aboutsummaryrefslogtreecommitdiff
path: root/share/keyringer/genpair
diff options
context:
space:
mode:
Diffstat (limited to 'share/keyringer/genpair')
-rwxr-xr-xshare/keyringer/genpair111
1 files changed, 111 insertions, 0 deletions
diff --git a/share/keyringer/genpair b/share/keyringer/genpair
new file mode 100755
index 0000000..ff554cc
--- /dev/null
+++ b/share/keyringer/genpair
@@ -0,0 +1,111 @@
+#!/bin/bash
+#
+# Generate keypairs.
+#
+# This script is just a wrapper to easily generate keys for
+# automated systems.
+#
+
+# Generate a keypair, ssh version
+function genpair_ssh {
+ echo "Make sure that $KEYDIR is atop of an encrypted volume."
+ read -p "Hit ENTER to continue." prompt
+
+ # TODO: programatically enter blank passphrase twice
+ ssh-keygen -t dsa -f $WORK/id_dsa -C "root@$NODE"
+
+ # Encrypt the result
+ cat $WORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE
+ cat $WORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub
+
+ echo "Done"
+}
+
+# Generate a keypair, gpg version
+function genpair_gpg {
+ echo "Make sure that $KEYDIR is atop of an encrypted volume."
+ read -s -p "Enter password for the private key: " passphrase
+
+ # TODO: insert 279 random bytes
+ gpg --homedir $WORK --gen-key --batch <<EOF
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 4096
+ Name-Real: $NODE
+ Name-Comment: backupninja
+ Name-Email: root@$NODE
+ Expire-Date: 0
+ Passphrase: $passphrase
+ %commit
+EOF
+
+ # Encrypt the result
+ gpg --homedir $WORK --export-secret-keys | keyringer_exec encrypt $BASEDIR $FILE
+ gpg --homedir $WORK --export | keyringer_exec encrypt $BASEDIR $FILE.pub
+ echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt $BASEDIR $FILE.passwd
+
+ echo "Done"
+}
+
+# Generate a keypair, ssl version
+function genpair_ssl {
+ echo "Make sure that $KEYDIR is atop of an encrypted volume."
+ read -p "Hit ENTER to continue." prompt
+
+ # Setup
+ cd $WORK
+
+ # Generate certificate
+ $LIB/csr.sh $NODE
+
+ # Self-sign
+ openssl x509 -in $NODE"_csr.pem" -out $NODE.crt -req -signkey $NODE"_privatekey.pem" -days 365
+ chmod 600 $NODE"_privatekey.pem"
+
+ # Encrypt the result
+ cat $NODE"_privatekey.pem" | keyringer_exec encrypt $BASEDIR $FILE.pem
+ cat $NODE"_csr.pem" | keyringer_exec encrypt $BASEDIR $FILE.csr.pem
+ cat $NODE.crt | keyringer_exec encrypt $BASEDIR $FILE.crt
+
+ echo "Done"
+ cd $CWD
+}
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer"
+source $LIB/functions
+
+# Config
+ACTIONS="`dirname $0`"
+BASEDIR="$1"
+KEYDIR="$BASEDIR/keys"
+KEYTYPE="$2"
+FILE="$3"
+NODE="$4"
+BASENAME="`basename $0`"
+CWD="`pwd`"
+
+# Verify
+if [ -z "$NODE" ]; then
+ echo "Usage: $BASENAME <keydir> <gpg|ssh|ssl> <file> <hostname>"
+ exit 1
+elif [ ! -e "$KEYDIR" ]; then
+ echo "Folder not found: $KEYDIR, leaving"
+ exit 1
+fi
+
+# Prepare
+mkdir -p $KEYDIR && chmod 700 $KEYDIR
+WORK="`mktemp -d $KEYDIR/genpair.XXXXXX`"
+if [ "$?" != "0" ]; then
+ echo "Error setting up $WORK"
+ exit 1
+fi
+
+# Dispatch
+genpair_$KEYTYPE
+
+# Cleanup
+cd $CWD
+rm -rf $WORK
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-29 11:35:59 +0000