summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcvsd <>2003-02-13 21:44:43 +0000
committercvsd <>2003-02-13 21:44:43 +0000
commitbc0c4a85c14b2d7cb05a74328739f997a1f70da4 (patch)
tree47c22ba3823e404a2b5eed7f120eb6b5ea1c4ec4
parent63ec94ecd04985d90d5c86659e0decbeefd389f2 (diff)
Removed signing by anon-CA. Script will not generate self-signed cert file
any longer. Added some user hints. cryx
-rwxr-xr-xvchat-keygen106
1 files changed, 8 insertions, 98 deletions
diff --git a/vchat-keygen b/vchat-keygen
index 08c3b6e..fa92c60 100755
--- a/vchat-keygen
+++ b/vchat-keygen
@@ -2,7 +2,10 @@
2 2
3# 3#
4# vchat-client - alpha version 4# vchat-client - alpha version
5# vchat-keygen - generate keypair for SSL with anon CA 5# vchat-keygen - generate certificate signing request for sending to
6# vchat@vchat.berlin.ccc.de
7#
8# changed by cryx
6# 9#
7# Copyright (C) 2001 Andreas Kotes <count@flatline.de> 10# Copyright (C) 2001 Andreas Kotes <count@flatline.de>
8# 11#
@@ -32,96 +35,6 @@ else
32fi 35fi
33 36
34# no certificate? dump anonymous CA to disk. 37# no certificate? dump anonymous CA to disk.
35if [ ! -e $KEYBASE.cert ]; then
36 if [ ! -e $KEYBASE.ca.key ]; then
37 echo "vchat-keygen: saving CA key to $KEYBASE.ca.key"
38 cat >$KEYBASE.ca.key <<EOT
39-----BEGIN RSA PRIVATE KEY-----
40MIIEowIBAAKCAQEA0OydKPwRccotlfz4ZhKrVM1vbRa9bWOfZ1c4C6J+iLmZMjuk
41uALo5+c72phZjJ8qXTY+j+J4foRXgBD3qNwDFjtHaDtq4pK70WAWR7+gtnToVjvI
42ngq++Ht82GQQK34QKBBh4U/sdS1qvQWNkW6/tDa61pRwHI9xRhXG3YmVrE0mps/o
43JoaSxQQpk+6nTjuqfbFH+JEqzYgXLLYm5sZ3eRuClCezmQ9a1HSGW+JM4iL7xdRL
44u8o1Ml7PahODIr/Cb4nKco8grJ+gl4ChI+V8VsUNcmmoXdtb7b0x7tCOcvp2TPIE
45VK0sMTDCltGvXDKk3PrL+msAATJhA90FVTUjOQIDAQABAoIBAQCPZoks029J0kLd
4620fID/Jnf6aGkwAsMB/+d4AxhDQjtnivYP7biqvAWRfdH4r/mVQjrJLegczA0ieY
478Ix86552yPNnWLkxkRO3T6ObVa2C7tV2MwytZaTUuzXi9TOgFqQSS8RTOV+MwkKs
48QT59Xy3YDWTK2hHlmJNgTpwz/Tatjv1zTXzDkb+rGLVjpanPoOvSbth2pXJL7kRf
49pkoDWqw59rDC6QQJxucYbueTSlw3YKg6ZJJ9dSsWf8pljCgwW0lLBHVmcsJw3C+z
50mzZW7I4I5wACGaAMjLR1p8bPWC4VF6cP9MdRJ77VZl2//HXb0nE6SHG5V2eDxiRJ
51NMqe/Z8BAoGBAOy6d7wRKADPPwZaLAKaKqsJSiK5DDnXloPgW4/IZrMmokQ0hF7m
52QXXtOvDkewGvIskLXk93/f47RQdGWZ/WRVPDBlxx2VbpxACJLb+EC9BEGOS/emdZ
53DI2934qMhGo4QCSq8I4RTDe0z+55Kj2yVzKv718J1lWaCpC+AtbIB1thAoGBAOHu
54sfcMYV5pV28y77yO/aVRaR19CjnH9mk5kdXLzITy5hYZskgQxmlB/zvMG/nEhAKz
55jwymL7PM0SXM/dWuz54nCYUDHdOexe2DHaFvNaalkziq3eU9B/ANY1+f/nk2TrBm
56+TVaAYWld2X8jcXJbevy3H9IgDfzD27M6tFW1W7ZAoGAT/2eMeVWMBfXgwz7LBHt
578wdbjqoasHzhtkQcjFQ6J7UZRZS9WdfSLMfxj66Uxffo+CgoQRAZuktKwu+Jn1Hm
588SvIPXqW5yBsg4XW+Izk9QXdp4XwFXXooQiUvZtHryC8w+cjC85ag8RMMpesp1ZY
590p7Scrm/PAOmKEycZvkGS2ECgYAWYIjZ2i0Op8pUJixedZ8jr5OEqyzHGkoKk/wg
60u8Wu6Uvmpnbk8lxkcnfwGUAwFcmpZtVlQFR7L28LmmkNr/m6RU2JEgzzN8eMxa66
61nYQn1EBnnWzK1qehnAHap8MRiFJ04E4QfbCm5wOTY1c7Xr73Xp9+L9UbNYSyybL8
62Nuh+yQKBgHUJf3RslTr382pFcHxXNQpA5wQHhtuL+VacbddnZNZCflQoJ+Zk1/GV
630fDgfrY1+LVQvo/rpm6N3FIdLSaFwn2OmZMIwLWfu4BL1NNdWMwjSWkQ8hToVe5e
64707+ARBWPZX0GfZXHUybrZDJNlT01brqo4DhlWxMCPrAj3XNY6yr
65-----END RSA PRIVATE KEY-----
66EOT
67 fi
68 if [ ! -e $KEYBASE.ca.crt ]; then
69 echo "vchat-keygen: saving CA cert to $KEYBASE.ca.crt"
70 cat >$KEYBASE.ca.crt <<EOT
71-----BEGIN CERTIFICATE-----
72MIIC4zCCAcugAwIBAgIBADANBgkqhkiG9w0BAQQFADAbMRkwFwYDVQQDExBBbm9u
73eW1vdXMgRk9PIENBMB4XDTAxMDcwOTE0MzAyM1oXDTExMDcwNzE0MzAyM1owGzEZ
74MBcGA1UEAxMQQW5vbnltb3VzIEZPTyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
75ADCCAQoCggEBANDsnSj8EXHKLZX8+GYSq1TNb20WvW1jn2dXOAuifoi5mTI7pLgC
766OfnO9qYWYyfKl02Po/ieH6EV4AQ96jcAxY7R2g7auKSu9FgFke/oLZ06FY7yJ4K
77vvh7fNhkECt+ECgQYeFP7HUtar0FjZFuv7Q2utaUcByPcUYVxt2JlaxNJqbP6CaG
78ksUEKZPup047qn2xR/iRKs2IFyy2JubGd3kbgpQns5kPWtR0hlviTOIi+8XUS7vK
79NTJez2oTgyK/wm+JynKPIKyfoJeAoSPlfFbFDXJpqF3bW+29Me7QjnL6dkzyBFSt
80LDEwwpbRr1wypNz6y/prAAEyYQPdBVU1IzkCAwEAAaMyMDAwDwYDVR0TAQH/BAUw
81AwEB/zAdBgNVHQ4EFgQUFsM7fh5NPHIgbUBsGqp+IAH4AjIwDQYJKoZIhvcNAQEE
82BQADggEBALKjPE9OX+FrKOODs+d4P/QJdEwsTKwT3zHjxUTKmhIRE1qphAiEfH2g
83IMgr/7y4MZd7FIx84qrfA+a96Yyb5QdbRu0fGlkom1JZxkKOQ2T5SiX7iU2nXMLa
84tsFoqKwrjG4vWwN8ZrlLT72+fZGTtFCUQm7pTxd7UZcfIcmfE43OJGl155gd2X8j
85jbbyu/lBwdJXznK86cm++lvXYJTeJEybipX/XoGoJtCZq0dGyC7vBTGnBZGmNymQ
861QHQ8LjnzGK3q1ccLuGZ9QjXOjMImfPXGxiXMHO63Ph27U3jP4LEBsW3iRaUqevY
87Id4rGHl2/jBQyE1CGeN1o9iZBGmFS1c=
88-----END CERTIFICATE-----
89EOT
90 fi
91 if [ -e /tmp/00.pem ]; then
92 echo "vchat-keygen: insecure files lying around, bailing out"
93 exit
94 fi
95 if [ ! -e $KEYBASE.ca.conf ]; then
96 echo "vchat-keygen: generating config-file for CA $KEYBASE.ca.conf"
97 cat >$KEYBASE.ca.conf <<EOT
98[ ca ]
99default_ca = default_CA
100[ default_CA ]
101dir = .
102#certs = \$dir
103new_certs_dir = /tmp
104database = $KEYBASE.ca.db.index
105serial = $KEYBASE.ca.db.serial
106certificate = $KEYBASE.ca.crt
107private_key = $KEYBASE.ca.key
108default_days = 1825
109default_crl_days = 30
110default_md = md5
111preserve = no
112x509_extensions = user_cert
113policy = policy_anything
114[ policy_anything ]
115commonName = supplied
116emailAddress = supplied
117[ user_cert ]
118basicConstraints = critical,CA:false
119authorityKeyIdentifier = keyid:always
120extendedKeyUsage = clientAuth
121EOT
122 echo -n >$KEYBASE.ca.db.index
123 echo 00 >$KEYBASE.ca.db.serial
124 fi
125 if [ ! -e $KEYBASE.csr ]; then 38 if [ ! -e $KEYBASE.csr ]; then
126 if [ ! -e $KEYBASE.ca.keyconf ]; then 39 if [ ! -e $KEYBASE.ca.keyconf ]; then
127 echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf" 40 echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf"
@@ -143,14 +56,11 @@ basicConstraints = critical,CA:false
143EOT 56EOT
144 fi 57 fi
145 echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr" 58 echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr"
59 echo "vchat-keygen: please enter your nickname at the 'Name []:' prompt"
146 openssl req -new -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr 60 openssl req -new -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr
61 echo "vchat-keygen: send this ($KEYBASE.csr) Certificate Signing Request to
62 vchat@vchat.berlin.ccc.de to get it signed by the vchat-CA. You will
63 receive your signed Certificate shortly."
147 else 64 else
148 echo "vchat-keygen: Certificate Signing Request $KEYBASE.csr exists" 65 echo "vchat-keygen: Certificate Signing Request $KEYBASE.csr exists"
149 fi 66 fi
150 echo "vchat-keygen: signing certificate $KEYBASE.cert"
151 openssl ca -batch -config $KEYBASE.ca.conf -out $KEYBASE.cert -in $KEYBASE.csr
152 rm /tmp/00.pem $KEYBASE.ca.*
153 echo
154else
155 echo "vchat-keygen: certificate $KEYBASE.cert exists"
156fi