summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xlib/keyringer/actions/genkeys31
1 files changed, 18 insertions, 13 deletions
diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys
index 6fc6dcd..0a33725 100755
--- a/lib/keyringer/actions/genkeys
+++ b/lib/keyringer/actions/genkeys
@@ -4,10 +4,10 @@
#
# This script is just a wrapper to easily generate keys for
# automated systems.
-#
+#
# Generate a keypair, ssh version
-function genpair_ssh {
+function genkeys_ssh {
echo "Make sure that $KEYDIR is atop of an encrypted volume."
read -p "Hit ENTER to continue." prompt
@@ -27,11 +27,11 @@ function genpair_ssh {
cat "$TMPWORK/id_rsa.pub" > "$OUTFILE.pub"
fi
- echo "Done"
+ echo "Done"
}
# Generate a keypair, gpg version
-function genpair_gpg {
+function genkeys_gpg {
echo "Make sure that $KEYDIR is atop of an encrypted volume."
passphrase="no"
@@ -47,7 +47,7 @@ function genpair_gpg {
echo "Password don't match."
fi
done
-
+
# TODO: insert random bytes
# TODO: custom Name-Comment and Name-Email
# TODO: allow for empty passphrases
@@ -78,11 +78,16 @@ EOF
$GPG --armor --homedir "$TMPWORK" --export > "$OUTFILE.pub"
fi
- echo "Done"
+ echo "Done"
+}
+
+# Alias
+function genkeys_ssl {
+ genkeys_x509 $*
}
# Generate a keypair, ssl version
-function genpair_ssl {
+function genkeys_x509 {
echo "Make sure that $KEYDIR is atop of an encrypted volume."
read -p "Hit ENTER to continue." prompt
@@ -148,7 +153,7 @@ EOF
cat "${NODE}_privatekey.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.pem"
echo "Encrypting certificate request into keyringer..."
cat "${NODE}_csr.pem" | keyringer_exec encrypt "$BASEDIR" "$FILE.csr"
-
+
if [ "$KEYTYPE" == "ssl-self" ]; then
echo "Encrypting certificate into keyringer..."
cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
@@ -191,9 +196,9 @@ CWD="`pwd`"
# Verify
if [ -z "$NODE" ]; then
- echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]"
+ echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|x509|x509-self> <file> <hostname> [outfile]"
echo -e "Options:"
- echo -e "\t gpg|ssh|ssl[-self]: key type."
+ echo -e "\t gpg|ssh|x509[-self]: key type."
echo -e "\t file : base file name for encrypted output (relative to keys folder),"
echo -e "\t without spaces"
echo -e "\t hostname : host for the key pair"
@@ -210,10 +215,10 @@ keyringer_set_tmpfile genpair -d
# Dispatch
echo "Generating $KEYTYPE key for $NODE..."
-if [ "$KEYTYPE" == "ssl-self" ]; then
- genpair_ssl
+if [ "$KEYTYPE" == "ssl-self" ] || [ "$KEYTYPE" == "x509-self" ]; then
+ genkeys_x509
else
- genpair_"$KEYTYPE"
+ genkeys_"$KEYTYPE"
fi
# Cleanup