mirror of
https://github.com/slackhq/nebula.git
synced 2026-02-15 17:24:23 +01:00
Add ability to encrypt CA private key at rest (#386)
Fixes #8. `nebula-cert ca` now supports encrypting the CA's private key with a passphrase. Pass `-encrypt` in order to be prompted for a passphrase. Encryption is performed using AES-256-GCM and Argon2id for KDF. KDF parameters default to RFC recommendations, but can be overridden via CLI flags `-argon-memory`, `-argon-parallelism`, and `-argon-iterations`.
This commit is contained in:
John Maguire
@@ -62,11 +62,11 @@ func main() {
|
||||
|
||||
switch args[0] {
|
||||
case "ca":
|
||||
err = ca(args[1:], os.Stdout, os.Stderr)
|
||||
err = ca(args[1:], os.Stdout, os.Stderr, StdinPasswordReader{})
|
||||
case "keygen":
|
||||
err = keygen(args[1:], os.Stdout, os.Stderr)
|
||||
case "sign":
|
||||
err = signCert(args[1:], os.Stdout, os.Stderr)
|
||||
err = signCert(args[1:], os.Stdout, os.Stderr, StdinPasswordReader{})
|
||||
case "print":
|
||||
err = printCert(args[1:], os.Stdout, os.Stderr)
|
||||
case "verify":
|
||||
|
||||
Reference in New Issue
Block a user