From 835010d04ad11c4fdbd5520700818da862da2e4d 2020-07-20 23:49:04
From: Branko Majic <branko@majic.rs>
Date: 2020-07-20 23:49:04
Subject: [PATCH] GC-37: Update CLI examples to cover key specification usage.

---

diff --git a/gimmecert/cli.py b/gimmecert/cli.py
index 360244e5e2dacad79d3adf65cbdf0fa4eb42ec70..e36d3569f264b3857897de6ec8e88bf8b659b347 100644
--- a/gimmecert/cli.py
+++ b/gimmecert/cli.py
@@ -45,6 +45,9 @@ Examples:
     # Initialise the local CA hierarchy and all the necessary directories.
     gimmecert init
 
+    # Initialise the local CA hierarchy while generating secp256r1 ECDSA keys.
+    gimmecert init --key-specification ecdsa:secp256r1
+
     # Issue a TLS server certificate with only the server name in DNS subject alternative name.
     gimmecert server myserver
 
@@ -54,15 +57,24 @@ Examples:
     # Issue a TLS server certificate by using public key from the CSR (naming/extensions are ignored).
     gimmecert server myserver --csr /tmp/myserver.csr.pem
 
+    # Issue a TLS server certificate while generating 3072-bit RSA key.
+    gimmecert server myserver --key-specification rsa:3072
+
     # Issue a TLS client certificate.
     gimmecert client myclient
 
     # Issue a TLS client certificate by using public key from the CSR (naming/extensions are ignored).
     gimmecert client myclient --csr /tmp/myclient.csr.pem
 
+    # Issue a TLS client certificate while generating 1024-bit RSA key.
+    gimmecert client myclient --key-specification rsa:1024
+
     # Renew a TLS server certificate, preserving naming and private key.
     gimmecert renew server myserver
 
+    # Renew a TLS server certificate, generating a new private key using specified key algorithm/parameters.
+    gimmecert renew server myserver --new-private-key --key-specification ecdsa:secp224r1
+
     # Renew a TLS server certificate, replacing the extra DNS names, but keeping the private key.
     gimmecert server myserver wrongdns.local
     gimmecert renew server myserver --update-dns-names "correctdns1.local,correctdns2.local"
@@ -74,6 +86,9 @@ Examples:
     # Renew a TLS client certificate, preserving naming and private key.
     gimmecert renew client myclient
 
+    # Renew a TLS client certificate, generating a new private key using specified key algorithm/parameters.
+    gimmecert renew client myclient --new-private-key --key-specification ecdsa:secp521r1
+
     # Show information about CA hierarchy and issued certificates.
     gimmecert status
 """