From 1af3c572eedb0eaddcdc5c9c41d98ff59bb7b2c9 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 24 May 2016 17:11:11 +0200
Subject: IPSec: replace (self-signed) X.509 certs by their raw pubkey for
 authentication.

There is no need to bother with X.509 cruft here.
---
 roles/common/files/usr/local/bin/genkeypair.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'roles/common/files')

diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh
index 45e2181..01b279a 100755
--- a/roles/common/files/usr/local/bin/genkeypair.sh
+++ b/roles/common/files/usr/local/bin/genkeypair.sh
@@ -47,6 +47,7 @@ usage() {
 		    x509:       generate a self-signed X.509 server certificate
 		    csr:        generate a Certificate Signing Request
 		    dkim:       generate a private key (to use for DKIM signing)
+		    keypair:    generate a key pair
 
 		Options:
 		    -t type:    key type (default: rsa)
@@ -88,7 +89,7 @@ dkiminfo() {
 [ $# -gt 0 ] || { usage; exit 2; }
 cmd="$1"; shift
 case "$cmd" in
-    x509|csr|dkim) ;;
+    x509|csr|dkim|keypair) ;;
     *) echo "Unrecognized command: $cmd" >&2; exit 2
 esac
 
@@ -201,4 +202,6 @@ elif [ "$cmd" = x509 -o "$cmd" = csr ]; then
         [ "$cmd" = x509 ] && x509=-x509 || x509=
         openssl req -config "$config" -new $x509 ${hash:+-$hash} -days 3650 -key "$privkey" >"$pubkey" || exit 2
     fi
+elif [ "$cmd" = keypair -a "$pubkey" ]; then
+    openssl pkey -pubout <"$privkey" >"$pubkey"
 fi
-- 
cgit v1.2.3