search

MatthiasValvekens / certomancer

Quickly construct, mock & deploy PKI test configurations using simple declarative configuration.
MIT License
26 stars 4 forks source link

provide example for key generation #1

Closed peteris-zealid closed 2 years ago

peteris-zealid commented 2 years ago

Feel free to modify as needed. Not sure about the -m PEM part because man page for ssh-keygen said it is a legacy format and suggested RFC4716.

Found this command on the internet and it worked for me. I did not investigate further.

MatthiasValvekens commented 2 years ago

Yeah, I'm sure that refers to the fact that PEM is deprecated in favour of RFC 4716 for the purposes of storing SSH keys (which, unsurprisingly, is the most common use of ssh-keygen). Software that doesn't deal with SSH tends to stick with key material stored in PEM-armored PKCS#8 data structures (or similar).

When generating keys for testing purposes, I usually use openssl genrsa/openssl ecparam ... -genkey | openssl ec/... or similar instead of ssh-keygen, but it doesn't really matter all that much. I'll update the sample command to use openssl just because that's what I use in the Certomancer asciinema demo linked in the readme, but other than that I'm totally on board with this change.

Thanks, Peteris!

(I'll get to it later today or tomorrow)