certificate-transparency/cheese
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
custom-domain
cheese/tesseract/genconf/key.go
Pim van Pelt a3d3c4c643 Refactor each command in its own file
2025-08-24 11:44:28 +02:00

58 lines
1.4 KiB
Go
Raw Permalink Blame History

package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"encoding/pem"
"fmt"
"log"
"os"
"path/filepath"
)
func generateKeys(yamlFile string) {
config := loadConfig(yamlFile)
// Generate keys for each log
for _, logEntry := range config.Logs {
// Check if key already exists
if _, err := os.Stat(logEntry.Secret); err == nil {
fmt.Printf("Key already exists: %s (skipped)\n", logEntry.Secret)
continue
}
// Generate new prime256v1 key
privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
log.Fatalf("Failed to generate key for %s: %v", logEntry.ShortName, err)
}
// Marshal private key to DER format
privKeyDER, err := x509.MarshalECPrivateKey(privKey)
if err != nil {
log.Fatalf("Failed to marshal private key for %s: %v", logEntry.ShortName, err)
}
// Create PEM block
privKeyPEM := pem.EncodeToMemory(&pem.Block{
Type: "EC PRIVATE KEY",
Bytes: privKeyDER,
})
// Ensure directory exists
if err := os.MkdirAll(filepath.Dir(logEntry.Secret), 0755); err != nil {
log.Fatalf("Failed to create directory for %s: %v", logEntry.Secret, err)
}
// Write key to file
err = os.WriteFile(logEntry.Secret, privKeyPEM, 0600)
if err != nil {
log.Fatalf("Failed to write key file %s: %v", logEntry.Secret, err)
}
fmt.Printf("Generated %s\n", logEntry.Secret)
}
}
Reference in New Issue View Git Blame Copy Permalink