in tuftool/src/root.rs [265:304]
fn gen_rsa_key(
path: &Path,
roles: &[RoleType],
key_source: &Box<dyn KeySource>,
bits: u16,
exponent: u32,
) -> Result<()> {
let mut root: Signed<Root> = load_file(path)?;
// ring doesn't support RSA key generation yet
// https://github.com/briansmith/ring/issues/219
let mut command = std::process::Command::new("openssl");
command.args(&["genpkey", "-algorithm", "RSA", "-pkeyopt"]);
command.arg(format!("rsa_keygen_bits:{}", bits));
command.arg("-pkeyopt");
command.arg(format!("rsa_keygen_pubexp:{}", exponent));
let command_str = format!("{:?}", command);
let output = command.output().context(error::CommandExecSnafu {
command_str: &command_str,
})?;
ensure!(
output.status.success(),
error::CommandStatusSnafu {
command_str: &command_str,
status: output.status
}
);
let stdout =
String::from_utf8(output.stdout).context(error::CommandUtf8Snafu { command_str })?;
let key_pair = parse_keypair(stdout.as_bytes()).context(error::KeyPairParseSnafu)?;
let key_id = hex::encode(add_key(&mut root.signed, roles, key_pair.tuf_key())?);
key_source
.write(&stdout, &key_id)
.context(error::WriteKeySourceSnafu)?;
clear_sigs(&mut root);
println!("{}", key_id);
write_file(path, &root)
}