diff options
| -rwxr-xr-x | vchat-keygen | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/vchat-keygen b/vchat-keygen index 91fcbba..4163838 100755 --- a/vchat-keygen +++ b/vchat-keygen | |||
| @@ -29,7 +29,8 @@ if [ ! -e $KEYBASE.key ]; then | |||
| 29 | echo "vchat-keygen: generating RSA key $KEYBASE.key" | 29 | echo "vchat-keygen: generating RSA key $KEYBASE.key" |
| 30 | echo "vchat-keygen: please set passphrase for local security" | 30 | echo "vchat-keygen: please set passphrase for local security" |
| 31 | umask 0077 | 31 | umask 0077 |
| 32 | openssl genrsa -des3 -out $KEYBASE.key 4096 | 32 | openssl ecparam -genkey -name secp384r1 | \ |
| 33 | openssl ec -out $KEYBASE.key -aes256 | ||
| 33 | else | 34 | else |
| 34 | echo "vchat-keygen: private key $KEYBASE.key exists" | 35 | echo "vchat-keygen: private key $KEYBASE.key exists" |
| 35 | fi | 36 | fi |
| @@ -40,11 +41,11 @@ fi | |||
| 40 | echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf" | 41 | echo "vchat-keygen: generating config-file for self-signing $KEYBASE.ca.keyconf" |
| 41 | cat >$KEYBASE.ca.keyconf <<EOT | 42 | cat >$KEYBASE.ca.keyconf <<EOT |
| 42 | [ req ] | 43 | [ req ] |
| 43 | default_bits = 4096 | ||
| 44 | default_keyfile = user.key | 44 | default_keyfile = user.key |
| 45 | distinguished_name = req_distinguished_name | 45 | distinguished_name = req_distinguished_name |
| 46 | string_mask = nombstr | 46 | string_mask = nombstr |
| 47 | req_extensions = v3_req | 47 | req_extensions = v3_req |
| 48 | default_md = sha384 | ||
| 48 | [ req_distinguished_name ] | 49 | [ req_distinguished_name ] |
| 49 | commonName = Name | 50 | commonName = Name |
| 50 | commonName_max = 64 | 51 | commonName_max = 64 |
| @@ -57,7 +58,7 @@ EOT | |||
| 57 | fi | 58 | fi |
| 58 | echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr" | 59 | echo "vchat-keygen: generating Certificate Signing Request $KEYBASE.csr" |
| 59 | echo "vchat-keygen: please enter your nickname at the 'Name []:' prompt" | 60 | echo "vchat-keygen: please enter your nickname at the 'Name []:' prompt" |
| 60 | openssl req -new -sha1 -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr | 61 | openssl req -new -sha256 -config $KEYBASE.ca.keyconf -key $KEYBASE.key -out $KEYBASE.csr |
| 61 | echo "vchat-keygen: send this ($KEYBASE.csr) Certificate Signing Request to | 62 | echo "vchat-keygen: send this ($KEYBASE.csr) Certificate Signing Request to |
| 62 | vchat@vchat.berlin.ccc.de to get it signed by the vchat-CA. You will | 63 | vchat@vchat.berlin.ccc.de to get it signed by the vchat-CA. You will |
| 63 | receive your signed Certificate shortly." | 64 | receive your signed Certificate shortly." |