feat(curves): add secp256k1 option (#315)
This commit is contained in:
Sidd
GitHub
parent
a3e6652d6d
commit
8d5bb43aed
|
|
@ -211,7 +211,7 @@ OpenVPN 2.4 added support for ECDSA. Elliptic curve cryptography is faster, ligh
|
||||||
|
|
||||||
This script provides:
|
This script provides:
|
||||||
|
|
||||||
- ECDSA: `prime256v1`/`secp384r1`/`secp521r1` curves
|
- ECDSA: `prime256v1`/`secp256k1`/`secp384r1`/`secp521r1` curves
|
||||||
- RSA: `2048`/`3072`/`4096` bits keys
|
- RSA: `2048`/`3072`/`4096` bits keys
|
||||||
|
|
||||||
It defaults to ECDSA with `prime256v1`.
|
It defaults to ECDSA with `prime256v1`.
|
||||||
|
|
@ -276,7 +276,7 @@ Also, generating a classic DH keys can take a long, looong time. ECDH keys are e
|
||||||
|
|
||||||
The script provides the following options:
|
The script provides the following options:
|
||||||
|
|
||||||
- ECDH: `prime256v1`/`secp384r1`/`secp521r1` curves
|
- ECDH: `prime256v1`/`secp256k1`/`secp384r1`/`secp521r1` curves
|
||||||
- DH: `2048`/`3072`/`4096` bits keys
|
- DH: `2048`/`3072`/`4096` bits keys
|
||||||
|
|
||||||
It defaults to `prime256v1`.
|
It defaults to `prime256v1`.
|
||||||
|
|
|
||||||
|
|
@ -416,19 +416,23 @@ function installQuestions () {
|
||||||
echo ""
|
echo ""
|
||||||
echo "Choose which curve you want to use for the certificate's key:"
|
echo "Choose which curve you want to use for the certificate's key:"
|
||||||
echo " 1) prime256v1 (recommended)"
|
echo " 1) prime256v1 (recommended)"
|
||||||
echo " 2) secp384r1"
|
echo " 2) secp256k1"
|
||||||
echo " 3) secp521r1"
|
echo " 3) secp384r1"
|
||||||
until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do
|
echo " 4) secp521r1"
|
||||||
read -rp"Curve [1-3]: " -e -i 1 CERT_CURVE_CHOICE
|
until [[ $CERT_CURVE_CHOICE =~ ^[1-4]$ ]]; do
|
||||||
|
read -rp"Curve [1-4]: " -e -i 1 CERT_CURVE_CHOICE
|
||||||
done
|
done
|
||||||
case $CERT_CURVE_CHOICE in
|
case $CERT_CURVE_CHOICE in
|
||||||
1)
|
1)
|
||||||
CERT_CURVE="prime256v1"
|
CERT_CURVE="prime256v1"
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
CERT_CURVE="secp384r1"
|
CERT_CURVE="secp256k1"
|
||||||
;;
|
;;
|
||||||
3)
|
3)
|
||||||
|
CERT_CURVE="secp384r1"
|
||||||
|
;;
|
||||||
|
4)
|
||||||
CERT_CURVE="secp521r1"
|
CERT_CURVE="secp521r1"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
@ -501,19 +505,23 @@ function installQuestions () {
|
||||||
echo ""
|
echo ""
|
||||||
echo "Choose which curve you want to use for the ECDH key:"
|
echo "Choose which curve you want to use for the ECDH key:"
|
||||||
echo " 1) prime256v1 (recommended)"
|
echo " 1) prime256v1 (recommended)"
|
||||||
echo " 2) secp384r1"
|
echo " 2) secp256k1"
|
||||||
echo " 3) secp521r1"
|
echo " 3) secp384r1"
|
||||||
while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do
|
echo " 4) secp521r1"
|
||||||
read -rp"Curve [1-3]: " -e -i 1 DH_CURVE_CHOICE
|
until [[ $DH_CURVE_CHOICE =~ ^[1-4]$ ]]; do
|
||||||
|
read -rp"Curve [1-4]: " -e -i 1 DH_CURVE_CHOICE
|
||||||
done
|
done
|
||||||
case $DH_CURVE_CHOICE in
|
case $DH_CURVE_CHOICE in
|
||||||
1)
|
1)
|
||||||
DH_CURVE="prime256v1"
|
DH_CURVE="prime256v1"
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
DH_CURVE="secp384r1"
|
DH_CURVE="secp256k1"
|
||||||
;;
|
;;
|
||||||
3)
|
3)
|
||||||
|
DH_CURVE="secp384r1"
|
||||||
|
;;
|
||||||
|
4)
|
||||||
DH_CURVE="secp521r1"
|
DH_CURVE="secp521r1"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue