From 8d5bb43aed6a631f77def65a60a61984a16e2252 Mon Sep 17 00:00:00 2001 From: Sidd Date: Mon, 27 Apr 2020 07:22:35 -0500 Subject: [PATCH] feat(curves): add secp256k1 option (#315) --- README.md | 4 ++-- openvpn-install.sh | 28 ++++++++++++++++++---------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index bd82d07..8e55490 100644 --- a/README.md +++ b/README.md @@ -211,7 +211,7 @@ OpenVPN 2.4 added support for ECDSA. Elliptic curve cryptography is faster, ligh This script provides: -- ECDSA: `prime256v1`/`secp384r1`/`secp521r1` curves +- ECDSA: `prime256v1`/`secp256k1`/`secp384r1`/`secp521r1` curves - RSA: `2048`/`3072`/`4096` bits keys It defaults to ECDSA with `prime256v1`. @@ -276,7 +276,7 @@ Also, generating a classic DH keys can take a long, looong time. ECDH keys are e The script provides the following options: -- ECDH: `prime256v1`/`secp384r1`/`secp521r1` curves +- ECDH: `prime256v1`/`secp256k1`/`secp384r1`/`secp521r1` curves - DH: `2048`/`3072`/`4096` bits keys It defaults to `prime256v1`. diff --git a/openvpn-install.sh b/openvpn-install.sh index d79620f..ff19a04 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -416,19 +416,23 @@ function installQuestions () { echo "" echo "Choose which curve you want to use for the certificate's key:" echo " 1) prime256v1 (recommended)" - echo " 2) secp384r1" - echo " 3) secp521r1" - until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do - read -rp"Curve [1-3]: " -e -i 1 CERT_CURVE_CHOICE + echo " 2) secp256k1" + echo " 3) secp384r1" + echo " 4) secp521r1" + until [[ $CERT_CURVE_CHOICE =~ ^[1-4]$ ]]; do + read -rp"Curve [1-4]: " -e -i 1 CERT_CURVE_CHOICE done case $CERT_CURVE_CHOICE in 1) CERT_CURVE="prime256v1" ;; 2) - CERT_CURVE="secp384r1" + CERT_CURVE="secp256k1" ;; 3) + CERT_CURVE="secp384r1" + ;; + 4) CERT_CURVE="secp521r1" ;; esac @@ -501,19 +505,23 @@ function installQuestions () { echo "" echo "Choose which curve you want to use for the ECDH key:" echo " 1) prime256v1 (recommended)" - echo " 2) secp384r1" - echo " 3) secp521r1" - while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do - read -rp"Curve [1-3]: " -e -i 1 DH_CURVE_CHOICE + echo " 2) secp256k1" + echo " 3) secp384r1" + echo " 4) secp521r1" + until [[ $DH_CURVE_CHOICE =~ ^[1-4]$ ]]; do + read -rp"Curve [1-4]: " -e -i 1 DH_CURVE_CHOICE done case $DH_CURVE_CHOICE in 1) DH_CURVE="prime256v1" ;; 2) - DH_CURVE="secp384r1" + DH_CURVE="secp256k1" ;; 3) + DH_CURVE="secp384r1" + ;; + 4) DH_CURVE="secp521r1" ;; esac