#!/bin/bash

# This command genereates ekyfiles with OpenSSL
#for key_type in PK KEK db dbx; do openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's ${key_type}" -keyout ${key_type}.key -out ${key_type}.crt -days 9999 -sha256; done
for key_type in PK KEK db dbx; do openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's ${key_type}" -keyout ${key_type}.key -out ${key_type}.crt -days 9999 -nodes -sha256; done

# This command will generate a Platform Key "PK"
# mkfifo key_pipe & sleep 1; openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's Platform Key" -keyout key_pipe -out PK.crt -days 9999 -noenc -sha256 & gpg --output PK.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe && rm key_pipe

#This creates the keyfiles encrypting with GPG
#mkfifo key_pipe & sleep 1 && for key_type in PK KEK db dbx; do openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's ${key_type}" -keyout key_pipe -out ${key_type}.crt -days 9999 -noenc -sha256 & gpg --output ${key_type}.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe ; done ; rm key_pipe

#mkfifo key_pipe &
#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's PK" -keyout key_pipe -out PK.crt -days 9999 -noenc -sha256 
#gpg --output PK.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe
#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's KEK" -keyout key_pipe -out KEK.crt -days 9999 -noenc -sha256 
#gpg --output KEK.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe
#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's db" -keyout key_pipe -out db.crt -days 9999 -noenc -sha256 
#gpg --output db.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe
#openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Ganome's dbx" -keyout key_pipe -out dbx.crt -days 9999 -noenc -sha256 
#gpg --output dbx.key.gpg --recipient ganome@gmail.com --encrypt < key_pipe
#rm key_pipe