Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-10-31 05:57:36 +01:00
Code Issues Projects Releases Wiki Activity

feat(curves): add secp256k1 option (#315)

Browse Source
This commit is contained in:
Sidd
2020-04-27 07:22:35 -05:00
committed by GitHub
parent a3e6652d6d
commit 8d5bb43aed
2 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -211,7 +211,7 @@ OpenVPN 2.4 added support for ECDSA. Elliptic curve cryptography is faster, ligh
This script provides:
- ECDSA: `prime256v1`/`secp384r1`/`secp521r1` curves
- ECDSA: `prime256v1`/`secp256k1`/`secp384r1`/`secp521r1` curves
- RSA: `2048`/`3072`/`4096` bits keys
It defaults to ECDSA with `prime256v1`.
@@ -276,7 +276,7 @@ Also, generating a classic DH keys can take a long, looong time. ECDH keys are e
The script provides the following options:
- ECDH: `prime256v1`/`secp384r1`/`secp521r1` curves
- ECDH: `prime256v1`/`secp256k1`/`secp384r1`/`secp521r1` curves
- DH: `2048`/`3072`/`4096` bits keys
It defaults to `prime256v1`.

28
openvpn-install.sh
View File

@@ -416,19 +416,23 @@ function installQuestions () {
echo ""
echo "Choose which curve you want to use for the certificate's key:"
echo " 1) prime256v1 (recommended)"
echo " 2) secp384r1"
echo " 3) secp521r1"
until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do
read -rp"Curve [1-3]: " -e -i 1 CERT_CURVE_CHOICE
echo " 2) secp256k1"
echo " 3) secp384r1"
echo " 4) secp521r1"
until [[ $CERT_CURVE_CHOICE =~ ^[1-4]$ ]]; do
read -rp"Curve [1-4]: " -e -i 1 CERT_CURVE_CHOICE
done
case $CERT_CURVE_CHOICE in
1)
CERT_CURVE="prime256v1"
;;
2)
CERT_CURVE="secp384r1"
CERT_CURVE="secp256k1"
;;
3)
CERT_CURVE="secp384r1"
;;
4)
CERT_CURVE="secp521r1"
;;
esac
@@ -501,19 +505,23 @@ function installQuestions () {
echo ""
echo "Choose which curve you want to use for the ECDH key:"
echo " 1) prime256v1 (recommended)"
echo " 2) secp384r1"
echo " 3) secp521r1"
while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do
read -rp"Curve [1-3]: " -e -i 1 DH_CURVE_CHOICE
echo " 2) secp256k1"
echo " 3) secp384r1"
echo " 4) secp521r1"
until [[ $DH_CURVE_CHOICE =~ ^[1-4]$ ]]; do
read -rp"Curve [1-4]: " -e -i 1 DH_CURVE_CHOICE
done
case $DH_CURVE_CHOICE in
1)
DH_CURVE="prime256v1"
;;
2)
DH_CURVE="secp384r1"
DH_CURVE="secp256k1"
;;
3)
DH_CURVE="secp384r1"
;;
4)
DH_CURVE="secp521r1"
;;
esac