blob: 70d9936c208872f3088e8e90c1f9b9b5b31635f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
#!/usr/bin/env bash
#
# Generate a Client Authorization keypair.
#
# Based on https://community.torproject.org/onion-services/advanced/client-auth/
# See also https://gist.github.com/mtigas/9c2386adf65345be34045dace134140b
#
# Copyright (C) 2023 Silvio Rhatto <rhatto@riseup.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License,
# or any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Parameters
BASENAME="`basename $0`"
ONION_AUTH_BASEDIR="$HOME/.tor/clientauthkeys"
KEY_PREFIX="${1}"
GENERATED_KEY="$ONION_AUTH_BASEDIR/$KEY_PREFIX.priv.pem"
PRIVATE_KEY="$ONION_AUTH_BASEDIR/$KEY_PREFIX.priv"
PUBLIC_KEY="$ONION_AUTH_BASEDIR/$KEY_PREFIX.pub"
AUTH_FILE="$ONION_AUTH_BASEDIR/$KEY_PREFIX.auth"
# Ensuse the auth keys folder exists
mkdir -p $ONION_AUTH_BASEDIR || exit 1
chmod 700 $ONION_AUTH_BASEDIR || exit 1
# Syntax
if [ -z "$KEY_PREFIX" ]; then
echo "usage: $BASENAME <key-prefix>"
exit 1
fi
# Key checks
if [ -e "$ONION_AUTH_BASEDIR/$AUTH_FILE" ]; then
echo "$BASENAME: key $AUTH_FILE already exists"
exit 1
fi
# Tool checks
for tool in openssl base64pem base32; do
if ! which $tool &> /dev/null; then
echo "Cannot find $tool too, aborting."
exit 1
fi
done
# Ensure files exists with the proper permissions
touch $GENERATED_KEY $PRIVATE_KEY $PUBLIC_KEY $AUTH_FILE
chmod 600 $GENERATED_KEY $PRIVATE_KEY $PUBLIC_KEY $AUTH_FILE
# Generate the private keypair
openssl genpkey -algorithm x25519 -out $GENERATED_KEY
# Write the private key in a separate file
cat $GENERATED_KEY | \
grep -v " PRIVATE KEY" | \
base64pem -d | \
tail --bytes=32 | \
base32 | \
sed 's/=//g' > $PRIVATE_KEY
# Write the public key in a separate file
cat $GENERATED_KEY | \
openssl pkey -in $GENERATED_KEY -pubout | \
grep -v " PUBLIC KEY" | \
base64pem -d | \
tail --bytes=32 | \
base32 | \
sed 's/=//g' > $PUBLIC_KEY
# Write the public key in Tor's Client Authorization format
echo "descriptor:x25519:`cat $PUBLIC_KEY`" > $AUTH_FILE
|