def GenerateKeys(config, overwrite_keys=False):
"""Generate the keys we need for a GRR server."""
if not hasattr(key_utils, "MakeCACert"):
parser.error("Generate keys can only run with open source key_utils.")
if (config.Get("PrivateKeys.server_key", default=None)
and not overwrite_keys):
print config.Get("PrivateKeys.server_key")
raise RuntimeError(
"Config %s already has keys, use --overwrite_keys to "
"override." % config.parser)
length = config_lib.CONFIG["Server.rsa_key_length"]
print "All keys will have a bit length of %d." % length
print "Generating executable signing key"
executable_key = rdf_crypto.RSAPrivateKey.GenerateKey(bits=length)
config.Set("PrivateKeys.executable_signing_private_key",
executable_key.AsPEM())
config.Set("Client.executable_signing_public_key",
executable_key.GetPublicKey().AsPEM())
print "Generating CA keys"
ca_key = rdf_crypto.RSAPrivateKey.GenerateKey(bits=length)
ca_cert = key_utils.MakeCACert(ca_key)
config.Set("CA.certificate", ca_cert.AsPEM())
config.Set("PrivateKeys.ca_key", ca_key.AsPEM())
print "Generating Server keys"
server_key = rdf_crypto.RSAPrivateKey.GenerateKey(bits=length)
server_cert = key_utils.MakeCASignedCert(u"grr", server_key, ca_cert,
ca_key)
config.Set("Frontend.certificate", server_cert.AsPEM())
config.Set("PrivateKeys.server_key", server_key.AsPEM())
print "Generating Django Secret key (used for xsrf protection etc)"
GenerateDjangoKey(config)
def GenerateKeys(config):
"""Generate the keys we need for a GRR server."""
if not hasattr(key_utils, "MakeCACert"):
parser.error("Generate keys can only run with open source key_utils.")
if (config.Get("PrivateKeys.server_key", default=None)
and not flags.FLAGS.overwrite):
raise RuntimeError("Config %s already has keys, use --overwrite to "
"override." % config.parser)
print "Generating executable signing key"
priv_key, pub_key = key_utils.GenerateRSAKey()
config.Set("PrivateKeys.executable_signing_private_key", priv_key)
config.Set("Client.executable_signing_public_key", pub_key)
print "Generating driver signing key"
priv_key, pub_key = key_utils.GenerateRSAKey()
config.Set("PrivateKeys.driver_signing_private_key", priv_key)
config.Set("Client.driver_signing_public_key", pub_key)
print "Generating CA keys"
ca_cert, ca_pk, _ = key_utils.MakeCACert()
cipher = None
config.Set("CA.certificate", ca_cert.as_pem())
config.Set("PrivateKeys.ca_key", ca_pk.as_pem(cipher))
print "Generating Server keys"
server_cert, server_key = key_utils.MakeCASignedCert("grr",
ca_pk,
bits=2048)
config.Set("Frontend.certificate", server_cert.as_pem())
config.Set("PrivateKeys.server_key", server_key.as_pem(cipher))
print "Generating Django Secret key (used for xsrf protection etc)"
GenerateDjangoKey(config)
