CA key length is configurable (minimum 4096)
This commit is contained in:
parent
b03e77d307
commit
21182a8dcf
|
@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
* Create a changelog
|
||||
* Add a version number and `version` command
|
||||
* Accept a `password-file` command line option to read password from a file
|
||||
* CA key length is configurable (minimum 4096)
|
||||
|
||||
### Changed
|
||||
|
||||
|
|
9
shellpki
9
shellpki
|
@ -55,7 +55,7 @@ init() {
|
|||
if [ ! -f "${CA_KEY}" ]; then
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
-out "${CA_KEY}" \
|
||||
-aes256 4096 \
|
||||
-aes256 ${CA_KEY_LENGTH} \
|
||||
>/dev/null 2>&1
|
||||
fi
|
||||
|
||||
|
@ -604,7 +604,14 @@ main() {
|
|||
PKCS12_DIR="${CA_DIR}/pkcs12"
|
||||
OVPN_DIR="${CA_DIR}/openvpn"
|
||||
|
||||
CA_KEY_LENGTH=4096
|
||||
if [ "${CA_KEY_LENGTH}" -lt 4096 ]; then
|
||||
error "CA key must be at least 4096 bits long."
|
||||
fi
|
||||
KEY_LENGTH=2048
|
||||
if [ "${KEY_LENGTH}" -lt 2048 ]; then
|
||||
error "User key must be at least 2048 bits long."
|
||||
fi
|
||||
|
||||
OPENSSL_BIN=$(command -v openssl)
|
||||
SUFFIX=$(/bin/date +"%s")
|
||||
|
|
Loading…
Reference in a new issue