From f53179091a56c1720c81e4f76134893d649fe0fb Mon Sep 17 00:00:00 2001
From: Lucas <lucas@domain.invalid>
Date: Fri, 14 Feb 2020 02:02:22 +0000
Subject: [PATCH] gen-ec-cert: make encryption optional

---
 utils/gen-ec-cert.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/utils/gen-ec-cert.sh b/utils/gen-ec-cert.sh
index 4440af6..39a925f 100644
--- a/utils/gen-ec-cert.sh
+++ b/utils/gen-ec-cert.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 usage()
 {
-	printf "Usage: %s [-c curve] [-d days] domain\n" "${0##*/}" >&2
+	printf "Usage: %s [-e] [-c curve] [-d days] domain\n" "${0##*/}" >&2
 	exit 1
 }
 
@@ -12,13 +12,16 @@ tonumber()
 
 curve=secp384r1
 days=3650
-while getopts c:d: flag; do
+encrypt=
+while getopts c:d:e flag; do
 	case $flag in
 	c)	[ -n "$OPTARG" ] || usage
 		curve=$OPTARG
 		;;
 	d)	days=$(tonumber "$OPTARG") || usage
 		;;
+	e)	encrypt=yes
+		;;
 	*)	usage
 		;;
 	esac
@@ -31,7 +34,7 @@ if [ -f "$domain.key" ]; then
 	printf "%s: key for %s already exists; reusing it.\n" \
 	    "${0##*/}" "$domain" >&2
 else
-	(umask 077 && openssl genpkey -aes256 \
+	(umask 077 && openssl genpkey ${encrypt:+-aes256} \
 	    -algorithm ec -pkeyopt ec_paramgen_curve:"$curve" \
 	    -out "$domain.key")
 	if [ $? -ne 0 ] || [ ! -s "$domain.key" ]; then