Home Explore Help
Sign In
doctor
/
Cert-Gen-CLI
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Added bits option

Mike Richardson 5 years ago
parent
ffdb7567bb
commit
92bcbd0e81
3 changed files with 16 additions and 9 deletions
Split View Show Diff Stats
  1. 2 2
      cert_gen.py
  2. 3 3
      certs.py
  3. 11 4
      cli.py

+ 2 - 2
cert_gen.py
View File 

@@ -19,10 +19,10 @@ import datetime
 
 #passphrase=b'somethingsecure'
 
 
 
-def gen_cakey():
 
+def gen_cakey(bits):
 
   key = rsa.generate_private_key(
 
      public_exponent=65537,
 
-     key_size=2048,
 
+     key_size=int(bits),
 
      backend=default_backend()
 
   )
 
   return key

+ 3 - 3
certs.py
View File 

@@ -1,18 +1,18 @@
 
 from cert_gen import gen_cakey,build_name,build_csr,build_servercert,build_rootca,output_cert,output_key_encrypted,build_crl
 
 
-def gencerts(c,st,l,o,ou,cn,crldp,passphrase):
 
+def gencerts(c,st,l,o,ou,cn,crldp,passphrase,bits):
 
 
 ## Build Root CA
 
 
   casubject = caissuer = build_name(c,st,l,o,ou,u'Root CA')
 
 
-  cakey = gen_cakey()
 
+  cakey = gen_cakey(bits)
 
 
   cacert = build_rootca(cakey,casubject,caissuer,36500)
 
 
 ## Build CSR
 
 
-  csrkey = gen_cakey()
 
+  csrkey = gen_cakey(bits)
 
 
   csrsubject = build_name(c,st,l,o,ou,cn)

+ 11 - 4
cli.py
View File 

@@ -13,11 +13,12 @@ def main(argv):
 
   crldp=u'http://placeholder/crldp'
 
   passphrase=b'something'
 
   directory=u'/tmp'
 
+  bits=2048
 
   
   try:
 
-    opts, args = getopt.getopt(argv,"c:s:l:o:u:n:r:p:d:")
 
+    opts, args = getopt.getopt(argv,"c:s:l:o:u:n:r:p:d:b:")
 
   except getopt.GetoptError:
 
-    print "cli.py -c <County> -s <State> -l <Location> -o <Organisation> -ou <Organisation Unit> -n <CN> -r <CRLDP> -p <password> -d <Output Directory>"
 
+    print "cli.py -c <County> -s <State> -l <Location> -o <Organisation> -ou <Organisation Unit> -n <CN> -r <CRLDP> -p <password> -d <Output Directory> -b<2048|4096>"
 
     sys.exit(2)
 
   for opt, arg in opts:
 
     if opt == '-c':
 
@@ -38,11 +39,17 @@ def main(argv):
 
       passphrase=arg
 
     if opt == '-d':
 
       directory=unicode(arg, "utf-8")
 
+    if opt == '-b':
 
+      bits=arg
 
 
   if not os.path.exists(directory):
 
     os.makedirs(directory)
 
-    
-  csrsubject, cacert, cakey_enc, csrkey_enc, servercert, csrcert, crlcert = gencerts(c,st,l,o,ou,cn,crldp,passphrase)
 
+
 
+  if not ( ( bits == 2048 ) or ( bits == 4096 ) ):
 
+    print "Bits must be set to 2048 or 4096"
 
+    sys.exit(2)
 
+        
+  csrsubject, cacert, cakey_enc, csrkey_enc, servercert, csrcert, crlcert = gencerts(c,st,l,o,ou,cn,crldp,passphrase,bits)
 
 
   with open (directory + '/rootca.pem','w') as f:
 
     f.write(cacert)