nano-tetra-modules/Papers/includes/scripts/encryptKeys.sh

116 lines
3.0 KiB
Bash
Raw Normal View History

2017-11-16 05:42:22 +00:00
#!/bin/sh
# Author: sud0nick
# Date: Jan 2016
# Location of SSL keys
ssl_store="/pineapple/modules/Papers/includes/ssl/";
2018-12-29 04:45:33 +00:00
ssh_store="/pineapple/modules/Papers/includes/ssh/";
2017-11-16 05:42:22 +00:00
help() {
echo "Encryption/Export script for OpenSSL certificates";
echo "Usage: ./encryptKeys.sh <opts>";
echo "Use './encryptKeys.sh --examples' to see example commands";
echo '';
echo 'NOTE:';
echo "Current SSL store is at $ssl_store";
echo '';
echo 'Parameters:';
echo '';
echo -e '\t-k:\tName of key to be encrypted';
echo '';
echo 'Encryption Options:';
echo '';
echo -e '\t--encrypt:\tMust be supplied to encrypt keys';
2018-12-29 04:45:33 +00:00
echo -e '\t--ssh:\tThe key to encrypt is in the SSH store';
2017-11-16 05:42:22 +00:00
echo -e '\t-a:\t\tAlgorithm to use for key encryption (aes256, 3des, camellia256, etc)';
echo -e '\t-p:\t\tPassword to use for encryption';
echo '';
echo 'Container Options:';
echo '';
echo -e '\t-c:\tContainer type (pkcs12, pkcs8)';
echo -e '\t-calgo:\tEncyrption algorithm for container. (Default is the value supplied for -a)';
echo -e '\t-cpass:\tPassword for container. (Default is the password supplied for -p)';
echo '';
}
examples() {
echo '';
echo 'Examples:';
echo 'Encrypt private key:';
echo './encryptKeys.sh -k keyName --encrypt -a aes256 -p password';
echo '';
echo 'Export keys to PKCS#12 container:';
echo './encryptKeys.sh -k keyName -c pkcs12 -calgo aes256 -cpass password';
echo '';
echo 'Encrypt private key and export to PKCS#12 container using same algo and pass:';
echo './encryptKeys.sh -k keyName --encrypt -a aes256 -p password -c pkcs12';
echo '';
echo 'Encrypt private key and export to PKCS#12 container using different algo and pass:';
echo './encryptKeys.sh -k keyName --encrypt -a aes256 -p password -c pkcs12 -calgo camellia256 -cpass diffpass';
echo '';
}
if [ "$#" -lt 1 ]; then
help;
exit;
fi
ENCRYPT_KEYS=false;
while [ "$#" -gt 0 ]
do
if [[ "$1" == "--examples" ]]; then
examples;
exit;
fi
if [[ "$1" == "--encrypt" ]]; then
ENCRYPT_KEYS=true;
fi
2018-12-29 04:45:33 +00:00
if [[ "$1" == "--ssh" ]]; then
ssl_store=$ssh_store;
fi
2017-11-16 05:42:22 +00:00
if [[ "$1" == "-a" ]]; then
2018-12-29 04:45:33 +00:00
ALGO="$2";
2017-11-16 05:42:22 +00:00
fi
if [[ "$1" == "-k" ]]; then
KEY="$2";
fi
if [[ "$1" == "-p" ]]; then
PASS="$2";
fi
if [[ "$1" == "-c" ]]; then
CONTAINER="$2";
fi
if [[ "$1" == "-calgo" ]]; then
CALGO="$2";
fi
if [[ "$1" == "-cpass" ]]; then
CPASS="$2";
fi
shift
done;
# Generate a password on the private key
if [ $ENCRYPT_KEYS = true ]; then
2018-01-05 00:36:00 +00:00
openssl rsa -$ALGO -in $ssl_store$KEY.key -out $ssl_store$KEY.key -passout pass:"$PASS";
2017-11-16 05:42:22 +00:00
fi
# If a container type is present but not an algo or pass then use
# the same algo and pass from the private key
if [ -n "$CONTAINER" ]; then
if [ -z "$CALGO" ]; then
CALGO="$ALGO";
fi
if [ -z "$CPASS" ]; then
CPASS="$PASS";
fi
# Generate a container for the public and private keys
2018-01-05 00:36:00 +00:00
openssl $CONTAINER -$CALGO -export -nodes -out $ssl_store$KEY.pfx -inkey $ssl_store$KEY.key -in $ssl_store$KEY.cer -passin pass:"$PASS" -passout pass:"$CPASS";
2017-11-16 05:42:22 +00:00
fi
echo "Complete"