@@ -33,6 +33,24 @@ prompt () {
3333 done
3434}
3535
36+ # ECC vs RSA Prompt
37+ promptRsa () {
38+ while true ; do
39+ read -p " Enter Key Type [RSA/ECC] (default RSA): " kt
40+ # Default to RSA if input is empty
41+ if [[ -z " $kt " ]]; then
42+ return 0
43+ fi
44+
45+ # Check user input
46+ case $kt in
47+ [Rr][Ss][Aa]* ) return 0;;
48+ [Ee][Cc][Cc]* ) return 1;;
49+ * ) echo " Please answer RSA or ECC." ;;
50+ esac
51+ done
52+ }
53+
3654# Create Directory (prompt if exists to overwrite)
3755mkdirCheck () {
3856 if [ -d " $1 " ]; then
@@ -108,16 +126,43 @@ openssl req -x509 -newkey rsa:2048 -nodes -keyout ./ssl/${CKS_FQDN}.key -out ./s
108126cat ./ssl/${CKS_FQDN} .key ` find ./ssl/ -type f \( -name " ${CKS_FQDN} *.csr" -or -name " ${CKS_FQDN} *.crt" \) ` ` find ./ssl/ -type f \( ! -name " ${CKS_FQDN} *" -and ! -name " ssl.pem" \) ` > ./ssl/ssl.pem
109127chmod 644 ./ssl/${CKS_FQDN} .key
110128
111- # Generate RSA Key Pair
112- openssl genrsa -out ./keys/rsa_001.pem 2048
113- openssl rsa -in ./keys/rsa_001.pem -outform PEM -pubout -out ./keys/rsa_001.pub
114-
115- FINGERPRINT=$( openssl rsa -in ./keys/rsa_001.pub -pubin -outform der | openssl dgst -sha256 -binary | base64)
116- FINGERPRINT=$( echo ${FINGERPRINT// [+]/ -} )
117- FINGERPRINT=$( echo ${FINGERPRINT// [\/]/ _} )
118- FINGERPRINT=$( echo ${FINGERPRINT// [=]/ ' ' } )
119- chmod 644 ./keys/rsa_001.pem
120- chmod 644 ./keys/rsa_001.pub
129+ # Generate ECC or RSA key pair based on user input
130+ if promptRsa; then
131+ KEY_TYPE=" RSA"
132+
133+ # Set Key Path for RSA
134+ PRIV_KEY_PATH=" ./keys/rsa_001.pem"
135+ PUB_KEY_PATH=" ./keys/rsa_001.pub"
136+ # Generate RSA Key Pair
137+ openssl genrsa -out $PRIV_KEY_PATH 2048
138+ openssl rsa -in $PRIV_KEY_PATH -outform PEM -pubout -out $PUB_KEY_PATH
139+
140+ FINGERPRINT=$( openssl rsa -in $PUB_KEY_PATH -pubin -outform der | openssl dgst -sha256 -binary | base64)
141+ FINGERPRINT=$( echo ${FINGERPRINT// [+]/ -} )
142+ FINGERPRINT=$( echo ${FINGERPRINT// [\/]/ _} )
143+ FINGERPRINT=$( echo ${FINGERPRINT// [=]/ ' ' } )
144+
145+ chmod 644 $PRIV_KEY_PATH
146+ chmod 644 $PUB_KEY_PATH
147+ else
148+ KEY_TYPE=" ECC"
149+
150+ # Set Key Path for ECC
151+ PRIV_KEY_PATH=" ./keys/ecc_p256_001.pem"
152+ PUB_KEY_PATH=" ./keys/ecc_p256_001.pub"
153+
154+ # Generate an ECC Key Pair
155+ openssl ecparam -name prime256v1 -genkey -noout | openssl pkcs8 -topk8 -nocrypt -out $PRIV_KEY_PATH
156+ openssl ec -in $PRIV_KEY_PATH -pubout -out $PUB_KEY_PATH
157+
158+ FINGERPRINT=$( openssl ec -in $PUB_KEY_PATH -pubin -outform der | openssl dgst -sha256 -binary | base64)
159+ FINGERPRINT=$( echo ${FINGERPRINT// [+]/ -} )
160+ FINGERPRINT=$( echo ${FINGERPRINT// [\/]/ _} )
161+ FINGERPRINT=$( echo ${FINGERPRINT// [=]/ ' ' } )
162+
163+ chmod 644 $PRIV_KEY_PATH
164+ chmod 644 $PUB_KEY_PATH
165+ fi
121166
122167SECRET_B64_FINAL=" "
123168TOKEN_ID=" "
@@ -194,7 +239,11 @@ if [ "$HMAC_AUTH_ENABLED" = true ]; then
194239 echo " $TOKEN_INFO " >> ./cks_info/token_info.json
195240fi
196241
197- cp ./keys/rsa_001.pub ./cks_info/rsa_001.pub
242+ if [ " $KEY_TYPE " = " ECC" ]; then
243+ cp $PUB_KEY_PATH ./cks_info/ecc_p256_001.pub
244+ else
245+ cp $PUB_KEY_PATH ./cks_info/rsa_001.pub
246+ fi
198247
199248tar -zcvf send_to_virtru.tar.gz ./cks_info
200249
0 commit comments