|
| 1 | +### PkiObject API |
| 2 | +The PkiObject API takes care of some of the mundane tasks in converting between different representations of cryptographic objects such as public keys, private keys, and certificates. |
| 3 | + |
| 4 | +Files located in this folder belong to the PkiObject module. |
| 5 | + |
| 6 | +This API can be accessed via the `pki` CLI command which is implemented in the `Common/cli/cli_pki.c` file. |
| 7 | +``` |
| 8 | +pki: |
| 9 | + Perform public/private key operations. |
| 10 | + Usage: |
| 11 | + pki <verb> <object> <args> |
| 12 | + Valid verbs are { generate, import, export, list } |
| 13 | + Valid object types are { key, csr, cert } |
| 14 | + Arguments should be specified in --<arg_name> <value> |
| 15 | +
|
| 16 | + pki generate key <label_public> <label_private> <algorithm> <algorithm_param> |
| 17 | + Generates a new private key to be stored in the specified labels |
| 18 | +
|
| 19 | + pki generate csr <label> |
| 20 | + Generates a new Certificate Signing Request using the private key |
| 21 | + with the specified label. |
| 22 | + If no label is specified, the default tls private key is used. |
| 23 | +
|
| 24 | + pki generate cert <cert_label> <private_key_label> |
| 25 | + Generate a new self-signed certificate |
| 26 | +
|
| 27 | + pki import cert <label> |
| 28 | + Import a certificate into the given slot. The certificate should be |
| 29 | + copied into the terminal in PEM format, ending with two blank lines. |
| 30 | +
|
| 31 | + pki export cert <label> |
| 32 | + Export the certificate with the given label in pem format. |
| 33 | + When no label is specified, the default certificate is exported. |
| 34 | +
|
| 35 | + pki import key <label> |
| 36 | + Import a public key into the given slot. The key should be |
| 37 | + copied into the terminal in PEM format, ending with two blank lines. |
| 38 | +
|
| 39 | + pki export key <label> |
| 40 | + Export the public portion of the key with the specified label. |
| 41 | +``` |
0 commit comments