diff options
author | cvsd <> | 2003-02-13 21:44:43 +0000 |
---|---|---|
committer | cvsd <> | 2003-02-13 21:44:43 +0000 |
commit | bc0c4a85c14b2d7cb05a74328739f997a1f70da4 (patch) | |
tree | 47c22ba3823e404a2b5eed7f120eb6b5ea1c4ec4 /vchat-keygen | |
parent | 63ec94ecd04985d90d5c86659e0decbeefd389f2 (diff) |
Removed signing by anon-CA. Script will not generate self-signed cert file
any longer.
Added some user hints.
cryx
Diffstat (limited to 'vchat-keygen')
-rwxr-xr-x | vchat-keygen | 106 |
1 files changed, 8 insertions, 98 deletions
diff --git a/vchat-keygen b/vchat-keygen index 08c3b6e..fa92c60 100755 --- a/vchat-keygen +++ b/vchat-keygen | |||
@@ -2,7 +2,10 @@ | |||
2 | 2 | ||
3 | # | 3 | # |
4 | # vchat-client - alpha version | 4 | # vchat-client - alpha version |
5 | # vchat-keygen - generate keypair for SSL with anon CA | 5 | # vchat-keygen - generate certificate signing request for sending to |
6 | # vchat@vchat.berlin.ccc.de | ||
7 | # | ||
8 | # changed by cryx | ||
6 | # | 9 | # |
7 | # Copyright (C) 2001 Andreas Kotes <count@flatline.de> | 10 | # Copyright (C) 2001 Andreas Kotes <count@flatline.de> |
8 | # | 11 | # |
@@ -32,96 +35,6 @@ else | |||
32 | fi | 35 | fi |
33 | 36 | ||
34 | # no certificate? dump anonymous CA to disk. | 37 | # no certificate? dump anonymous CA to disk. |
35 | if [ ! -e $KEYBASE.cert ]; then | ||
36 | if [ ! -e $KEYBASE.ca.key ]; then | ||
37 | echo "vchat-keygen: saving CA key to $KEYBASE.ca.key" | ||
38 | cat >$KEYBASE.ca.key <<EOT | ||
39 | -----BEGIN RSA PRIVATE KEY----- | ||
40 | MIIEowIBAAKCAQEA0OydKPwRccotlfz4ZhKrVM1vbRa9bWOfZ1c4C6J+iLmZMjuk | ||
41 | uALo5+c72phZjJ8qXTY+j+J4foRXgBD3qNwDFjtHaDtq4pK70WAWR7+gtnToVjvI | ||
42 | ngq++Ht82GQQK34QKBBh4U/sdS1qvQWNkW6/tDa61pRwHI9xRhXG3YmVrE0mps/o | ||
43 | JoaSxQQpk+6nTjuqfbFH+JEqzYgXLLYm5sZ3eRuClCezmQ9a1HSGW+JM4iL7xdRL | ||
44 | u8o1Ml7PahODIr/Cb4nKco8grJ+gl4ChI+V8VsUNcmmoXdtb7b0x7tCOcvp2TPIE | ||
45 | VK0sMTDCltGvXDKk3PrL+msAATJhA90FVTUjOQIDAQABAoIBAQCPZoks029J0kLd | ||
46 | 20fID/Jnf6aGkwAsMB/+d4AxhDQjtnivYP7biqvAWRfdH4r/mVQjrJLegczA0ieY | ||
47 | 8Ix86552yPNnWLkxkRO3T6ObVa2C7tV2MwytZaTUuzXi9TOgFqQSS8RTOV+MwkKs | ||
48 | QT59Xy3YDWTK2hHlmJNgTpwz/Tatjv1zTXzDkb+rGLVjpanPoOvSbth2pXJL7kRf | ||
49 | pkoDWqw59rDC6QQJxucYbueTSlw3YKg6ZJJ9dSsWf8pljCgwW0lLBHVmcsJw3C+z | ||
50 | mzZW7I4I5wACGaAMjLR1p8bPWC4VF6cP9MdRJ77VZl2//HXb0nE6SHG5V2eDxiRJ | ||
51 | NMqe/Z8BAoGBAOy6d7wRKADPPwZaLAKaKqsJSiK5DDnXloPgW4/IZrMmokQ0hF7m | ||
52 | QXXtOvDkewGvIskLXk93/f47RQdGWZ/WRVPDBlxx2VbpxACJLb+EC9BEGOS/emdZ | ||
53 | DI2934qMhGo4QCSq8I4RTDe0z+55Kj2yVzKv718J1lWaCpC+AtbIB1thAoGBAOHu | ||
54 | sfcMYV5pV28y77yO/aVRaR19CjnH9mk5kdXLzITy5hYZskgQxmlB/zvMG/nEhAKz | ||
55 | jwymL7PM0SXM/dWuz54nCYUDHdOexe2DHaFvNaalkziq3eU9B/ANY1+f/nk2TrBm | ||
56 | +TVaAYWld2X8jcXJbevy3H9IgDfzD27M6tFW1W7ZAoGAT/2eMeVWMBfXgwz7LBHt | ||
57 | 8wdbjqoasHzhtkQcjFQ6J7UZRZS9WdfSLMfxj66Uxffo+CgoQRAZuktKwu+Jn1Hm | ||
58 | 8SvIPXqW5yBsg4XW+Izk9QXdp4XwFXXooQiUvZtHryC8w+cjC85ag8RMMpesp1ZY | ||
59 | 0p7Scrm/PAOmKEycZvkGS2ECgYAWYIjZ2i0Op8pUJixedZ8jr5OEqyzHGkoKk/wg | ||
60 | u8Wu6Uvmpnbk8lxkcnfwGUAwFcmpZtVlQFR7L28LmmkNr/m6RU2JEgzzN8eMxa66 | ||
61 | nYQn1EBnnWzK1qehnAHap8MRiFJ04E4QfbCm5wOTY1c7Xr73Xp9+L9UbNYSyybL8 | ||
62 | Nuh+yQKBgHUJf3RslTr382pFcHxXNQpA5wQHhtuL+VacbddnZNZCflQoJ+Zk1/GV | ||
63 | 0fDgfrY1+LVQvo/rpm6N3FIdLSaFwn2OmZMIwLWfu4BL1NNdWMwjSWkQ8hToVe5e | ||
64 | 707+ARBWPZX0GfZXHUybrZDJNlT01brqo4DhlWxMCPrAj3XNY6yr | ||
65 | -----END RSA PRIVATE KEY----- | ||
66 | EOT | ||
67 | fi | ||
68 | if [ ! -e $KEYBASE.ca.crt ]; then | ||
69 | echo "vchat-keygen: saving CA cert to $KEYBASE.ca.crt" | ||
70 | cat >$KEYBASE.ca.crt <<EOT | ||
71 | -----BEGIN CERTIFICATE----- | ||
72 | MIIC4zCCAcugAwIBAgIBADANBgkqhkiG9w0BAQQFADAbMRkwFwYDVQQDExBBbm9u | ||
73 | eW1vdXMgRk9PIENBMB4XDTAxMDcwOTE0MzAyM1oXDTExMDcwNzE0MzAyM1owGzEZ | ||
74 | MBcGA1UEAxMQQW5vbnltb3VzIEZPTyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP | ||
75 | ADCCAQoCggEBANDsnSj8EXHKLZX8+GYSq1TNb20WvW1jn2dXOAuifoi5mTI7pLgC | ||
76 | 6OfnO9qYWYyfKl02Po/ieH6EV4AQ96jcAxY7R2g7auKSu9FgFke/oLZ06FY7yJ4K | ||
77 | vvh7fNhkECt+ECgQYeFP7HUtar0FjZFuv7Q2utaUcByPcUYVxt2JlaxNJqbP6CaG | ||
78 | ksUEKZPup047qn2xR/iRKs2IFyy2JubGd3kbgpQns5kPWtR0hlviTOIi+8XUS7vK | ||
79 | NTJez2oTgyK/wm+JynKPIKyfoJeAoSPlfFbFDXJpqF3bW+29Me7QjnL6dkzyBFSt | ||
80 | LDEwwpbRr1wypNz6y/prAAEyYQPdBVU1IzkCAwEAAaMyMDAwDwYDVR0TAQH/BAUw | ||
81 | AwEB/zAdBgNVHQ4EFgQUFsM7fh5NPHIgbUBsGqp+IAH4AjIwDQYJKoZIhvcNAQEE | ||
82 | BQADggEBALKjPE9OX+FrKOODs+d4P/QJdEwsTKwT3zHjxUTKmhIRE1qphAiEfH2g | ||
83 | IMgr/7y4MZd7FIx84qrfA+a96Yyb5QdbRu0fGlkom1JZxkKOQ2T5SiX7iU2nXMLa | ||
84 | tsFoqKwrjG4vWwN8ZrlLT72+fZGTtFCUQm7pTxd7UZcfIcmfE43OJGl155gd2X8j | ||
85 | jbbyu/lBwdJXznK86cm++lvXYJTeJEybipX/XoGoJtCZq0dGyC7vBTGnBZGmNymQ | ||
86 | 1QHQ8LjnzGK3q1ccLuGZ9QjXOjMImfPXGxiXMHO63Ph27U3jP4LEBsW3iRaUqevY | ||
87 | Id4rGHl2/jBQyE1CGeN1o9iZBGmFS1c= | ||
88 | -----END CERTIFICATE----- | ||
89 | EOT | ||
90 | fi | ||
91 | if [ -e /tmp/00.pem ]; then | ||
92 | echo "vchat-keygen: insecure files lying around, bailing out" | ||
93 | exit | ||
94 | fi | ||
95 | if [ ! -e $KEYBASE.ca.conf ]; then | ||
96 | echo "vchat-keygen: generating config-file for CA $KEYBASE.ca.conf" | ||
97 | cat >$KEYBASE.ca.conf <<EOT | ||
98 | [ ca ] | ||
99 | default_ca = default_CA | ||
100 | [ default_CA ] | ||
101 | dir = . | ||
102 | #certs = \$dir | ||
103 | new_certs_dir = /tmp | ||
104 | database = $KEYBASE.ca.db.index | ||
105 | serial = $KEYBASE.ca.db.serial | ||
106 | certificate = $KEYBASE.ca.crt | ||
107 | private_key = $KEYBASE.ca.key | ||
108 | default_days = 1825 | ||
109 | default_crl_days = 30 | ||
110 | default_md = md5 | ||
111 | preserve = no | ||
112 | x509_extensions = user_cert | ||
113 | policy = policy_anything | ||
114 | [ policy_anything ] | ||
115 | commonName = supplied | ||
116 | emailAddress = supplied | ||
117 | [ user_cert ] | ||
118 | basicConstraints = critical,CA:false | ||
119 | authorityKeyIdentifier = keyid:always | ||
120 | extendedKeyUsage = clientAuth | ||
121 | EOT | ||
122 | echo -n >$KEYBASE.ca.db.index | ||
123 | echo 00 >$KEYBASE.ca.db.serial | ||
124 | fi | ||
125 | if [ ! -e $KEYBASE.csr ]; then | 38 | if [ ! -e $KEYBASE.csr ]; then |
126 | if [ ! -e $KEYBASE.ca.keyconf ]; then | 39 | if [ ! -e $KEYBASE.ca.keyconf ]; then |
127 | echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf" | 40 | echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf" |
@@ -143,14 +56,11 @@ basicConstraints = critical,CA:false | |||
143 | EOT | 56 | EOT |
144 | fi | 57 | fi |
145 | echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr" | 58 | echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr" |
59 | echo "vchat-keygen: please enter your nickname at the 'Name []:' prompt" | ||
146 | openssl req -new -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr | 60 | openssl req -new -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr |
61 | echo "vchat-keygen: send this ($KEYBASE.csr) Certificate Signing Request to | ||
62 | vchat@vchat.berlin.ccc.de to get it signed by the vchat-CA. You will | ||
63 | receive your signed Certificate shortly." | ||
147 | else | 64 | else |
148 | echo "vchat-keygen: Certificate Signing Request $KEYBASE.csr exists" | 65 | echo "vchat-keygen: Certificate Signing Request $KEYBASE.csr exists" |
149 | fi | 66 | fi |
150 | echo "vchat-keygen: signing certificate $KEYBASE.cert" | ||
151 | openssl ca -batch -config $KEYBASE.ca.conf -out $KEYBASE.cert -in $KEYBASE.csr | ||
152 | rm /tmp/00.pem $KEYBASE.ca.* | ||
153 | echo | ||
154 | else | ||
155 | echo "vchat-keygen: certificate $KEYBASE.cert exists" | ||
156 | fi | ||