tangd-keygen.in 1.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. #!/bin/sh
  2. # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
  3. #
  4. # Copyright (c) 2016 Red Hat, Inc.
  5. # Author: Nathaniel McCallum <npmccallum@redhat.com>
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU General Public License as published by
  9. # the Free Software Foundation, either version 3 of the License, or
  10. # (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. set -e
  21. usage() {
  22. echo "Usage: $0 <jwkdir> [<sig> <exc>]" >&2
  23. exit 1
  24. }
  25. set_perms() {
  26. chmod -- 0440 "${1}"
  27. if ! chown -- @user@:@group@ "${1}" 2>/dev/null; then
  28. echo "Unable to change owner/group for ${1} to @user@:@group@" >&2
  29. fi
  30. }
  31. [ $# -ne 1 ] && [ $# -ne 3 ] && usage
  32. [ -d "$1" ] || usage
  33. [ $# -eq 3 ] && sig=$2 && exc=$3
  34. THP_DEFAULT_HASH=S256 # SHA-256.
  35. # Set default umask for file creation.
  36. umask 0337
  37. jwe=$(jose jwk gen -i '{"alg":"ES512"}')
  38. [ -z "$sig" ] && sig=$(echo "$jwe" | jose jwk thp -i- -a "${THP_DEFAULT_HASH}")
  39. echo "$jwe" > "$1/$sig.jwk"
  40. set_perms "$1/$sig.jwk"
  41. jwe=$(jose jwk gen -i '{"alg":"ECMR"}')
  42. [ -z "$exc" ] && exc=$(echo "$jwe" | jose jwk thp -i- -a "${THP_DEFAULT_HASH}")
  43. echo "$jwe" > "$1/$exc.jwk"
  44. set_perms "$1/$exc.jwk"