Add script for OpenIKED ECDSA keys generation

2021-12-03 18:24:25 +00:00 · 2021-12-03 18:24:25 +00:00 · db98b73ff2
parent e82506d113
commit db98b73ff2
1 changed files with 23 additions and 0 deletions
--- a/utils/scripts/create-iked-ecdsa.sh
+++ b/utils/scripts/create-iked-ecdsa.sh
@ -0,0 +1,23 @@
+#!/bin/sh
+# env
+# Written in 2021 by Lucas
+# CC0 1.0 Universal/Public domain - No rights reserved
+#
+# To the extent possible under law, the author(s) have dedicated all
+# copyright and related and neighboring rights to this software to the
+# public domain worldwide. This software is distributed without any
+# warranty. You should have received a copy of the CC0 Public Domain
+# Dedication along with this software. If not, see
+# <http://creativecommons.org/publicdomain/zero/1.0/>.
+
+if [ X"$(id -nu)" != Xroot ]; then
+	printf "%s: needs root\n" "${0##*/}" >&2
+	exit 1
+fi
+
+iked_key=/etc/iked/private/local.key
+iked_pub=/etc/iked/local.pub
+
+openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:secp384r1 |
+    (umask 077 && tee "$iked_key") |
+    openssl pkey -pubout -out "$iked_pub"