gen-ec-cert: make encryption optional

utils/gen-ec-cert.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 usage()
 {
-	printf "Usage: %s [-c curve] [-d days] domain\n" "${0##*/}" >&2
+	printf "Usage: %s [-e] [-c curve] [-d days] domain\n" "${0##*/}" >&2
 	exit 1
 }
 
@@ -12,13 +12,16 @@ tonumber()
 
 curve=secp384r1
 days=3650
-while getopts c:d: flag; do
+encrypt=
+while getopts c:d:e flag; do
 	case $flag in
 	c)	[ -n "$OPTARG" ] || usage
 		curve=$OPTARG
 		;;
 	d)	days=$(tonumber "$OPTARG") || usage
 		;;
+	e)	encrypt=yes
+		;;
 	*)	usage
 		;;
 	esac
@@ -31,7 +34,7 @@ if [ -f "$domain.key" ]; then
 	printf "%s: key for %s already exists; reusing it.\n" \
 	    "${0##*/}" "$domain" >&2
 else
-	(umask 077 && openssl genpkey -aes256 \
+	(umask 077 && openssl genpkey ${encrypt:+-aes256} \
 	    -algorithm ec -pkeyopt ec_paramgen_curve:"$curve" \
 	    -out "$domain.key")
 	if [ $? -ne 0 ] || [ ! -s "$domain.key" ]; then