#!/usr/bin/env zsh
# zeasypki -- easy PKI
-# Copyright (C) 2022-2023 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2022-2024 Sergey Matveev <stargrave@stargrave.org>
set -e
-KEY_ENCRYPT_RECIPIENT=${KEY_ENCRYPT_RECIPIENT:-12AD32689C660D426967FD75CB8205632107AD8A}
COUNTRY=${COUNTRY:-RU}
path=(
)
key_encrypt() {
- gpg --encrypt --recipient $KEY_ENCRYPT_RECIPIENT
+ age -R ~/.age/general.pub
}
key_decrypt() {
- gpg --decrypt
+ age -d -i ~/.age/general.age
}
# ------------------------ >8 ------------------------
trap "rm -f $key $tmpl $cert" HUP PIPE INT QUIT TERM EXIT
cat > $tmpl <<EOF
dn = "cn=$domain,c=$COUNTRY"
-serial = 1
expiration_days = 3650
ca
cert_signing_key
-ca \
-cn $domain \
-country $COUNTRY \
- -serial 1 \
-ai 512C \
-out-key $key \
-out-cert $cert
export LC_ALL=C
for cer (**/cer.pem) {
certtool --certificate-info < $cer | while read line ; do
- [[ $line =~ "^\s*Not After: .*" ]] && break
+ [[ $line =~ "^Not After: .*" ]] && break
done
[[ $MATCH ]]
# Not After: Sat Jul 02 10:02:29 UTC 2022