mkcert - hhvn.uk-scripts - scripts that power hhvn.uk

mkcert (2324B)
      1 #!/bin/rc
      2 
      3 # This script generates and stores DKIM keypair, using the correct user
      4 # It outputs all paths generated in the following order for each algorithm:
      5 #  - privkey
      6 #  - txt record to be used in dns
      7 #
      8 # Example/intended usage:
      9 #  dkimfiles = `$nl{dkim/mkcert <selector>}
     10 #  rsakey    = $dkimfiles(1)
     11 #  rsatxt    = $dkimfiles(2)
     12 #  edkey     = $dkimfiles(3)
     13 #  edtxt     = $dkimfiles(4)
     14 
     15 dir        = /etc/mail/dkim
     16 user       = _dkimsign
     17 selector   = $1
     18 ed         = ed25519
     19 rsaprivkey = $dir/$selector.rsa.priv.key
     20 rsapubkey  = $dir/$selector.rsa.pub.key
     21 rsatxt     = $dir/$selector.rsa.txt
     22 edprivkey  = $dir/$selector.$ed.priv.key
     23 edpubkey   = $dir/$selector.$ed.pub.key
     24 edtxt      = $dir/$selector.$ed.txt
     25 dirperm    = 0775
     26 privperm   = 0660
     27 pubperm    = 0644
     28 
     29 files      = ( $rsaprivkey $rsapubkey $rsatxt \
     30                $edprivkey  $edpubkey  $edtxt  )
     31 
     32 fn err {
     33 	echo $* >[1=2]
     34 }
     35 
     36 fn die {
     37 	err fatal error: $*
     38 	exit 1
     39 }
     40 
     41 fn as {
     42 	doas -u $user $*
     43 }
     44 
     45 fn mustsucceed {
     46 	if (!$*) {
     47 		err fatal error: essential command failed
     48 		cleanupfailed
     49 		exit 1
     50 	}
     51 }
     52 
     53 fn cleanupfailed {
     54 	for (f in $files) {
     55 		as rm $f [2]>/dev/null
     56 	}
     57 }
     58 
     59 if (!~ $#* 1) {
     60 	err 'usage: dkim/mkcert <selector>'
     61 	exit 2
     62 }
     63 
     64 for (f in $files) {
     65 	as test -e $f && die $f already exists
     66 }
     67 
     68 mustsucceed as mkdir -p $dir
     69 
     70 # RSA
     71 mustsucceed as openssl genrsa -out $rsaprivkey
     72 mustsucceed as openssl rsa -in $rsaprivkey -pubout | \
     73 	mustsucceed as tee $rsapubkey >/dev/null
     74 mustsucceed as cat $rsapubkey | \
     75 	mustsucceed as sed '1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\n//g;b nl;' | \
     76 	mustsucceed as sed -E 's/(.{250})(.*)/\1" "\2/' | \
     77 	mustsucceed as tee $rsatxt >/dev/null
     78 
     79 # ED25519
     80 mustsucceed as openssl genpkey -algorithm $ed -out $edprivkey
     81 mustsucceed as openssl pkey -outform DER -pubout -in $edprivkey | \
     82 	mustsucceed tail -c +13 | mustsucceed openssl base64 | \
     83 	mustsucceed as tee $edpubkey >/dev/null
     84 mustsucceed printf 'v=DKIM1;k=%s;p=%s\n' $ed `$nl{mustsucceed as cat $edpubkey} | \
     85 	mustsucceed as tee $edtxt >/dev/null
     86 
     87 mustsucceed as chmod $privperm $rsaprivkey $edprivkey
     88 mustsucceed as chmod $pubperm $rsapubkey $rsatxt $edpubkey $edtxt
     89 mustsucceed as chmod $dirperm $dir
     90 
     91 err 'Paths generated (rsa privkey, rsa dns record, ed25519 privkey, ed25519 dns record):'
     92 echo $rsaprivkey
     93 echo $rsatxt
     94 echo $edprivkey
     95 echo $edtxt
	src.hhvn.uk > hhvn.uk-scripts > file > dkim > mkcert scripts that power hhvn.uk
	Log \| Files \| Refs \| README
src.hhvn.uk > hhvn.uk-scripts > file > dkim > mkcert
