1#!/bin/bash 2# 3# Copyright (C) 2009 The Android Open Source Project 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17# Generates a public/private key pair suitable for use in signing 18# android .apks and OTA update packages. 19 20if [ "$#" -ne 2 ]; then 21 cat <<EOF 22Usage: $0 <name> <subject> 23 24Creates <name>.pk8 key and <name>.x509.pem cert. Cert contains the 25given <subject>. 26EOF 27 exit 2 28fi 29 30if [[ -e $1.pk8 || -e $1.x509.pem ]]; then 31 echo "$1.pk8 and/or $1.x509.pem already exist; please delete them first" 32 echo "if you want to replace them." 33 exit 1 34fi 35 36# Use named pipes to connect get the raw RSA private key to the cert- 37# and .pk8-creating programs, to avoid having the private key ever 38# touch the disk. 39 40tmpdir=$(mktemp -d) 41trap 'rm -rf ${tmpdir}; echo; exit 1' EXIT INT QUIT 42 43one=${tmpdir}/one 44two=${tmpdir}/two 45mknod ${one} p 46mknod ${two} p 47chmod 0600 ${one} ${two} 48 49read -p "Enter password for '$1' (blank for none; password will be visible): " \ 50 password 51 52( openssl genrsa -f4 2048 | tee ${one} > ${two} ) & 53 54openssl req -new -x509 -sha1 -key ${two} -out $1.x509.pem \ 55 -days 10000 -subj "$2" & 56 57if [ "${password}" == "" ]; then 58 echo "creating ${1}.pk8 with no password" 59 openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 -nocrypt 60else 61 echo "creating ${1}.pk8 with password [${password}]" 62 echo $password | openssl pkcs8 -in ${one} -topk8 -outform DER -out $1.pk8 \ 63 -passout stdin 64fi 65 66wait 67wait 68