open-eid
diff --git a/‎CHANGELOG.md‎
Lines changed: 7 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 8 additions & 2 deletions b/‎README.md‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎cdoc2-cli/README.md‎
Lines changed: 4 additions & 4 deletions b/‎cdoc2-cli/README.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎cdoc2-cli/config/localhost/clienttruststore.jks‎
704 Bytes b/‎cdoc2-cli/config/localhost/clienttruststore.jks‎
704 Bytes
diff --git a/‎cdoc2-cli/config/ria-dev/README.md‎
Lines changed: 1 addition & 1 deletion b/‎cdoc2-cli/config/ria-dev/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cdoc2-cli/config/ria-test/README.md‎
Lines changed: 1 addition & 1 deletion b/‎cdoc2-cli/config/ria-test/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cdoc2-cli/config/ria-test/ria-test_p12.properties‎
Lines changed: 0 additions & 1 deletion b/‎cdoc2-cli/config/ria-test/ria-test_p12.properties‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎cdoc2-cli/keys/38001085718_cert.pem‎
Lines changed: 24 additions & 0 deletions b/‎cdoc2-cli/keys/38001085718_cert.pem‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎cdoc2-cli/keys/README.md‎
Lines changed: 11 additions & 0 deletions b/‎cdoc2-cli/keys/README.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎cdoc2-cli/keys/cdoc2client-certificate.pem‎
Lines changed: 13 additions & 13 deletions b/‎cdoc2-cli/keys/cdoc2client-certificate.pem‎
Lines changed: 13 additions & 13 deletions
@@ -1,5 +1,11 @@
 # Changelog
 
+## [1.4.0] Key label formatting (2024-XX-XX)
+
+### Internal
+
+* Upgraded Spring 3.2.5 -> 3.3.3 + other third-party dependency updates
+
 ## [1.3.0] '/key-capsules' OAS v2.1.0 support (2024-07-02)
 
 ### Features
@@ -9,7 +15,7 @@
   Label is not required, when CDOC2 file contains single password recipient.
 * Add example project to demonstrate usage of cdoc2-java-ref-impl with cdoc4j (convert cdoc -> cdoc2)
 
-## [1.2.0 ] Repository split and maintenance (2024-05-30)
+## [1.2.0] Repository split and maintenance (2024-05-30)
 
 ### Features
 
 
@@ -231,10 +231,16 @@ To run the tests using a physical PKCS11 device (smart card or usb token), execu
 mvn test -Dtests=pkcs11
 ```
 
-The pkcs11 device configuration (PKCS11 library, slot, pin, etc) can be specified using `cdoc2.pkcs11.conf-file` system property, for example:
+The pkcs11 device configuration (PKCS11 library, slot, pin, etc) can be specified using 
+`cdoc2.pkcs11.conf-file` system property, for example run with configuration file from filesystem 
+from the root of the project:
 
 ```
-mvn test -Dtests=pkcs11 -Dcdoc2.pkcs11.conf-file=pkcs11-test-safenet.properties
+mvn test -Dtests=pkcs11 -Dcdoc2.pkcs11.conf-file=src/test/resources/pkcs11-test-safenet.properties
+```
+or
+```
+mvn test -Dtests=pkcs11 -Dcdoc2.pkcs11.conf-file=src/test/resources/pkcs11-test-idcard.properties
 ```
 
 By default, the pkcs11 configuration is read from the file `pkcs11-test-idcard.properties`.
 
@@ -50,7 +50,7 @@ Optionally cdoc2-cli also supports encrypting with "soft" key or certificate
 
 Public key (`-p`)
 ```
-java -jar target/cdoc2-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost.cdoc -p keys/cdoc2client_pub.pem README.md
+java -jar target/cdoc2-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost.cdoc -p keys/cdoc2client_pub.key README.md
 ```
 
 Certificate (`-c` option):
@@ -143,7 +143,7 @@ It is also possible to decrypt documents created with "soft" keys, but configura
 key (read separately from a file) must match. Also, server must be configured to trust client certificate used for
 mutual TLS.
 ```
-java -jar target/cdoc2-cli-*.jar decrypt --server=config/localhost/localhost_pkcs12.properties -f /tmp/localhost.cdoc -k keys/cdoc2client.pem -o /tmp/
+java -jar target/cdoc2-cli-*.jar decrypt --server=config/localhost/localhost_pkcs12.properties -f /tmp/localhost.cdoc -k keys/cdoc2client_priv.key -o /tmp/
 ```
 
 
@@ -178,7 +178,7 @@ java -jar target/cdoc2-cli-*.jar list --file /tmp/mydoc.cdoc -k keys/bob.pem
 or with server scenario:
 
 ```
-java -jar target/cdoc2-cli-*.jar list --server=config/localhost/localhost_pkcs12.properties -f /tmp/localhost.cdoc -k keys/cdoc2client.pem
+java -jar target/cdoc2-cli-*.jar list --server=config/localhost/localhost_pkcs12.properties -f /tmp/localhost.cdoc -k keys/cdoc2client_priv.key
 ```
 
 or with password:
@@ -253,7 +253,7 @@ java -jar target/cdoc2-cli-*.jar create --file /tmp/mydoc.cdoc -c keys/cdoc2clie
 
 Decrypt created container with private key:
 ```
-java -jar target/cdoc2-cli-*.jar decrypt -f /tmp/mydoc.cdoc -k keys/cdoc2client.pem --output /tmp
+java -jar target/cdoc2-cli-*.jar decrypt -f /tmp/mydoc.cdoc -k keys/cdoc2client_priv.key --output /tmp
 ```
 
 ### Troubleshooting ID-card
 
@@ -26,7 +26,7 @@ Client certificate must be trusted by server
 
 ### Encrypt
 ```
-java -jar target/cdoc2-cli-*.jar create --server=config/ria-dev/ria-dev_pkcs12.properties -f /tmp/ria_p12.cdoc -p keys/cdoc2client_pub.pem README.md
+java -jar target/cdoc2-cli-*.jar create --server=config/ria-dev/ria-dev_pkcs12.properties -f /tmp/ria_p12.cdoc -p keys/cdoc2client_pub.key README.md
 ```
 
 ### Decrypt
 
@@ -26,7 +26,7 @@ Client certificate must be trusted by server
 
 ### Encrypt
 ```
-java -jar target/cdoc2-cli-*.jar create --server=config/ria-test/ria-test_p12.properties -f /tmp/ria_p12.cdoc -p keys/cdoc2client_pub.pem README.md
+java -jar target/cdoc2-cli-*.jar create --server=config/ria-test/ria-test_p12.properties -f /tmp/ria_p12.cdoc -p keys/cdoc2client_pub.key README.md
 ```
 
 ### Decrypt
 
@@ -19,4 +19,3 @@ cdoc2.client.ssl.trust-store-password=passwd
 cdoc2.client.ssl.client-store.type=PKCS12
 cdoc2.client.ssl.client-store=keys/cdoc2client.p12
 cdoc2.client.ssl.client-store-password=passwd
-
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDjCCA2+gAwIBAgIQaLfRQQSV3nMFgzOBgc5eKjAKBggqhkjOPQQDBDBgMQsw
+CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh
+DA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4X
+DTIzMTEyOTA3MTYwOVoXDTI4MTEyODIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAo
+BgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UE
+BAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5P
+RUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASrgI6qFJh+LloJ
+pNRwTL+89OVYygtOHVFuKpAuf7ZcLPnsaAnynvUTn9I8AvSzLnR7pzRVPDir+tTe
+k2Hp9IzwF067hOf8NKp3WbkaGk74Gdcd9RGPLfzDi+YcTj9zniWjggHNMIIByTAJ
+BgNVHRMEAjAAMB8GA1UdIwQYMBaAFMCEmSnETp87AjT2meEKVgAIKT57MHMGCCsG
+AQUFBwEBBGcwZTA1BggrBgEFBQcwAoYpaHR0cDovL2Muc2suZWUvVGVzdF9vZl9F
+U1RFSUQyMDE4LmRlci5jcnQwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5z
+ay5lZS9lc3RlaWQyMDE4MB8GA1UdEQQYMBaBFDM4MDAxMDg1NzE4QGVlc3RpLmVl
+MEcGA1UdIARAMD4wMgYLKwYBBAGDkSEBAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6
+Ly93d3cuc2suZWUvQ1BTMAgGBgQAj3oBAjAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AgYIKwYBBQUHAwQwawYIKwYBBQUHAQMEXzBdMAgGBgQAjkYBATBRBgYEAI5GAQUw
+RzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3It
+dXNlLW9mLWNlcnRpZmljYXRlcy8TAmVuMB0GA1UdDgQWBBS4o0jDfX8kNdQdsOqq
+S3Yvx0vk2jAOBgNVHQ8BAf8EBAMCA4gwCgYIKoZIzj0EAwQDgYwAMIGIAkIA52jr
+H5u3U+KQ8gWuXFi+3hqsR6O0NG5hoFQN6Qk1P3xH1U9WEYrzBrfMTRAxAGHGh6JX
+jxjGyHAwiMVBnD4UBWUCQgFU4YC4yybxs6lsWp9h8pvLb72eqibkq50Jjb19bwhk
+mPaHamWsjrX1071PHqk7W4szaKrxy49qBuoiouLtjug9hQ==
+-----END CERTIFICATE-----
@@ -1,5 +1,16 @@
 This directory contains pre-generate EC keys and downloaded id-card certificates.
 
+## Extract private and public keys from newly generated client certificate only if it was updated in capsule server
+Remote repository and branches must be set up manually in `remote_repository.sh` before running keys
+extracting script to copy updated client-certificate.pem and keystore cdoc2client.p12 from
+cdoc2-capsule-server/cdoc2-server/keys into cdoc2-cli/keys.
+Then run following script `extract_client_keys.sh` here for extracting keys from certificate:
+
+```bash
+source remote_repository.sh
+sh extract_client_keys.sh
+```
+
 ## Convert X509 Certificate DER to PEM
 .der and .cer are the same binary format. 
 ```
 
@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICWTCCAd+gAwIBAgIJAIGzuV1v0kYtMAoGCCqGSM49BAMEMHQxCzAJBgNVBAYT
-AkVFMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRcwFQYDVQQK
-Ew5DeWJlcm5ldGljYSBBUzEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UEAxMNY2Rv
-YzIwLWNsaWVudDAeFw0yMjA1MDIxMTQ5MjZaFw0yMjA3MzExMTQ5MjZaMHQxCzAJ
-BgNVBAYTAkVFMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRcw
-FQYDVQQKEw5DeWJlcm5ldGljYSBBUzEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UE
-AxMNY2RvYzIwLWNsaWVudDB2MBAGByqGSM49AgEGBSuBBAAiA2IABFR25IttEoB7
-fwzJi5KOaVMTNrfGgXlC/SilElVubX8hmGL4orYq/oP5jP6dERD7Fnw4XUk7SQgr
-j70moX9K+3CISafQVEvEjhhgljBLV9jSiZuB2twrkmBN7ihLGig7e6M9MDswHQYD
-VR0OBBYEFGZcVZHppMn0R9RJOpYYE3VbPnz6MBoGA1UdEQQTMBGHBH8AAAGCCWxv
-Y2FsaG9zdDAKBggqhkjOPQQDBANoADBlAjEA3d+oUUShWb2DHPpyIY4y6/Fk25ow
-Dy5oHThaRh5/6GY0APVFIp/kd6lm3fY/JmORAjAO7+sHJ2fsUzNq5o1cPK65roDJ
-glqz1a3PNEiYGQJhduVaJ5Qqu4GeyxmWr4oiw+U=
+MIICVTCCAdygAwIBAgIIJkGb9aO/rHQwCgYIKoZIzj0EAwQwczELMAkGA1UEBhMC
+RUUxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xFzAVBgNVBAoT
+DkN5YmVybmV0aWNhIEFTMRAwDgYDVQQLEwdVbmtub3duMRUwEwYDVQQDEwxjZG9j
+Mi1jbGllbnQwHhcNMjQwODA5MTI0MzE2WhcNMzQwODA3MTI0MzE2WjBzMQswCQYD
+VQQGEwJFRTEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEXMBUG
+A1UEChMOQ3liZXJuZXRpY2EgQVMxEDAOBgNVBAsTB1Vua25vd24xFTATBgNVBAMT
+DGNkb2MyLWNsaWVudDB2MBAGByqGSM49AgEGBSuBBAAiA2IABCdUFlDBrYlsWLsh
+venBl8MfdsAuLgab0m6Gyja1vZ3czlNc+1vKg4GYVFB6cxBeOBYTv+86JCCsb5Fn
+PYxFapfy+r995ZJ4n0fb/zu48Sg0rCslvrtnymv8aQlnM36VDKM9MDswHQYDVR0O
+BBYEFBDO/vmkajznwVReDa4EXoVS098XMBoGA1UdEQQTMBGHBH8AAAGCCWxvY2Fs
+aG9zdDAKBggqhkjOPQQDBANnADBkAjBvuj4xfDHQiwiYUFojROonwdSIFlzDy8bh
+wuOZ48KyQmXeg6qcZ26gstrBkYL/eIECMCnwm75rA7VydL4SiH70qdu5May1tm0g
+tc9VikmIarZX+d6rHJmCQ0eo6Vi1U8BYXg==
 -----END CERTIFICATE-----