summaryrefslogtreecommitdiff
path: root/vchat-keygen
diff options
context:
space:
mode:
authorCristian Yxen <cryx@h3q.com>2024-03-14 14:34:45 +0100
committerCristian Yxen <cryx@h3q.com>2024-03-14 14:34:45 +0100
commitbbf5d1685442431812387c77ed1cfd546824de88 (patch)
tree98cfaa7efbe68e8f70f6a94261ccef404011f111 /vchat-keygen
parent82f142c0acc87e55373102687aa718effcbf7cb9 (diff)
make use of AES256 encrypted EC keys and use newer hashesHEADmaster
Diffstat (limited to 'vchat-keygen')
-rwxr-xr-xvchat-keygen7
1 files changed, 4 insertions, 3 deletions
diff --git a/vchat-keygen b/vchat-keygen
index 91fcbba..4163838 100755
--- a/vchat-keygen
+++ b/vchat-keygen
@@ -29,7 +29,8 @@ if [ ! -e $KEYBASE.key ]; then
29 echo "vchat-keygen: generating RSA key $KEYBASE.key" 29 echo "vchat-keygen: generating RSA key $KEYBASE.key"
30 echo "vchat-keygen: please set passphrase for local security" 30 echo "vchat-keygen: please set passphrase for local security"
31 umask 0077 31 umask 0077
32 openssl genrsa -des3 -out $KEYBASE.key 4096 32 openssl ecparam -genkey -name secp384r1 | \
33 openssl ec -out $KEYBASE.key -aes256
33else 34else
34 echo "vchat-keygen: private key $KEYBASE.key exists" 35 echo "vchat-keygen: private key $KEYBASE.key exists"
35fi 36fi
@@ -40,11 +41,11 @@ fi
40 echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf" 41 echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf"
41 cat >$KEYBASE.ca.keyconf <<EOT 42 cat >$KEYBASE.ca.keyconf <<EOT
42[ req ] 43[ req ]
43default_bits = 4096
44default_keyfile = user.key 44default_keyfile = user.key
45distinguished_name = req_distinguished_name 45distinguished_name = req_distinguished_name
46string_mask = nombstr 46string_mask = nombstr
47req_extensions = v3_req 47req_extensions = v3_req
48default_md = sha384
48[ req_distinguished_name ] 49[ req_distinguished_name ]
49commonName = Name 50commonName = Name
50commonName_max = 64 51commonName_max = 64
@@ -57,7 +58,7 @@ EOT
57 fi 58 fi
58 echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr" 59 echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr"
59 echo "vchat-keygen: please enter your nickname at the 'Name []:' prompt" 60 echo "vchat-keygen: please enter your nickname at the 'Name []:' prompt"
60 openssl req -new -sha1 -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr 61 openssl req -new -sha256 -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr
61 echo "vchat-keygen: send this ($KEYBASE.csr) Certificate Signing Request to 62 echo "vchat-keygen: send this ($KEYBASE.csr) Certificate Signing Request to
62 vchat@vchat.berlin.ccc.de to get it signed by the vchat-CA. You will 63 vchat@vchat.berlin.ccc.de to get it signed by the vchat-CA. You will
63 receive your signed Certificate shortly." 64 receive your signed Certificate shortly."