From db98b73ff2f1fcb5f971140c895dccab7951054f Mon Sep 17 00:00:00 2001
From: Lucas <lucas@domain.invalid>
Date: Fri, 3 Dec 2021 18:24:25 +0000
Subject: [PATCH] Add script for OpenIKED ECDSA keys generation

---
 utils/scripts/create-iked-ecdsa.sh | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 utils/scripts/create-iked-ecdsa.sh

diff --git a/utils/scripts/create-iked-ecdsa.sh b/utils/scripts/create-iked-ecdsa.sh
new file mode 100644
index 0000000..29d198a
--- /dev/null
+++ b/utils/scripts/create-iked-ecdsa.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+# env
+# Written in 2021 by Lucas
+# CC0 1.0 Universal/Public domain - No rights reserved
+#
+# To the extent possible under law, the author(s) have dedicated all
+# copyright and related and neighboring rights to this software to the
+# public domain worldwide. This software is distributed without any
+# warranty. You should have received a copy of the CC0 Public Domain
+# Dedication along with this software. If not, see
+# <http://creativecommons.org/publicdomain/zero/1.0/>.
+
+if [ X"$(id -nu)" != Xroot ]; then
+	printf "%s: needs root\n" "${0##*/}" >&2
+	exit 1
+fi
+
+iked_key=/etc/iked/private/local.key
+iked_pub=/etc/iked/local.pub
+
+openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:secp384r1 |
+    (umask 077 && tee "$iked_key") |
+    openssl pkey -pubout -out "$iked_pub"