-
Notifications
You must be signed in to change notification settings - Fork 257
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add certificate extract command for conversion between P12, PEM, and DER #589
base: master
Are you sure you want to change the base?
Conversation
@maraino @z8674558 I've reviewed and generally everything looks good to me. I committed some grammar / documentation changes on top. The only additional question / comment I have is whether we should use Maybe our answer to the above is that we always use the same encryption on the output as was used on the input, but then there's no need for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Usage is not clear, sometimes flags are used as input sometimes as output, It should be consistent and print always to standard output or use the --out flag.
@maraino Doesn't that contradict what we laid out here: #574 (comment)? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like the command is not backward compatible.
Convert a .p12 file to a certificate and private key: | ||
|
||
''' | ||
$ step certificate format foo.p12 --crt foo.crt --key foo.key --format pem | ||
''' | ||
|
||
Convert a .p12 file to a certificate, private key and intermediate certificates: | ||
|
||
''' | ||
$ step certificate format foo.p12 --crt foo.crt --key foo.key --ca intermediate.crt --format pem | ||
''' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like if the flag --format
is not passed it will write PEM files, as it should be. We should show this in one of these two examples, explaining that is the default behavior.
|
||
// If format is PEM or DER (not P12) then an input certificate file is required. | ||
if format != "p12" { | ||
return errors.Errorf("flag --format with value '%s' requires a certificate file as positional argument", format) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commands like these will stop working:
$ cat cert.pem | step certificate format
... der data ...
$ cat cert.der | step certificate format
... pem data ...
Original PR #574