To create a delivery set for the customer of the encrypted communication software Extra Systems Cypher Net, we have created several scripts for the bash shell, which completely automate this process (and eliminate errors). The first of these scripts, make_client.sh, designed to create a new client (equipped with personal keys for encrypted communication RSA), has the following text:
#!/bin/bash RSA_KEY_SIZE=1024 PRIME_SIZE=$(($RSA_KEY_SIZE / 2)) CLIENT_NUMBER=$1 [ -d $CLIENT_NUMBER ] || mkdir $CLIENT_NUMBER echo "Создаем ключи RSA длиной $RSA_KEY_SIZE бит для клиента №$CLIENT_NUMBER" PR1=$(openssl prime $(openssl prime -generate -bits $PRIME_SIZE) | cut -f1 -d ' ') PR2=$(openssl prime $(openssl prime -generate -bits $PRIME_SIZE) | cut -f1 -d ' ') PR3=$(openssl prime $(openssl prime -generate -bits $PRIME_SIZE) | cut -f1 -d ' ') ./keygen $PR1 $PR2 $PR3 > all.txt head -n 1 all.txt > public_$CLIENT_NUMBER tail -n 1 all.txt > private_$CLIENT_NUMBER rm all.txt ./rsa_key_bin public_$CLIENT_NUMBER rm public_$CLIENT_NUMBER ./rsa_key_bin private_$CLIENT_NUMBER rm private_$CLIENT_NUMBER mv private_$CLIENT_NUMBER.bin $CLIENT_NUMBER mv public_$CLIENT_NUMBER.bin $CLIENT_NUMBER cp input $CLIENT_NUMBER cp output $CLIENT_NUMBER
As can be seen from the text, in this script we receive three prime numbers of the required bit depth (512 bits) from openssl and pass them to the keygen procedure, which creates an open and closed RSA key (1024 bits) for the given client on their basis (the first two prime numbers are multiplied to obtain the base of both keys, and the third is used as the exponent for the open key; the exponent for the closed key, as required by RSA standards, is calculated by the keygen utility using the extended Euclidean algorithm). Together with the input and output utilities, these keys (open and closed) are moved by this script to the directory created to transfer all these materials to the customer.
The rsa_key_bin procedure is used to convert RSA keys from text to binary (the initial generation of RSA keys in text form in Extra Systems Cypher Net is historical; in principle, this does not bother anyone).
The second script make_link.sh intended for creating a connection between a pair of clients has the following text:
#!/bin/bash TMP_DIR_LIST="fingerprints" for NEED_TMP_DIR in $TMP_DIR_LIST do [ -d $NEED_TMP_DIR ] || mkdir $NEED_TMP_DIR done for CLIENT_NUMBER in $1 $2 do [ -d $CLIENT_NUMBER ] || mkdir $CLIENT_NUMBER done cp $1/public_$1.bin $2 cp $2/public_$2.bin $1 ./fingerprint $1 $2 || exit ./fingerprint $2 $1 || exit mv ./fingerprints/fingerprint_i_$1_$2 ./$1 mv ./fingerprints/fingerprint_o_$1_$2 ./$1 mv ./fingerprints/fingerprint_i_$2_$1 ./$2 mv ./fingerprints/fingerprint_o_$2_$1 ./$2 for NEED_TMP_DIR in $TMP_DIR_LIST do [ -d $NEED_TMP_DIR ] && rmdir $NEED_TMP_DIR done
This script copies the public RSA key to the partner's directory and creates the necessary fingerprint files for this pair, which it also places in the corresponding user directories. Only after this, communication between these clients via our server becomes possible.
With these two scripts, in principle, it would be possible to perform any work on completing an order, but for complete convenience, we have also created a third script that allows you to do everything in one move. This script is called make_product.sh and allows you to create not only a pair, but an entire communication network:
#!/bin/bash for CLIENT_NUMBER in $@ do ./make_client.sh $CLIENT_NUMBER done COUNER_1=1 for CLIENT_NUMBER_1 in $@ do COUNER_2=1 for CLIENT_NUMBER_2 in $@ do [ "$COUNER_2" -gt "$COUNER_1" ] && ./make_link.sh $CLIENT_NUMBER_1 $CLIENT_NUMBER_2 COUNER_2=$(( $COUNER_2 + 1 )) done COUNER_1=$(( $COUNER_1 + 1 )) done
As command line parameters, this script is passed any number (at least two) of client identifiers for which it is necessary to subsequently ensure mutual encrypted communication through our server.
The content of this page is also available in French, German, Ukrainian and Russian.
| © Extra Systems, 2024 |
|