From 5ea07db20c1be00bcaa828162e931e9f4b7f589c Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Wed, 6 Apr 2022 12:14:19 +0200
Subject: [PATCH] Use `genpkey` instead of `genrsa` to generate private keys

`genrsa` is being deprecated by openssl for a long time and `genpkey` do
the same thing (and more) better so we might as well use it.
---
 CHANGELOG.md | 2 ++
 make-csr.sh  | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9d9a861..cf58fb5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,8 @@ This project does not follow semantic versioning.
 
 ### Changed
 
+* Use `genpkey` instead of `genrsa` to generate private keys.
+
 ### Deprecated
 
 ### Removed
diff --git a/make-csr.sh b/make-csr.sh
index edec878..0bc64ff 100755
--- a/make-csr.sh
+++ b/make-csr.sh
@@ -126,7 +126,7 @@ openssl_key(){
 
     [ -w "${key_dir}" ] || error "Directory ${key_dir} is not writable"
 
-    "${OPENSSL_BIN}" genrsa -out "${key}" "${size}" 2> /dev/null
+    "${OPENSSL_BIN}" genpkey -algorithm RSA -pkeyopt "rsa_keygen_bits:${size}" -out "${key}" 2> /dev/null
 
     [ -r "${key}" ] || error "Something went wrong, ${key} has not been generated"
 }