55
# Create client key pairs
57
# If the OpenPGP key files do not exist, generate all keys using
59
if ! [ -r /etc/keys/mandos/pubkey.txt \
60
-a -r /etc/keys/mandos/seckey.txt ]; then
62
gpg-connect-agent KILLAGENT /bye || :
66
# If the TLS keys already exists, do nothing
67
if [ -r /etc/keys/mandos/tls-privkey.pem \
68
-a -r /etc/keys/mandos/tls-pubkey.pem ]; then
72
# If this is an upgrade from an old installation, the TLS keys
73
# will not exist; create them.
75
# First try certtool from GnuTLS
76
if ! certtool --generate-privkey --password='' \
77
--outfile /etc/keys/mandos/tls-privkey.pem \
78
--sec-param ultra --key-type=ed25519 --pkcs8 --no-text \
80
# Otherwise try OpenSSL
81
if ! openssl genpkey -algorithm X25519 \
82
-out /etc/keys/mandos/tls-privkey.pem; then
83
rm --force /etc/keys/mandos/tls-privkey.pem
84
# None of the commands succeded; give up
91
# First try certtool from GnuTLS
92
if ! certtool --password='' \
93
--load-privkey=/etc/keys/mandos/tls-privkey.pem \
94
--outfile=/etc/keys/mandos/tls-pubkey.pem --pubkey-info \
95
--no-text 2>/dev/null; then
96
# Otherwise try OpenSSL
97
if ! openssl pkey -in /etc/keys/mandos/tls-privkey.pem \
98
-out /etc/keys/mandos/tls-pubkey.pem -pubout; then
99
rm --force /etc/keys/mandos/tls-pubkey.pem
100
# None of the commands succeded; give up
107
key_id=$(mandos-keygen --passfile=/dev/null \
108
| grep --regexp="^key_id[ =]")
111
db_fset mandos-client/key_id seen false
112
db_reset mandos-client/key_id
113
db_subst mandos-client/key_id key_id $key_id
114
db_input critical mandos-client/key_id || true
53
# Create client key pair
55
if [ -r /etc/keys/mandos/pubkey.txt \
56
-a -r /etc/keys/mandos/seckey.txt ]; then
119
62
create_dh_params(){