From bbf5d1685442431812387c77ed1cfd546824de88 Mon Sep 17 00:00:00 2001 From: Cristian Yxen Date: Thu, 14 Mar 2024 14:34:45 +0100 Subject: make use of AES256 encrypted EC keys and use newer hashes --- vchat-keygen | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/vchat-keygen b/vchat-keygen index 91fcbba..4163838 100755 --- a/vchat-keygen +++ b/vchat-keygen @@ -29,7 +29,8 @@ if [ ! -e $KEYBASE.key ]; then echo "vchat-keygen: generating RSA key $KEYBASE.key" echo "vchat-keygen: please set passphrase for local security" umask 0077 - openssl genrsa -des3 -out $KEYBASE.key 4096 + openssl ecparam -genkey -name secp384r1 | \ + openssl ec -out $KEYBASE.key -aes256 else echo "vchat-keygen: private key $KEYBASE.key exists" fi @@ -40,11 +41,11 @@ fi echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf" cat >$KEYBASE.ca.keyconf <