#!/bin/bash
# Generates a RSA private key protected by a passphrase (because of the -des3 option)
# (this encrypts the key with the DES3 algorithm)

# note: -passout file:<path> reads the password needed for the output file from the specified file

# note2: generating DSA keys for certificates would make it necessary to use EPHEMERAL KEYING
#	 which this version of sslserver / sslclient does not support (even though there
#	 are significant security advantages of EPH. KEYING use even with RSA private keys)

# (C) 2005 Digithell, Inc. (Pavel Strachota, FNSPE CTU)

if [ -z "$1" ]
then
    echo synopsis: genkeyp [key_file] [password_file]
    key_file="my_key.pem"
else
    key_file=$1
fi

if [ -z "$2" ]
then
    password_file="Pass.txt"
else
    password_file=$2
fi

echo "Using key file: " $key_file
echo "Using password file: " $password_file
echo
echo

openssl genrsa -des3 -passout file:$password_file -out $key_file 2048