~dricottone/my-utils

ref: a5400e398c7c8f77d09b3e5966789d38f48a47a6 my-utils/crypto/mkkey -rwxr-xr-x 5.3 KiB
a5400e39Dominic Ricottone Starting point for cryptographic utilities 2 years ago 
                                                                                
a5400e39 Dominic Ricottone 












































































































































































































2 years ago












































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

#!/bin/bash

name="mkkey"
version="1.0"
read -r -d '' help_message <<-EOF
	Create a cryptographic keypair
	Usage: mkkey [OPTIONS] [FILE]
	Options:
	 -a ALGO,            algorithm for keypair [rsa, ed25519]
	   --algorithm ALGO
	 -h, --help          print this message and exit
	 -q, --quiet         suppress error messages and prompts
	 --private NAME      private key file name
	 --public NAME       public key file name
	 -t TYPE,            type of keypair [ssh, pgp, ssl]
	   --type TYPE
	 -v, --verbose       show additional messages
	 -V, --version       print version number and exit
EOF

source /usr/local/lib/mylib.bash

positional=()
keytype=
keyalgo=
privkey=
pubkey=
quiet=
verbose=
while [[ $# -gt 0 ]]; do
  case "$1" in

  -a|--algorithm)
    debug_msg "Setting algorithm to '$2' (was ${keyalgo})"
    keyalgo="$2"
    shift; shift
    ;;

  -h|--help)
    help_msg
    shift
    ;;

  -q|--quiet)
    debug_msg "Setting quiet option to 1 (was ${quiet})"
    quiet=1
    shift
    ;;

  --private)
    debug_msg "Setting private key file name to '$2' (was ${privkey})"
    privkey="$2"
    shift; shift
    ;;

  --public)
    debug_msg "Setting public key file name to '$2' (was ${pubkey})"
    pubkey="$2"
    shift; shift
    ;;

  -t|--type)
    debug_msg "Setting type to '$2' (was ${keytype})"
    keytype="$2"
    shift; shift
    ;;

  -v|--verbose)
    debug_msg "Setting verbose option to 1 (was ${verbose})"
    verbose=1
    shift
    ;;

  -V|--version)
    version_msg
    ;;

  *)
    debug_msg "Argument '${1}' added to positional array"
    positional+=("$1")
    shift
    ;;
  esac
done

# handle output files
# NOTE: individual key types have additional requirements for output files
if [[ ${#positional[@]} -gt 0 ]] && [[ -z "$privkey" ]]; then
  debug_msg "Moving a positional argument into private key file name option"
  privkey="${positional[0]}"
  positional=("${positional[@]:1}")
fi
if [[ "$privkey" = "$pubkey" ]]; then
  error_msg "expected different file names for public and private key"
fi

try_openssh() {
  # if pubkey filename is specified, check if it complies with ssh-keygen
  if [[ ! -z "$pubkey" ]] && [[ "$pubkey" != "${privkey}.pub" ]]; then
    if [[ -z "$privkey" ]]; then
      privkey="$(/usr/bin/basename "$pubkey" ".pub")"
      if [[ "$privkey" = "$pubkey" ]]; then
        error_msg "public key must be written to a file named like the private key"
      fi
    else
      error_msg "public key must be written to a file named like the private key"
    fi
  fi

  # if privkey filename is not specified, use defaults
  if [[ -z "$privkey" ]]; then
    if [[ "$keyalgo" = "rsa" ]]; then
      privkey="${HOME}/.ssh/id_rsa"
      debug_msg "Default file for private RSA key is '${privkey}'"
      pubkey="${privkey}.pub"
      debug_msg "Default file for public RSA key is '${pubkey}'"
    elif [[ "$keyalgo" = "ed25519" ]]; then
      privkey="${HOME}/.ssh/id_ed25519"
      debug_msg "Default file for private Ed25519 key is '${privkey}'"
      pubkey="${privkey}.pub"
      debug_msg "Default file for public Ed25519 key is '${pubkey}'"
    else
      error_msg "key algorithm '${keyalgo}' not implemented"
    fi
  fi

  # check if keypair files already exist
  if [[ -f "$privkey" ]]; then
    error_msg "file '${privkey}' already exists"
  elif [[ -f "${pubkey}" ]]; then
    error_msg "file '${pubkey}' already exists"
  fi

  # make keypair
  if [[ "$keyalgo" = "rsa" ]]; then
    if ! /usr/bin/ssh-keygen -t rsa -b 4096 -f "$privkey"; then
      error_msg "failed to generate RSA keypair"
    fi
  elif [[ "$keyalgo" = "ed25519" ]]; then
    if ! /usr/bin/ssh-keygen -t ed25519 -f "$privkey"; then
      error_msg "failed to generate Ed25519 keypair"
    fi
  else
    error_msg "key algorithm '${keyalgo}' not implemented"
  fi
}

try_openpgp() {
  :
}

try_openssl() {
  # if privkey filename is not specified, try basename of pubkey
  if [[ -z "$privkey" ]]; then
    if [[ -z "$pubkey" ]]; then
      error_msg "expected private key file name"
    else
      privkey="$(/usr/bin/basename "$pubkey" ".pub")"
      if [[ "$privkey" = "$pubkey" ]]; then
        error_msg "expected private key file name"
      fi
    fi
  fi

  # if pubkey filename is not specified, use privkey as basename
  if [[ -z "$pubkey" ]] && [[ ! -z "$privkey" ]]; then
    pubkey="${privkey}.pub"
  fi

  # check if keypair files already exist
  if [[ -f "$privkey" ]]; then
    error_msg "file '${privkey}' already exists"
  elif [[ -f "${pubkey}" ]]; then
    error_msg "file '${pubkey}' already exists"
  fi

  # make keypair
  if [[ "$keyalgo" = "rsa" ]]; then
    if ! /usr/bin/openssl genrsa -out "$privkey" 4096; then
      error_msg "failed to generate RSA keypair"
    elif ! /usr/bin/openssl rsa -in "$privkey" -pubout -out "$pubkey"; then
      error_msg "failed to generate RSA public key"
    fi
  elif [[ "$keyalgo" = "ed25519" ]]; then
    if ! /usr/bin/openssl genpkey -algorithm Ed25519 -out "$privkey"; then
      error_msg "failed to generate Ed25519 keypair"
    elif ! /usr/bin/openssl pkey -in "$privkey" -pubout -out "$pubkey"; then
      error_msg "failed to generate Ed25519 public key"
    fi
  else
    error_msg "key algorithm '${keyalgo}' not implemented"
  fi
}

if [[ "$keytype" = "ssh" ]]; then
  try_openssh
elif [[ "$keytype" = "pgp" ]]; then
  try_openpgp
elif [[ "$keytype" = "ssl" ]]; then
  try_openssl
else
  error_msg "key type '${keytype}' not implemented"
fi