyPath, csrPath string - ) + if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil { + return err + } if template, err = cryptoGetCSRFromCmd(cmd); err != nil { return err @@ -329,7 +331,7 @@ func (ctx *CmdCtx) CryptoCertificateRequestRunE(cmd *cobra.Command, _ []string) return fmt.Errorf("failed to create certificate request: %w", err) } - if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil { + if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil { return err } @@ -345,8 +347,13 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string, var ( template, caCertificate, parent *x509.Certificate publicKey, caPrivateKey, signatureKey any + pkcs8 bool ) + if pkcs8, err = cmd.Flags().GetBool(cmdFlagNamePKCS8); err != nil { + return err + } + if publicKey = utils.PublicKeyFromPrivateKey(privateKey); publicKey == nil { return fmt.Errorf("failed to obtain public key from private key") } @@ -419,7 +426,7 @@ func (ctx *CmdCtx) CryptoCertificateGenerateRunE(cmd *cobra.Command, _ []string, return fmt.Errorf("failed to create certificate: %w", err) } - if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, false); err != nil { + if err = utils.WriteKeyToPEM(privateKey, privateKeyPath, pkcs8); err != nil { return err } diff --git a/internal/commands/crypto_helper.go b/internal/commands/crypto_helper.go index eb29b31a6..fd8f999f9 100644 --- a/internal/commands/crypto_helper.go +++ b/internal/commands/crypto_helper.go @@ -59,10 +59,10 @@ func cmdFlagsCryptoCertificateRequest(cmd *cobra.Command) { func cmdFlagsCryptoPairGenerate(cmd *cobra.Command) { cmd.Flags().String(cmdFlagNameFilePublicKey, "public.pem", "name of the file to export the public key data to") - cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format") } func cmdFlagsCryptoPrivateKey(cmd *cobra.Command) { + cmd.Flags().Bool(cmdFlagNamePKCS8, false, "force PKCS #8 ASN.1 format") cmd.Flags().String(cmdFlagNameFilePrivateKey, "private.pem", "name of the file to export the private key data to") cmd.Flags().StringP(cmdFlagNameDirectory, "d", "", "directory where the generated keys, certificates, etc will be stored") }