summaryrefslogtreecommitdiff
path: root/vchat-keygen
blob: 08c3b6e5df7182710f55eed28ddc382b1b700f5e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

#!/bin/sh

#
# vchat-client - alpha version
# vchat-keygen - generate keypair for SSL with anon CA
#
# Copyright (C) 2001 Andreas Kotes <count@flatline.de>
#
# This program is free software. It can be redistributed and/or modified,
# provided that this copyright notice is kept intact. This program is
# distributed in the hope that it will be useful, but without any warranty;
# without even the implied warranty of merchantability or fitness for a
# particular purpose. In no event shall the copyright holder be liable for
# any direct, indirect, incidental or special damages arising in any way out
# of the use of this software. 
#

# where do we want to store the key?
KEYBASE=$1
if [ "x$KEYBASE" = "x" ] ; then
   KEYBASE=$HOME/.vchat
fi

# no key? generate one ...
if [ ! -e $KEYBASE.key ]; then
   echo "vchat-keygen: generating RSA key $KEYBASE.key"
   echo "vchat-keygen: please set passphrase for local security"
   umask 0077
   openssl genrsa -des3 -out $KEYBASE.key 2048
else
   echo "vchat-keygen: private key $KEYBASE.key exists"
fi

# no certificate? dump anonymous CA to disk.
if [ ! -e $KEYBASE.cert ]; then
   if [ ! -e $KEYBASE.ca.key ]; then
      echo "vchat-keygen: saving CA key to $KEYBASE.ca.key"
      cat >$KEYBASE.ca.key <<EOT
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA0OydKPwRccotlfz4ZhKrVM1vbRa9bWOfZ1c4C6J+iLmZMjuk
uALo5+c72phZjJ8qXTY+j+J4foRXgBD3qNwDFjtHaDtq4pK70WAWR7+gtnToVjvI
ngq++Ht82GQQK34QKBBh4U/sdS1qvQWNkW6/tDa61pRwHI9xRhXG3YmVrE0mps/o
JoaSxQQpk+6nTjuqfbFH+JEqzYgXLLYm5sZ3eRuClCezmQ9a1HSGW+JM4iL7xdRL
u8o1Ml7PahODIr/Cb4nKco8grJ+gl4ChI+V8VsUNcmmoXdtb7b0x7tCOcvp2TPIE
VK0sMTDCltGvXDKk3PrL+msAATJhA90FVTUjOQIDAQABAoIBAQCPZoks029J0kLd
20fID/Jnf6aGkwAsMB/+d4AxhDQjtnivYP7biqvAWRfdH4r/mVQjrJLegczA0ieY
8Ix86552yPNnWLkxkRO3T6ObVa2C7tV2MwytZaTUuzXi9TOgFqQSS8RTOV+MwkKs
QT59Xy3YDWTK2hHlmJNgTpwz/Tatjv1zTXzDkb+rGLVjpanPoOvSbth2pXJL7kRf
pkoDWqw59rDC6QQJxucYbueTSlw3YKg6ZJJ9dSsWf8pljCgwW0lLBHVmcsJw3C+z
mzZW7I4I5wACGaAMjLR1p8bPWC4VF6cP9MdRJ77VZl2//HXb0nE6SHG5V2eDxiRJ
NMqe/Z8BAoGBAOy6d7wRKADPPwZaLAKaKqsJSiK5DDnXloPgW4/IZrMmokQ0hF7m
QXXtOvDkewGvIskLXk93/f47RQdGWZ/WRVPDBlxx2VbpxACJLb+EC9BEGOS/emdZ
DI2934qMhGo4QCSq8I4RTDe0z+55Kj2yVzKv718J1lWaCpC+AtbIB1thAoGBAOHu
sfcMYV5pV28y77yO/aVRaR19CjnH9mk5kdXLzITy5hYZskgQxmlB/zvMG/nEhAKz
jwymL7PM0SXM/dWuz54nCYUDHdOexe2DHaFvNaalkziq3eU9B/ANY1+f/nk2TrBm
+TVaAYWld2X8jcXJbevy3H9IgDfzD27M6tFW1W7ZAoGAT/2eMeVWMBfXgwz7LBHt
8wdbjqoasHzhtkQcjFQ6J7UZRZS9WdfSLMfxj66Uxffo+CgoQRAZuktKwu+Jn1Hm
8SvIPXqW5yBsg4XW+Izk9QXdp4XwFXXooQiUvZtHryC8w+cjC85ag8RMMpesp1ZY
0p7Scrm/PAOmKEycZvkGS2ECgYAWYIjZ2i0Op8pUJixedZ8jr5OEqyzHGkoKk/wg
u8Wu6Uvmpnbk8lxkcnfwGUAwFcmpZtVlQFR7L28LmmkNr/m6RU2JEgzzN8eMxa66
nYQn1EBnnWzK1qehnAHap8MRiFJ04E4QfbCm5wOTY1c7Xr73Xp9+L9UbNYSyybL8
Nuh+yQKBgHUJf3RslTr382pFcHxXNQpA5wQHhtuL+VacbddnZNZCflQoJ+Zk1/GV
0fDgfrY1+LVQvo/rpm6N3FIdLSaFwn2OmZMIwLWfu4BL1NNdWMwjSWkQ8hToVe5e
707+ARBWPZX0GfZXHUybrZDJNlT01brqo4DhlWxMCPrAj3XNY6yr
-----END RSA PRIVATE KEY-----
EOT
   fi
   if [ ! -e $KEYBASE.ca.crt ]; then
      echo "vchat-keygen: saving CA cert to $KEYBASE.ca.crt"
      cat >$KEYBASE.ca.crt <<EOT
-----BEGIN CERTIFICATE-----
MIIC4zCCAcugAwIBAgIBADANBgkqhkiG9w0BAQQFADAbMRkwFwYDVQQDExBBbm9u
eW1vdXMgRk9PIENBMB4XDTAxMDcwOTE0MzAyM1oXDTExMDcwNzE0MzAyM1owGzEZ
MBcGA1UEAxMQQW5vbnltb3VzIEZPTyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANDsnSj8EXHKLZX8+GYSq1TNb20WvW1jn2dXOAuifoi5mTI7pLgC
6OfnO9qYWYyfKl02Po/ieH6EV4AQ96jcAxY7R2g7auKSu9FgFke/oLZ06FY7yJ4K
vvh7fNhkECt+ECgQYeFP7HUtar0FjZFuv7Q2utaUcByPcUYVxt2JlaxNJqbP6CaG
ksUEKZPup047qn2xR/iRKs2IFyy2JubGd3kbgpQns5kPWtR0hlviTOIi+8XUS7vK
NTJez2oTgyK/wm+JynKPIKyfoJeAoSPlfFbFDXJpqF3bW+29Me7QjnL6dkzyBFSt
LDEwwpbRr1wypNz6y/prAAEyYQPdBVU1IzkCAwEAAaMyMDAwDwYDVR0TAQH/BAUw
AwEB/zAdBgNVHQ4EFgQUFsM7fh5NPHIgbUBsGqp+IAH4AjIwDQYJKoZIhvcNAQEE
BQADggEBALKjPE9OX+FrKOODs+d4P/QJdEwsTKwT3zHjxUTKmhIRE1qphAiEfH2g
IMgr/7y4MZd7FIx84qrfA+a96Yyb5QdbRu0fGlkom1JZxkKOQ2T5SiX7iU2nXMLa
tsFoqKwrjG4vWwN8ZrlLT72+fZGTtFCUQm7pTxd7UZcfIcmfE43OJGl155gd2X8j
jbbyu/lBwdJXznK86cm++lvXYJTeJEybipX/XoGoJtCZq0dGyC7vBTGnBZGmNymQ
1QHQ8LjnzGK3q1ccLuGZ9QjXOjMImfPXGxiXMHO63Ph27U3jP4LEBsW3iRaUqevY
Id4rGHl2/jBQyE1CGeN1o9iZBGmFS1c=
-----END CERTIFICATE-----
EOT
   fi
   if [ -e /tmp/00.pem ]; then
      echo "vchat-keygen: insecure files lying around, bailing out"
      exit
   fi
   if [ ! -e $KEYBASE.ca.conf ]; then
      echo "vchat-keygen: generating config-file for CA $KEYBASE.ca.conf"
      cat >$KEYBASE.ca.conf <<EOT
[ ca ]
default_ca              = default_CA
[ default_CA ]
dir                     = .
#certs                   = \$dir
new_certs_dir           = /tmp
database                = $KEYBASE.ca.db.index
serial                  = $KEYBASE.ca.db.serial
certificate             = $KEYBASE.ca.crt
private_key             = $KEYBASE.ca.key
default_days            = 1825
default_crl_days        = 30
default_md              = md5
preserve                = no
x509_extensions         = user_cert
policy                  = policy_anything
[ policy_anything ]
commonName              = supplied
emailAddress            = supplied
[ user_cert ]
basicConstraints        = critical,CA:false
authorityKeyIdentifier  = keyid:always
extendedKeyUsage        = clientAuth
EOT
      echo -n >$KEYBASE.ca.db.index
      echo 00 >$KEYBASE.ca.db.serial
   fi
   if [ ! -e $KEYBASE.csr ]; then 
      if [ ! -e $KEYBASE.ca.keyconf ]; then
         echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf"
         cat >$KEYBASE.ca.keyconf <<EOT
[ req ]
default_bits                    = 2048
default_keyfile                 = user.key
distinguished_name              = req_distinguished_name
string_mask                     = nombstr
req_extensions                  = v3_req
[ req_distinguished_name ]
commonName                      = Name
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_max                = 40
[ v3_req ]
nsCertType                      = client
basicConstraints                = critical,CA:false
EOT
      fi
      echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr"
      openssl req -new -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr
   else
      echo "vchat-keygen: Certificate Signing Request $KEYBASE.csr exists"
   fi
   echo "vchat-keygen: signing certificate $KEYBASE.cert"
   openssl ca -batch -config $KEYBASE.ca.conf -out $KEYBASE.cert -in $KEYBASE.csr
   rm /tmp/00.pem $KEYBASE.ca.*
   echo
else
   echo "vchat-keygen: certificate $KEYBASE.cert exists"
fi
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 06:42:04 +0000