Skip to content

Commit fdb413c

Browse files
add support for ECC keys in setup-cks-latest (#20)
1 parent 5771281 commit fdb413c

1 file changed

Lines changed: 60 additions & 11 deletions

File tree

setup-cks-latest.sh

Lines changed: 60 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,24 @@ prompt () {
3333
done
3434
}
3535

36+
# ECC vs RSA Prompt
37+
promptRsa () {
38+
while true; do
39+
read -p "Enter Key Type [RSA/ECC] (default RSA): " kt
40+
# Default to RSA if input is empty
41+
if [[ -z "$kt" ]]; then
42+
return 0
43+
fi
44+
45+
# Check user input
46+
case $kt in
47+
[Rr][Ss][Aa]* ) return 0;;
48+
[Ee][Cc][Cc]* ) return 1;;
49+
* ) echo "Please answer RSA or ECC.";;
50+
esac
51+
done
52+
}
53+
3654
# Create Directory (prompt if exists to overwrite)
3755
mkdirCheck () {
3856
if [ -d "$1" ]; then
@@ -108,16 +126,43 @@ openssl req -x509 -newkey rsa:2048 -nodes -keyout ./ssl/${CKS_FQDN}.key -out ./s
108126
cat ./ssl/${CKS_FQDN}.key `find ./ssl/ -type f \( -name "${CKS_FQDN}*.csr" -or -name "${CKS_FQDN}*.crt" \)` `find ./ssl/ -type f \( ! -name "${CKS_FQDN}*" -and ! -name "ssl.pem" \)` > ./ssl/ssl.pem
109127
chmod 644 ./ssl/${CKS_FQDN}.key
110128

111-
# Generate RSA Key Pair
112-
openssl genrsa -out ./keys/rsa_001.pem 2048
113-
openssl rsa -in ./keys/rsa_001.pem -outform PEM -pubout -out ./keys/rsa_001.pub
114-
115-
FINGERPRINT=$(openssl rsa -in ./keys/rsa_001.pub -pubin -outform der | openssl dgst -sha256 -binary | base64)
116-
FINGERPRINT=$(echo ${FINGERPRINT//[+]/-})
117-
FINGERPRINT=$(echo ${FINGERPRINT//[\/]/_})
118-
FINGERPRINT=$(echo ${FINGERPRINT//[=]/''})
119-
chmod 644 ./keys/rsa_001.pem
120-
chmod 644 ./keys/rsa_001.pub
129+
# Generate ECC or RSA key pair based on user input
130+
if promptRsa; then
131+
KEY_TYPE="RSA"
132+
133+
# Set Key Path for RSA
134+
PRIV_KEY_PATH="./keys/rsa_001.pem"
135+
PUB_KEY_PATH="./keys/rsa_001.pub"
136+
# Generate RSA Key Pair
137+
openssl genrsa -out $PRIV_KEY_PATH 2048
138+
openssl rsa -in $PRIV_KEY_PATH -outform PEM -pubout -out $PUB_KEY_PATH
139+
140+
FINGERPRINT=$(openssl rsa -in $PUB_KEY_PATH -pubin -outform der | openssl dgst -sha256 -binary | base64)
141+
FINGERPRINT=$(echo ${FINGERPRINT//[+]/-})
142+
FINGERPRINT=$(echo ${FINGERPRINT//[\/]/_})
143+
FINGERPRINT=$(echo ${FINGERPRINT//[=]/''})
144+
145+
chmod 644 $PRIV_KEY_PATH
146+
chmod 644 $PUB_KEY_PATH
147+
else
148+
KEY_TYPE="ECC"
149+
150+
# Set Key Path for ECC
151+
PRIV_KEY_PATH="./keys/ecc_p256_001.pem"
152+
PUB_KEY_PATH="./keys/ecc_p256_001.pub"
153+
154+
# Generate an ECC Key Pair
155+
openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -out $PRIV_KEY_PATH
156+
openssl ec -in $PRIV_KEY_PATH -pubout -out $PUB_KEY_PATH
157+
158+
FINGERPRINT=$(openssl ec -in $PUB_KEY_PATH -pubin -outform der | openssl dgst -sha256 -binary | base64)
159+
FINGERPRINT=$(echo ${FINGERPRINT//[+]/-})
160+
FINGERPRINT=$(echo ${FINGERPRINT//[\/]/_})
161+
FINGERPRINT=$(echo ${FINGERPRINT//[=]/''})
162+
163+
chmod 644 $PRIV_KEY_PATH
164+
chmod 644 $PUB_KEY_PATH
165+
fi
121166

122167
SECRET_B64_FINAL=""
123168
TOKEN_ID=""
@@ -194,7 +239,11 @@ if [ "$HMAC_AUTH_ENABLED" = true ]; then
194239
echo "$TOKEN_INFO" >> ./cks_info/token_info.json
195240
fi
196241

197-
cp ./keys/rsa_001.pub ./cks_info/rsa_001.pub
242+
if [ "$KEY_TYPE" = "ECC" ]; then
243+
cp $PUB_KEY_PATH ./cks_info/ecc_p256_001.pub
244+
else
245+
cp $PUB_KEY_PATH ./cks_info/rsa_001.pub
246+
fi
198247

199248
tar -zcvf send_to_virtru.tar.gz ./cks_info
200249

0 commit comments

Comments
 (0)