1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#! /bin/bash
#
# Compability script to create double encrypted key with 'openssl'.
# * NOTE * Should not be used for new installs
#
# Written by Markus Nass <generalstone@gmx.net>
# Modified by David Härdeman <david@hardeman.nu>
set -e
if [ ! -x /usr/bin/openssl ]; then
echo "Please install the 'openssl' package."
exit 1
fi
if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage: $0 <key> [<dsaparam>]"
exit 1
fi
echo "*NOTE* This key setup should NOT be used for new installs *NOTE*"
echo -n "Are you sure you want to continue? (y/n): "
read -n1 REPLY
echo
if [ "$REPLY" != "y" ]; then
exit 1
fi
if [ -n "$2" ]; then
DSAPARAM="$2"
else
DSAPARAM=$(tempfile)
RAND=$(tempfile)
dd if=/dev/urandom of="$RAND" bs=1M count=4
openssl dsaparam -out "$DSAPARAM" -rand "$RAND" 4096
rm -f "$RAND"
fi
rc=1
DSAKEY=$(tempfile)
RAND=$(tempfile)
dd if=/dev/urandom of="$RAND" bs=1M count=4
if openssl gendsa -aes256 -out "$DSAKEY" -rand "$RAND" "$DSAPARAM" && \
openssl enc -aes256 -e -salt -in "$DSAKEY" -out "$1"; then
rc=0
fi
rm -f "$RAND"
rm -f "$DSAKEY"
if [ -z "$2" ]; then
rm -f "$DSAPARAM"
fi
exit $rc
|
