CA key length is configurable (minimum 4096)
This commit is contained in:
parent
b03e77d307
commit
21182a8dcf
|
@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
* Create a changelog
|
* Create a changelog
|
||||||
* Add a version number and `version` command
|
* Add a version number and `version` command
|
||||||
* Accept a `password-file` command line option to read password from a file
|
* Accept a `password-file` command line option to read password from a file
|
||||||
|
* CA key length is configurable (minimum 4096)
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
|
9
shellpki
9
shellpki
|
@ -55,7 +55,7 @@ init() {
|
||||||
if [ ! -f "${CA_KEY}" ]; then
|
if [ ! -f "${CA_KEY}" ]; then
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genrsa \
|
||||||
-out "${CA_KEY}" \
|
-out "${CA_KEY}" \
|
||||||
-aes256 4096 \
|
-aes256 ${CA_KEY_LENGTH} \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -604,7 +604,14 @@ main() {
|
||||||
PKCS12_DIR="${CA_DIR}/pkcs12"
|
PKCS12_DIR="${CA_DIR}/pkcs12"
|
||||||
OVPN_DIR="${CA_DIR}/openvpn"
|
OVPN_DIR="${CA_DIR}/openvpn"
|
||||||
|
|
||||||
|
CA_KEY_LENGTH=4096
|
||||||
|
if [ "${CA_KEY_LENGTH}" -lt 4096 ]; then
|
||||||
|
error "CA key must be at least 4096 bits long."
|
||||||
|
fi
|
||||||
KEY_LENGTH=2048
|
KEY_LENGTH=2048
|
||||||
|
if [ "${KEY_LENGTH}" -lt 2048 ]; then
|
||||||
|
error "User key must be at least 2048 bits long."
|
||||||
|
fi
|
||||||
|
|
||||||
OPENSSL_BIN=$(command -v openssl)
|
OPENSSL_BIN=$(command -v openssl)
|
||||||
SUFFIX=$(/bin/date +"%s")
|
SUFFIX=$(/bin/date +"%s")
|
||||||
|
|
Loading…
Reference in a new issue