added password parameter for using encrypted keys

Added password parameter for using encrypted keys.

Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

diff --git a/README b/README
index a8faa7f..86515eb 100644 (file)
--- a/README
+++ b/README
@@ -1,8 +1,17 @@
 
 1. Generate private key
 
+# plain key
 openssl genrsa -out privkey_evm.pem 1024
 
+# encrypted key
+openssl genrsa -des3 -out privkey_evm.pem 1024
+
+# set password for the key
+openssl rsa -in /etc/keys/privkey_evm.pem -out privkey_evm_enc.pem -des3
+or
+openssl pkcs8 -topk8 -in /etc/keys/privkey_evm.pem -out privkey_evm_enc.pem
+
 2. Generate public key
 
 openssl rsa -pubout -in privkey_evm.pem -out pubkey_evm.pem

diff --git a/src/evmctl.c b/src/evmctl.c
index 35cdd95..08f1904 100644 (file)
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -150,6 +150,7 @@ static int          digest = 0;
 static int             digsig = 0;
 static char            *hash_algo = "sha1";
 static int             binkey = 0;
+static char            *keypass;
 
 extern struct command  cmds[];
 static void print_usage(struct command *cmd);
@@ -330,7 +331,7 @@ static int sign_hash(const unsigned char *hash, int size, const char *keyfile, u
                log_errno("Unable to open keyfile %s", keyfile);
                return -1;
        }
-       key1 = PEM_read_RSAPrivateKey(fp, &key, NULL, NULL);
+       key1 = PEM_read_RSAPrivateKey(fp, &key, NULL, keypass);
        fclose(fp);
        if (!key1) {
                log_errno("RSAPrivateKey() failed");
@@ -1167,6 +1168,7 @@ static struct option  opts[] = {
        {"imahash", 0, 0, 'd'},
        {"hashalgo", 1, 0, 'a'},
        {"bin", 0, 0, 'b'},
+       {"pass", 1, 0, 'p'},
        {}
 
 };
@@ -1179,7 +1181,7 @@ int main(int argc, char *argv[])
        g_argc = argc;
 
        while (1) {
-               c = getopt_long(argc, argv, "hk:vnsda:b", opts, &lind);
+               c = getopt_long(argc, argv, "hk:vnsda:bp:", opts, &lind);
                if (c == -1)
                        break;
                        
@@ -1209,6 +1211,9 @@ int main(int argc, char *argv[])
                case 'b':
                        binkey = 1;
                        break;
+               case 'p':
+                       keypass = optarg;
+                       break;
                case '?':
                        exit(1);
                        break;