/
keygen-client
executable file
·44 lines (32 loc) · 1.64 KB
/
keygen-client
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/bin/bash
set -e
if [[ $PREFIX_KEY = *"/"* ]]; then
echo "ERROR: Environment variable PREFIX_KEY contains path separators: $PREFIX_KEY"
echo "Example: PREFIX_KEY=\"0001-\" $0"
exit 1
fi
PRIVATE_KEY="private.key"
PUBLIC_KEY="public.key"
FILE_NAME_PRIVATE_KEY="$PREFIX_KEY$PRIVATE_KEY"
FILE_NAME_PUBLIC_KEY="$PREFIX_KEY$PUBLIC_KEY"
# verify openssl is present and sufficiently recent (genpkey seems to require openssl 1.0+)
command -v openssl >/dev/null 2>&1 || { echo >&2 "ERROR: Please install the openssl utility version 1.0.0 or newer to generate keys."; exit 1; }
OPENSSL_VERSION_REGEX_MAJOR_BACKREF="OpenSSL ([0-9]+).*"
OPENSSL_VERSION_STRING=$(openssl version)
OPENSSL_VERSION_MAJOR=$(echo "$OPENSSL_VERSION_STRING" | sed -En "s/$OPENSSL_VERSION_REGEX_MAJOR_BACKREF/\1/p")
if [ "$OPENSSL_VERSION_MAJOR" != "1" ]; then
echo "ERROR: openssl is too old, need version 1.0.0 or newer"
echo "ERROR: OPENSSL_VERSION_STRING=$OPENSSL_VERSION_STRING"
exit 1
fi
CLIENT_KEYS_DIR=$(pwd)/keys-client-generated
mkdir -p "$CLIENT_KEYS_DIR"
cd "$CLIENT_KEYS_DIR"
openssl genpkey -algorithm RSA -out $FILE_NAME_PRIVATE_KEY -pkeyopt rsa_keygen_bits:3072
# convert to RSA private key format
openssl rsa -in $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_PRIVATE_KEY
# extract public key (e.g. for preauthorization)
openssl rsa -in $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_PUBLIC_KEY -pubout
echo "A Mender client keypair has been generated in $CLIENT_KEYS_DIR."
echo "You can use the public key ($FILE_NAME_PUBLIC_KEY) to preauthorize the device in the Mender server."
echo "For more information please see https://docs.mender.io/server-integration/preauthorizing-devices."