evolix/shellpki
21
0
Fork 0
Code Issues Pull requests Releases 3 Wiki Activity

Compare commits

merge into: evolix:master
Branches Tags
evolix:master
evolix:dev
evolix:openssl-pkey
evolix:master-legacy
evolix:debian-sid
evolix:22.12.2
evolix:22.12.1
evolix:22.12
...
pull from: evolix:openssl-pkey
Branches Tags
evolix:dev
evolix:master
evolix:openssl-pkey
evolix:master-legacy
evolix:debian-sid
evolix:22.12.2
evolix:22.12.1
evolix:22.12

1 commit
master ... openssl-pk

Author SHA1 Message Date
Mathieu Trossevin 38aac7b137
Use genpkey and pkey instead of genrsa and rsa 
genrsa and rsa are being deprecated by OpenSSL and both genpkey and pkey
provides the same functionalities as genrsa and rsa will being more
configurable.
 2022-04-06 11:40:17 +02:00
1 changed files with 15 additions and 12 deletions
Show stats Expand all files Collapse all files

23
shellpki
View file

@ -137,7 +137,7 @@ warning() {
} }
verify_ca_password() { verify_ca_password() {
"${OPENSSL_BIN}" rsa \ "${OPENSSL_BIN}" pkey \
-in "${CA_KEY}" \ -in "${CA_KEY}" \
-passin pass:"${CA_PASSWORD}" \ -passin pass:"${CA_PASSWORD}" \
>/dev/null 2>&1 >/dev/null 2>&1
@ -278,17 +278,18 @@ init() {
passout_arg="" passout_arg=""
if [ -n "${CA_PASSWORD:-}" ]; then if [ -n "${CA_PASSWORD:-}" ]; then
passout_arg="-passout pass:${CA_PASSWORD}" passout_arg="-pass pass:${CA_PASSWORD}"
elif [ "${non_interactive}" -eq 1 ]; then elif [ "${non_interactive}" -eq 1 ]; then
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable." error "In non-interactive mode, you must pass CA_PASSWORD as environment variable."
fi fi
if [ ! -f "${CA_KEY}" ]; then if [ ! -f "${CA_KEY}" ]; then
"${OPENSSL_BIN}" genrsa \ "${OPENSSL_BIN}" genpkey \
-algorithm RSA \
-out "${CA_KEY}" \ -out "${CA_KEY}" \
${passout_arg} \ ${passout_arg} \
-aes256 \ -aes256 \
"${CA_KEY_LENGTH}" \ -pkeyopt "rsa_keygen_bits:${CA_KEY_LENGTH}" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181 # shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
@ -355,9 +356,10 @@ ocsp() {
port=$(echo "${ocsp_uri}" | cut -d':' -f2) port=$(echo "${ocsp_uri}" | cut -d':' -f2)
if [ ! -f "${OCSP_KEY}" ]; then if [ ! -f "${OCSP_KEY}" ]; then
"${OPENSSL_BIN}" genrsa \ "${OPENSSL_BIN}" genpkey \
-algorithm RSA \
-out "${OCSP_KEY}" \ -out "${OCSP_KEY}" \
"${KEY_LENGTH}" \ -pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181 # shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
@ -671,14 +673,15 @@ create() {
# generate private key # generate private key
pass_args="" pass_args=""
if [ -n "${password_file:-}" ]; then if [ -n "${password_file:-}" ]; then
pass_args="-aes256 -passout file:${password_file}" pass_args="-aes256 -pass file:${password_file}"
elif [ -n "${PASSWORD:-}" ]; then elif [ -n "${PASSWORD:-}" ]; then
pass_args="-aes256 -passout pass:${PASSWORD}" pass_args="-aes256 -pass pass:${PASSWORD}"
fi fi
"${OPENSSL_BIN}" genrsa \ "${OPENSSL_BIN}" genpkey \
-algorithm RSA \
-out "${key_file}" \ -out "${key_file}" \
${pass_args} \ ${pass_args} \
"${KEY_LENGTH}" \ -pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181 # shellcheck disable=SC2181
if [ "$?" -eq 0 ]; then if [ "$?" -eq 0 ]; then