diff --git a/command/ca/provisioner/add.go b/command/ca/provisioner/add.go index fbed97add..c6a200457 100644 --- a/command/ca/provisioner/add.go +++ b/command/ca/provisioner/add.go @@ -6,7 +6,6 @@ import ( "crypto/ed25519" "crypto/rsa" "crypto/x509" - "encoding/base64" "encoding/pem" "fmt" "net/url" @@ -100,8 +99,7 @@ SCEP **step ca provisioner add** **--type**=SCEP [**--force-cn**] [**--challenge**=] [**--capabilities**=] [**--include-root**] [**--exclude-intermediate**] [**--min-public-key-length**=] [**--encryption-algorithm-identifier**=] -[**--scep-decrypter-certificate-file**=] -[**--scep-decrypter-key-file**=] [**--scep-decrypter-key**=] +[**--scep-decrypter-certificate-file**=] [**--scep-decrypter-key-file**=] [**--scep-decrypter-key-uri**=] [**--scep-decrypter-key-password-file**=] [**--admin-cert**=] [**--admin-key**=] [**--admin-subject**=] [**--admin-provisioner**=] [**--admin-password-file**=] @@ -146,7 +144,6 @@ SCEP scepEncryptionAlgorithmIdentifierFlag, scepDecrypterCertFileFlag, scepDecrypterKeyFileFlag, - scepDecrypterKeyFlag, scepDecrypterKeyURIFlag, scepDecrypterKeyPasswordFileFlag, @@ -829,17 +826,6 @@ func createSCEPDetails(ctx *cli.Context) (*linkedca.ProvisionerDetails, error) { decrypter.Key = data s.Decrypter = decrypter } - if decrypterKey := ctx.String("scep-decrypter-key"); decrypterKey != "" { - data, err := base64.StdEncoding.DecodeString(decrypterKey) - if err != nil { - return nil, fmt.Errorf("failed base64 decoding decrypter key: %w", err) - } - if err := validateSCEPDecrypterKey(data); err != nil { - return nil, fmt.Errorf("failed validating decrypter key: %w", err) - } - decrypter.Key = data - s.Decrypter = decrypter - } if decrypterKeyPasswordFile := ctx.String("scep-decrypter-key-password-file"); decrypterKeyPasswordFile != "" { decrypterKeyPassword, err := utils.ReadPasswordFromFile(decrypterKeyPasswordFile) if err != nil { diff --git a/command/ca/provisioner/provisioner.go b/command/ca/provisioner/provisioner.go index bc3160cbe..6491d4455 100644 --- a/command/ca/provisioner/provisioner.go +++ b/command/ca/provisioner/provisioner.go @@ -436,10 +436,6 @@ Use the flag multiple times to remove multiple formats.`, Name: "scep-decrypter-key-file", Usage: `The path to a PEM private key for the SCEP decrypter`, } - scepDecrypterKeyFlag = cli.StringFlag{ - Name: "scep-decrypter-key", - Usage: `The encoded PEM private key for the SCEP decrypter`, - } scepDecrypterKeyURIFlag = cli.StringFlag{ Name: "scep-decrypter-key-uri", Usage: `The key for the SCEP decrypter. Should be a valid value for the KMS type used.`, diff --git a/command/ca/provisioner/update.go b/command/ca/provisioner/update.go index 6118c388a..526aef6b2 100644 --- a/command/ca/provisioner/update.go +++ b/command/ca/provisioner/update.go @@ -5,7 +5,6 @@ import ( "crypto/ed25519" "crypto/rsa" "crypto/x509" - "encoding/base64" "encoding/pem" "fmt" "net/url" @@ -89,8 +88,7 @@ SCEP **step ca provisioner update** [**--force-cn**] [**--challenge**=] [**--capabilities**=] [**--include-root**] [**--exclude-intermediate**] [**--minimum-public-key-length**=] [**--encryption-algorithm-identifier**=] -[**--scep-decrypter-certificate-file**=] -[**--scep-decrypter-key-file**=] [**--scep-decrypter-key**=] +[**--scep-decrypter-certificate-file**=] [**--scep-decrypter-key-file**=] [**--scep-decrypter-key-uri**=] [**--scep-decrypter-key-password-file**=] [**--admin-cert**=] [**--admin-key**=] [**--admin-subject**=] [**--admin-provisioner**=] [**--admin-password-file**=] @@ -138,7 +136,6 @@ SCEP scepEncryptionAlgorithmIdentifierFlag, scepDecrypterCertFileFlag, scepDecrypterKeyFileFlag, - scepDecrypterKeyFlag, scepDecrypterKeyURIFlag, scepDecrypterKeyPasswordFileFlag, @@ -955,17 +952,6 @@ func updateSCEPDetails(ctx *cli.Context, p *linkedca.Provisioner) error { decrypter.Key = data details.Decrypter = decrypter } - if decrypterKey := ctx.String("scep-decrypter-key"); decrypterKey != "" { - data, err := base64.StdEncoding.DecodeString(decrypterKey) - if err != nil { - return fmt.Errorf("failed base64 decoding decrypter key: %w", err) - } - if err := validateSCEPDecrypterKey(data); err != nil { - return fmt.Errorf("failed validating decrypter key: %w", err) - } - decrypter.Key = data - details.Decrypter = decrypter - } if decrypterKeyPasswordFile := ctx.String("scep-decrypter-key-password-file"); decrypterKeyPasswordFile != "" { decrypterKeyPassword, err := utils.ReadPasswordFromFile(decrypterKeyPasswordFile) if err != nil {