-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathbssl2pem.sh
More file actions
executable file
·34 lines (29 loc) · 872 Bytes
/
bssl2pem.sh
File metadata and controls
executable file
·34 lines (29 loc) · 872 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/bin/bash
#
# A script to make an ECH PEM file according to the Internet-draft
# https://datatracker.ietf.org/doc/draft-farrell-tls-pemesni/
# using the boringssl command line tool (the OpenSSL command line
# tool emits this format by itself)
set -e
: "${BSSL:=$PWD/bssl}" # boringssl binary
: "${PN:=example.com}" # public name
: "${CID:=$((RANDOM%256))}" # config_id
: "${PEMF:=$PWD/echconfig.pem}" # output ECH PEM file
sdir="$PWD"
tdir=$(mktemp -d)
cd "$tdir" || exit
$BSSL generate-ech -public-name "$PN" -config-id "$CID" \
-out-private-key priv.ech -out-ech-config-list pub.ech \
-out-ech-config foo -max-name-length 0
PRIV=$(cat priv.ech | base64)
ECL=$(cat pub.ech | base64)
cat >"$PEMF" <<EOF
-----BEGIN PRIVATE KEY-----
$PRIV
-----END PRIVATE KEY-----
-----BEGIN ECHCONFIG-----
$ECL
-----END ECHCONFIG-----
EOF
cd "$sdir" || exit
rm -rf "$tdir"