53
# Create client key pairs
55
# If the OpenPGP key files do not exist, generate all keys using
57
if ! [ -r /etc/keys/mandos/pubkey.txt \
58
-a -r /etc/keys/mandos/seckey.txt ]; then
60
gpg-connect-agent KILLAGENT /bye || :
64
# If the TLS keys already exists, do nothing
65
if [ -r /etc/keys/mandos/tls-privkey.pem \
66
-a -r /etc/keys/mandos/tls-pubkey.pem ]; then
70
# If this is an upgrade from an old installation, the TLS keys
71
# will not exist; create them.
73
# First try certtool from GnuTLS
74
if ! certtool --generate-privkey --password='' \
75
--outfile /etc/keys/mandos/tls-privkey.pem \
76
--sec-param ultra --key-type=ed25519 --pkcs8 --no-text \
78
# Otherwise try OpenSSL
79
if ! openssl genpkey -algorithm X25519 \
80
-out /etc/keys/mandos/tls-privkey.pem; then
81
rm --force /etc/keys/mandos/tls-privkey.pem
82
# None of the commands succeded; give up
89
# First try certtool from GnuTLS
90
if ! certtool --password='' \
91
--load-privkey=/etc/keys/mandos/tls-privkey.pem \
92
--outfile=/etc/keys/mandos/tls-pubkey.pem --pubkey-info \
93
--no-text 2>/dev/null; then
94
# Otherwise try OpenSSL
95
if ! openssl pkey -in /etc/keys/mandos/tls-privkey.pem \
96
-out /etc/keys/mandos/tls-pubkey.pem -pubout; then
97
rm --force /etc/keys/mandos/tls-pubkey.pem
98
# None of the commands succeded; give up
53
# Create client key pair
55
if [ -r /etc/keys/mandos/pubkey.txt \
56
-a -r /etc/keys/mandos/seckey.txt ]; then
60
gpg-connect-agent KILLAGENT /bye || :
106
63
create_dh_params(){