From 0bb337f56cbbf7858bf6d08a659f97e567fd4fd0 Mon Sep 17 00:00:00 2001
From: Romain Dessort <rdessort@evolix.fr>
Date: Tue, 15 Oct 2013 14:01:38 +0200
Subject: [PATCH] Add possibility to encrypt private keys.

---
 shellpki.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/shellpki.sh b/shellpki.sh
index d14c97c..87e8557 100755
--- a/shellpki.sh
+++ b/shellpki.sh
@@ -61,7 +61,13 @@ create() {
     mkdir $DIR
 
 # generate private key
-$OPENSSL genrsa -out $DIR/$cn.key 2048
+echo -n "Should private key be protected by a passphrase? [y/N] "
+read
+if [ "$REPLY" = "y" ] || [ "REPLY" = "Y" ]; then
+    $OPENSSL genrsa -des -out $DIR/$cn.key 2048
+else
+    $OPENSSL genrsa -out $DIR/$cn.key 2048
+fi
 
 # generate csr req
 $OPENSSL req 		\