renamed keystore-tool and updated documentation

docs/DevTools.md

@@ -503,13 +503,13 @@ The currently supported cryptographic algorithms and therefore also the key mana
 - [ECDSA](https://pypi.org/project/ecdsa/) with the `NIST256p` curve and the `SHA256` internal hashing mechanism.
 
 ### Managing the local KeyStore
-> **NOTE:** The new version is [keystore-tool-new.py](../tools/keystore-tool-new.py), which replaces the old [keystore-tool.py](../tools/keystore-tool.py) and supports all functionality. There the `ECDSA` keys do not need the id suffix. If keys were stored with the old mechanism with suffix, the best way is to `Get` the keys with the old tool and `Put` them into the new tool.
-The [keystore-tool-new.py](../tools/keystore-tool-new.py) script operates on a `KEYSTORE` file:
+> **NOTE:** The new version is [keystore-tool.py](../tools/keystore-tool.py), which replaces the old [keystore-tool-legacy.py](../tools/keystore-tool-legacy.py) and supports all functionality. There the `ECDSA` keys do not need the id suffix. If keys were stored with the old mechanism with suffix, the best way is to `Get` the keys with the old tool and `Put` them into the new tool.
+The [keystore-tool.py](../tools/keystore-tool.py) script operates on a `KEYSTORE` file:
 
 
 ```
-$ python3 tools/keystore-tool-new.py -h
-usage: keystore-tool-new.py [-h] KEYSTORE KEYSTORE_PASS {get,put,del} ...
+$ python3 tools/keystore-tool.py -h
+usage: keystore-tool.py [-h] KEYSTORE KEYSTORE_PASS {get,put,del} ...
 
 Manipulate/View the contents of a keystore (.jks)
 
@@ -531,8 +531,8 @@ Only one entry per UUID is supported. Passing an non-existent KeyStore file as a
 #### Get key entries from the keystore
 To get key entries from the keystore use:
 ```
-$ python3 tools/keystore-tool-new.py KEYSTORE KEYSTORE_PASS get -h
-usage: keystore-tool-new.py KEYSTORE KEYSTORE_PASS get [-h] [--uuid UUID] [--show-secret SHOW_SECRET]
+$ python3 tools/keystore-tool.py KEYSTORE KEYSTORE_PASS get -h
+usage: keystore-tool.py KEYSTORE KEYSTORE_PASS get [-h] [--uuid UUID] [--show-secret SHOW_SECRET]
 
 optional arguments:
   -h, --help            show this help message and exit
@@ -542,7 +542,7 @@ optional arguments:
 ```
 an example is:
 ```
-$ python3 tools/keystore-tool-new.py keystore.jks keystore-password get
+$ python3 tools/keystore-tool.py keystore.jks keystore-password get
 
  UUID: 98880181477044da85a9da86a6ccaa1f
 
@@ -558,8 +558,8 @@ The output will per default not show the private key. To display the private key
 #### Put new key into the keystore
 It is possible to inject externally created keys for the supported algorithms into the keystore by:
 ```
-$ python3 tools/keystore-tool-new.py KEYSTORE KEYSTORE_PASS put -h
-usage: keystore-tool-new.py KEYSTORE KEYSTORE_PASS put [-h] [--ecdsa ECDSA] UUID PUBKEY PRIVKEY
+$ python3 tools/keystore-tool.py KEYSTORE KEYSTORE_PASS put -h
+usage: keystore-tool.py KEYSTORE KEYSTORE_PASS put [-h] [--ecdsa ECDSA] UUID PUBKEY PRIVKEY
 
 positional arguments:
   UUID                  The UUID the new keys belong to; e.g.: f99de1c4-3859-5326-a155-5696f00686d9
@@ -575,8 +575,8 @@ optional arguments:
 #### Delete existing key from the keystore
 It is possible to delete existing keys from the keystore by:
 ```
-$ python3 tools/keystore-tool-new.py KEYSTORE KEYSTORE_PASS del -h
-usage: keystore-tool-new.py KEYSTORE KEYSTORE_PASS del [-h] UUID
+$ python3 tools/keystore-tool.py KEYSTORE KEYSTORE_PASS del -h
+usage: keystore-tool.py KEYSTORE KEYSTORE_PASS del [-h] UUID
 
 positional arguments:
   UUID        The UUID to delete the keypair for (this is safe since each UUID can only occur once in the KeyStore); e.g.: f99de1c4-3859-5326-a155-5696f00686d9
@@ -586,7 +586,7 @@ optional arguments:
 ```
 > **NOTE:** If a key for the given uuid is found, you will be asked to confirm the deletion of the key by typing `YES` like:
 ```
-$ python3 tools/keystore-tool-new.py keystore.jks keystore-password del 98880181-4770-44da-85a9-da86a6ccaa1e
+$ python3 tools/keystore-tool.py keystore.jks keystore-password del 98880181-4770-44da-85a9-da86a6ccaa1e
 2023-08-03 14:15:59,922                 root          del_keypair() WARNING  About to remove the keypair for UUID 98880181-4770-44da-85a9-da86a6ccaa1e from new_keystore.jks! Enter 'YES' to continue
 > 
 ```

tools/keystore-tool-new.py → tools/keystore-tool-legacy.py

@@ -1,6 +1,6 @@
 """!
-@brief NEW tool for managing keys with the keystore.
-@note this tool is based on the current version of ubirch/KeyStore.py, where ed25519 and ecdsa keys are stored the same way. 
+@brief tool for managing keys with the keystore.
+@note this tool is based on the old version of ubirch/KeyStore.py, where the ecdsa keys were stored with uuid + _ecd suffix 
 """
 
 import sys
@@ -201,16 +201,16 @@ def dump_keystore(self) -> bool:
         signing_keys = self.keystore._ks.private_keys
 
         # go trough the list of verifiying keys and print information for each entry
-        for vk_uuid in verifying_keys.keys():
-            print("\r\n UUID: %s\r\n" % vk_uuid)
+        for vk_uuid_mod in verifying_keys.keys():
+            # check the key type
+            if vk_uuid_mod.find("_ecd") != -1:
+                vk_uuid = vk_uuid_mod[:-4]
 
-            vk = self.keystore.find_verifying_key(uuid.UUID(vk_uuid))
-            if type(vk) == ecdsa.VerifyingKey:
                 ktype = "ECDSA NIST256p SHA256"
-            elif type(vk) == ed25519.VerifyingKey:
-                ktype = "ED25519"
             else:
-                ktype = "UNKNOWN"
+                vk_uuid = vk_uuid_mod
+
+                ktype = "ED25519"
 
             # check if a filtering uuid is set; if it is, filter
             if self.uuid != None:
@@ -227,7 +227,7 @@ def dump_keystore(self) -> bool:
 
             print("=" * 134)
             print("UUID: %s" % str(uuid.UUID(hex=vk_uuid)))
-            print(" VK : %s" % binascii.hexlify(verifying_keys[vk_uuid].cert).decode())
+            print(" VK : %s" % binascii.hexlify(verifying_keys[vk_uuid_mod].cert).decode())
             print(" SK : %s" % sk)
             print("TYPE: %s" % ktype)
             print("=" * 134)
@@ -265,22 +265,29 @@ def del_keypair(self) -> bool:
         try:
             # direkt access to the entries variable is needed since .certs and .private_keys
             # are class properties which are only temporary (-> editing them has no effect)
-            if self.keystore.delete_signing_key(self.uuid):
-                logger.info("Deleted signing key for UUID %s" % self.uuid_str)
-            else:
-                logger.warning("No signing key found for UUID %s" % self.uuid_str)
-
-            if self.keystore.delete_verifying_key(self.uuid):
-                logger.info("Deleted verifying key for UUID %s" % self.uuid_str)
+            if self.keystore._ks.entries.get(self.uuid.hex, None) != None:
+                # suffix-less pubkey found, delete it
+                self.keystore._ks.entries.pop(self.uuid.hex)
             else:
-                logger.warning("No verifying key found for UUID %s" % self.uuid_str)
-
+                # check for ecdsa key
+                if self.keystore._ks.entries.get(self.uuid.hex + '_ecd', None) != None:
+                    self.keystore._ks.entries.pop(self.uuid.hex + '_ecd')
+                else:
+                    # key not found
+                    raise(ValueError("No key found for UUID '%s'" % self.uuid_str))
+            try:
+                self.keystore._ks.entries.pop("pke_" + self.uuid.hex)
+            except KeyError:
+                pass
         except Exception as e:
-            logger.error("Error deleting keys!")
+            logger.error("Error deleting keys! No changes will be written!")
             logger.exception(e)
 
             return False
 
+        # write changes
+        self.keystore._ks.save(self.keystore._ks_file, self.keystore._ks_password)
+
         return True
 
     def run(self) -> int:

tools/keystore-tool.py

@@ -1,6 +1,6 @@
 """!
-@brief tool for managing keys with the keystore.
-@note this tool is based on the old version of ubirch/KeyStore.py, where the ecdsa keys were stored with uuid + _ecd suffix 
+@brief NEW tool for managing keys with the keystore.
+@note this tool is based on the current version of ubirch/KeyStore.py, where ed25519 and ecdsa keys are stored the same way. 
 """
 
 import sys
@@ -201,16 +201,16 @@ def dump_keystore(self) -> bool:
         signing_keys = self.keystore._ks.private_keys
 
         # go trough the list of verifiying keys and print information for each entry
-        for vk_uuid_mod in verifying_keys.keys():
-            # check the key type
-            if vk_uuid_mod.find("_ecd") != -1:
-                vk_uuid = vk_uuid_mod[:-4]
+        for vk_uuid in verifying_keys.keys():
+            print("\r\n UUID: %s\r\n" % vk_uuid)
 
+            vk = self.keystore.find_verifying_key(uuid.UUID(vk_uuid))
+            if type(vk) == ecdsa.VerifyingKey:
                 ktype = "ECDSA NIST256p SHA256"
-            else:
-                vk_uuid = vk_uuid_mod
-
+            elif type(vk) == ed25519.VerifyingKey:
                 ktype = "ED25519"
+            else:
+                ktype = "UNKNOWN"
 
             # check if a filtering uuid is set; if it is, filter
             if self.uuid != None:
@@ -227,7 +227,7 @@ def dump_keystore(self) -> bool:
 
             print("=" * 134)
             print("UUID: %s" % str(uuid.UUID(hex=vk_uuid)))
-            print(" VK : %s" % binascii.hexlify(verifying_keys[vk_uuid_mod].cert).decode())
+            print(" VK : %s" % binascii.hexlify(verifying_keys[vk_uuid].cert).decode())
             print(" SK : %s" % sk)
             print("TYPE: %s" % ktype)
             print("=" * 134)
@@ -265,29 +265,22 @@ def del_keypair(self) -> bool:
         try:
             # direkt access to the entries variable is needed since .certs and .private_keys
             # are class properties which are only temporary (-> editing them has no effect)
-            if self.keystore._ks.entries.get(self.uuid.hex, None) != None:
-                # suffix-less pubkey found, delete it
-                self.keystore._ks.entries.pop(self.uuid.hex)
+            if self.keystore.delete_signing_key(self.uuid):
+                logger.info("Deleted signing key for UUID %s" % self.uuid_str)
             else:
-                # check for ecdsa key
-                if self.keystore._ks.entries.get(self.uuid.hex + '_ecd', None) != None:
-                    self.keystore._ks.entries.pop(self.uuid.hex + '_ecd')
-                else:
-                    # key not found
-                    raise(ValueError("No key found for UUID '%s'" % self.uuid_str))
-            try:
-                self.keystore._ks.entries.pop("pke_" + self.uuid.hex)
-            except KeyError:
-                pass
+                logger.warning("No signing key found for UUID %s" % self.uuid_str)
+
+            if self.keystore.delete_verifying_key(self.uuid):
+                logger.info("Deleted verifying key for UUID %s" % self.uuid_str)
+            else:
+                logger.warning("No verifying key found for UUID %s" % self.uuid_str)
+
         except Exception as e:
-            logger.error("Error deleting keys! No changes will be written!")
+            logger.error("Error deleting keys!")
             logger.exception(e)
 
             return False
 
-        # write changes
-        self.keystore._ks.save(self.keystore._ks_file, self.keystore._ks_password)
-
         return True
 
     def run(self) -> int: