to be the old-style private keys that are not encrypted. */
SILC_GET32_MSB(magic, data);
if (magic != SILC_PKCS_PRIVATE_KEY_MAGIC) {
+ SILC_LOG_DEBUG(("Private key does not have correct magic!"));
+
/* Now decode the actual private key */
if (!silc_pkcs_private_key_decode(data, len, private_key)) {
memset(old, 0, data_len);
if (silc_pkcs_load_public_key((char *)pub_filename, return_public_key,
SILC_PKCS_FILE_BIN) == FALSE) {
memset(pass, 0, strlen(pass));
+ silc_free(pass);
return FALSE;
}
(unsigned char *)pass, strlen(pass),
SILC_PKCS_FILE_PEM) == FALSE) {
memset(pass, 0, strlen(pass));
+ silc_free(pass);
return FALSE;
}
}
memset(pass, 0, strlen(pass));
+ silc_free(pass);
return TRUE;
}
return TRUE;
}
+
+/* Change private key passphrase */
+
+bool silc_change_private_key_passphrase(const char *prv_filename,
+ const char *old_passphrase,
+ const char *new_passphrase)
+{
+ SilcPrivateKey private_key;
+ bool base64 = FALSE;
+ char *pass;
+
+ pass = old_passphrase ? strdup(old_passphrase) : NULL;
+ if (!pass) {
+ pass = silc_get_input("Old passphrase: ", TRUE);
+ if (!pass)
+ pass = strdup("");
+ }
+
+ if (silc_pkcs_load_private_key((char *)prv_filename, &private_key,
+ (unsigned char *)pass, strlen(pass),
+ SILC_PKCS_FILE_BIN) == FALSE) {
+ base64 = TRUE;
+ if (silc_pkcs_load_private_key((char *)prv_filename, &private_key,
+ (unsigned char *)pass, strlen(pass),
+ SILC_PKCS_FILE_PEM) == FALSE) {
+ memset(pass, 0, strlen(pass));
+ silc_free(pass);
+ fprintf(stderr, "Could not load private key `%s' file\n", prv_filename);
+ return FALSE;
+ }
+ }
+
+ memset(pass, 0, strlen(pass));
+ silc_free(pass);
+
+ pass = new_passphrase ? strdup(new_passphrase) : NULL;
+ if (!pass) {
+ fprintf(stdout, "\n");
+ pass = silc_get_input("New passphrase: ", TRUE);
+ if (!pass)
+ pass = strdup("");
+ }
+
+ silc_pkcs_save_private_key(prv_filename, private_key,
+ (unsigned char *)pass, strlen(pass),
+ base64 ? SILC_PKCS_FILE_PEM : SILC_PKCS_FILE_BIN);
+
+ fprintf(stdout, "\nPassphrase changed\n");
+
+ memset(pass, 0, strlen(pass));
+ silc_free(pass);
+
+ silc_pkcs_private_key_free(private_key);
+ return TRUE;
+}
***/
bool silc_show_public_key(const char *pub_filename);
+/****f* silcutil/SilcAppUtil/silc_change_private_key_passphrase
+ *
+ * SYNOPSIS
+ *
+ * bool silc_change_private_key_passphrase(const char *prv_filename,
+ * const char *old_passphrase,
+ * const char *new_passphrase);
+ *
+ * DESCRIPTION
+ *
+ * This routine can be used to change the passphrase of the private
+ * key file, which is used to encrypt the private key. If the old
+ * and new passphrase is not provided for this function this will
+ * prompt for them.
+ *
+ ***/
+bool silc_change_private_key_passphrase(const char *prv_filename,
+ const char *old_passphrase,
+ const char *new_passphrase);
+
#endif /* SILCAPPUTIL_H */
projects / silc.git / commitdiff