1 package main
2
3 import (
4 "fmt"
5 "os"
6 "time"
7
8 "github.com/flynn/go-docopt"
9 "github.com/theupdateframework/go-tuf"
10 "github.com/theupdateframework/go-tuf/data"
11 )
12
13 func init() {
14 register("gen-key", cmdGenKey, `
15 usage: tuf gen-key [--expires=<days>] [--scheme=<scheme>] <role>
16
17 Generate a new signing key for the given role.
18
19 The key will be serialized to JSON and written to the "keys" directory with
20 filename pattern "ROLE-KEYID.json". The root metadata file will also be staged
21 with the addition of the key's ID to the role's list of key IDs.
22
23 Alternatively, passphrases can be set via environment variables in the
24 form of TUF_{{ROLE}}_PASSPHRASE
25
26 Options:
27 --expires=<days> Set the root metadata file to expire <days> days from now.
28 --scheme=<scheme> Set the key scheme to use [default: ed25519].
29 `)
30 }
31
32 func cmdGenKey(args *docopt.Args, repo *tuf.Repo) error {
33 role := args.String["<role>"]
34 var keyids []string
35
36 keyScheme := data.KeySchemeEd25519
37 switch t := args.String["--scheme"]; t {
38 case string(data.KeySchemeEd25519),
39 string(data.KeySchemeECDSA_SHA2_P256),
40 string(data.KeySchemeRSASSA_PSS_SHA256):
41 keyScheme = data.KeyScheme(t)
42 default:
43 fmt.Fprint(os.Stderr, "Using default key scheme", keyScheme)
44 }
45
46 var err error
47 var expires time.Time
48 if arg := args.String["--expires"]; arg != "" {
49 expires, err = parseExpires(arg)
50 if err != nil {
51 return err
52 }
53 } else {
54 expires = data.DefaultExpires(role)
55 }
56 keyids, err = repo.GenKeyWithSchemeAndExpires(role, expires, keyScheme)
57 if err != nil {
58 return err
59 }
60 for _, id := range keyids {
61 fmt.Fprintf(os.Stdout, "Generated %s %s key with ID %s", role, keyScheme, id)
62 }
63 return nil
64 }
65
View as plain text