Merge pull request #60 from StirNetwork/feat/change_default_algo_from_ed25519_to_rsa4096

kmn · web-flow · commit 78ea2df2d2b5 · 2025-04-29T18:00:15.000+08:00
update configure gen-keys
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -24,7 +24,7 @@ repos:
     hooks:
       - id: update-__init__.py
         name: Sync __init__.py with pyproject.toml
-        entry: python ./scripts/sync_init_with_pyproject.py
+        entry: poetry run python ./scripts/sync_init_with_pyproject.py
         language: python
         files: pyproject.toml
   - repo: local
diff --git a/fireblocks_cli/__init__.py b/fireblocks_cli/__init__.py
@@ -5,4 +5,4 @@
 # Author: Shohei KAMON <cameong@stir.network>
 
 
-__version__ = "0.1.9"
+__version__ = "0.1.10"
diff --git a/fireblocks_cli/commands/configure.py b/fireblocks_cli/commands/configure.py
@@ -65,16 +65,36 @@ def init():
 
 
 @configure_app.command("gen-keys")
-def gen_keys():
-    """秘密鍵とCSRを api_key_dir に生成します"""
-    org = typer.prompt("🔐 組織名を入力してください（例: MyCompany）").strip()
+def gen_keys(
+    org_name: str = typer.Option(None, help="Organization Name (CN/O)"),
+    key_type: str = typer.Option(
+        None, "--key-type", help="Key type: rsa:2048, rsa:4096, ed25519"
+    ),
+):
+    """Generate a pair of secret key and the CSR key"""
+    org = typer.prompt("🔐 Organization Name:").strip()
     if not org:
-        typer.secho("❌ 組織名は必須です。処理を中止します。", fg=typer.colors.RED)
+        typer.secho("❌ Organisztion Name is required.", fg=typer.colors.RED)
         raise typer.Exit(code=1)
+    if not key_type:
+        typer.echo("Select Key Type:")
+        typer.echo("[1] rsa:2048")
+        typer.echo("[2] rsa:4096 (default)")
+        typer.echo("[3] ed25519")
+        choice = typer.prompt("Enter number (or 'y' for default)").strip().lower()
+        if choice in ("", "y", "2"):
+            key_type = "rsa:4096"
+        elif choice == "1":
+            key_type = "rsa:2048"
+        elif choice == "3":
+            key_type = "ed25519"
+        else:
+            typer.secho("❌ Invalid choice.", fg=typer.colors.RED)
+            raise typer.Exit(code=1)
 
-    key_path, csr_path = generate_key_and_csr(org)
-    typer.secho(f"✅ 秘密鍵: {key_path}", fg=typer.colors.GREEN)
-    typer.secho(f"✅ CSR   : {csr_path}", fg=typer.colors.GREEN)
+    key_path, csr_path = generate_key_and_csr(org_name, key_type)
+    typer.secho(f"✅ Private Key: {key_path}", fg=typer.colors.GREEN)
+    typer.secho(f"✅ CSR     Key: {csr_path}", fg=typer.colors.GREEN)
 
 
 @configure_app.command("validate")
diff --git a/fireblocks_cli/crypto.py b/fireblocks_cli/crypto.py
@@ -23,20 +23,33 @@ def generate_unique_basename(base_dir: Path) -> tuple[str, Path, Path]:
             return basename, key_path, csr_path
 
 
-def generate_key_and_csr(org_name: str) -> tuple[Path, Path]:
+def generate_key_and_csr(
+    org_name: str, key_type: str = "rsa:4096"
+) -> tuple[Path, Path]:
     api_key_dir = get_api_key_dir()
     api_key_dir.mkdir(parents=True, exist_ok=True)
 
     basename, key_path, csr_path = generate_unique_basename(api_key_dir)
     subj = f"/O={org_name}"
 
+    # key_type: "rsa:2048", "rsa:4096", "ed25519"
+    if key_type.startswith("rsa:"):
+        bits = key_type.split(":")[1]
+        key_alg = "rsa"
+        key_args = ["-newkey", f"rsa:{bits}"]
+    elif key_type == "ed25519":
+        key_alg = "ed25519"
+        key_args = ["-newkey", "ed25519"]
+    else:
+        typer.secho(f"❌ Unsupported key type: {key_type}", fg=typer.colors.RED)
+        raise typer.Exit(code=1)
+
     result = subprocess.run(
         [
             "openssl",
             "req",
             "-new",
-            "-newkey",
-            "ed25519",
+            *key_args,
             "-nodes",
             "-keyout",
             str(key_path),
@@ -51,10 +64,10 @@ def generate_key_and_csr(org_name: str) -> tuple[Path, Path]:
     )
 
     if result.returncode != 0:
-        typer.secho("❌ OpenSSLエラー:", fg=typer.colors.RED)
+        typer.secho("❌ OpenSSL error:", fg=typer.colors.RED)
         typer.echo(result.stderr)
         raise typer.Exit(code=1)
+
     key_path.chmod(0o600)
     csr_path.chmod(0o600)
-
     return key_path, csr_path
diff --git a/pyproject.toml b/pyproject.toml
@@ -6,7 +6,7 @@
 
 [project]
 name = "fireblocks-cli"
-version = "0.1.9"
+version = "0.1.10"
 description = "An unofficial CLI for managing Fireblocks services."
 authors = [{ name = "Kamon Shohei", email = "cameong@stir.network" }]
 readme = "README.md"
diff --git a/scripts/sync_init_with_pyproject.py b/scripts/sync_init_with_pyproject.py
@@ -5,8 +5,9 @@
 # SPDX-License-Identifier: MPL-2.0
 # Author: Shohei KAMON <cameong@stir.network>
 
-import toml
 import re
+import sys
+import tomllib as toml
 
 
 def update_version(
@@ -16,7 +17,7 @@ def update_version(
     """pyproject.tomlのversionと__init__.pyのversionを同期する"""
 
     # 1. pyproject.toml を読み込む
-    with open(pyproject_path, "r") as f:
+    with open(pyproject_path, "rb") as f:
         pyproject = toml.load(f)
     pyproject_version = pyproject["project"]["version"]
 
@@ -37,7 +38,7 @@ def update_version(
         print(
             f"No update needed: {init_path} version {current_version} matches pyproject.toml version {pyproject_version}"
         )
-        return
+        return False
 
     # 5. SPDXヘッダーのみ残して、後続を書き直す
     header = []
@@ -50,11 +51,11 @@ def update_version(
     # 6. ファイルを書き直す
     with open(init_path, "w") as f:
         f.writelines(header)
-        f.write("\n")
         f.write(f'__version__ = "{pyproject_version}"\n')
 
     print(f"Updated {init_path}: {current_version} → {pyproject_version}")
 
 
 if __name__ == "__main__":
-    update_version()
+    changed = update_version()
+    sys.exit(1 if changed else 0)

Original file line number	Diff line number	Diff line change
`@@ -5,4 +5,4 @@`
`5`	`5`	`# Author: Shohei KAMON <[email protected]>`
`6`	`6`
`7`	`7`
`8`		`-__version__ = "0.1.9"`
	`8`	`+__version__ = "0.1.10"`