-
Notifications
You must be signed in to change notification settings - Fork 9
/
gen-x509-key.sh
executable file
·38 lines (38 loc) · 1.15 KB
/
gen-x509-key.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#! /bin/bash -e
echo Generating X.509 key generation config
{
echo "[ req ]"
echo "default_bits = 4096"
echo "distinguished_name = req_distinguished_name"
echo "prompt = no"
echo "string_mask = utf8only"
echo "x509_extensions = myexts"
echo
echo "[ req_distinguished_name ]"
echo "#O = Unspecified company"
echo "CN = Build time autogenerated kernel key"
echo "#emailAddress = [email protected]"
echo
echo "[ myexts ]"
echo "basicConstraints=critical,CA:FALSE"
echo "keyUsage=digitalSignature"
echo "subjectKeyIdentifier=hash"
echo "authorityKeyIdentifier=keyid"
} > /tmp/x509.genkey
echo "###"
echo "### Now generating an X.509 key pair to be used for signing modules."
echo "###"
echo "### If this takes a long time, you might wish to run rngd in the"
echo "### background to keep the supply of entropy topped up. It"
echo "### needs to be run as root, and uses a hardware random"
echo "### number generator if one is available."
echo "###"
echo "###"
echo "### Key pair generated."
echo "###"
rm -f $1
openssl req -new -nodes -utf8 -"$1" -days 36500 \
-batch -x509 -config /tmp/x509.genkey \
-outform PEM -out "$2" \
-keyout "$2"
rm /tmp/x509.genkey