cb601/edh-keygen
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

🔐 edh-keygen

Automated Diffie-Hellman key generation and service management tool
Provides flexible configuration, systemd integration and clean RPM packaging.

This utility simplifies the generation and management of Diffie-Hellman (DH) parameters used for Perfect Forward Secrecy (PFS) in secure communication services such as Postfix, Dovecot, Ejabberd and others. It ensures that DH keys are regularly refreshed, properly permissioned and integrated with systemd for reliable automation.

Key features:

  • 🔁 Automated generation of DH key files (e.g., dh2048.pem)
  • ⚙️ Service reload hooks to apply new keys without downtime
  • 🛠️ Easy configuration via edh-keygen.conf
  • 📦 Distributed as an RPM package for clean system integration
  • 🔐 Designed to enhance TLS security through PFS

Outline

  1. Features
  2. Installation
  3. Configuration
  4. Directory Layout
  5. CRON Job Example
  6. License
  7. Authors
  8. Project Home

Features

  • Generates DH parameters for secure services
  • Supports service restarts for root and non-root systemd users
  • Configurable per-service and global settings via config file
  • Customizable sync paths, ownership, and permissions for DH keys
  • Weekly cron job integration for automated key regeneration
  • RPM packaging for easy deployment

Installation

  1. Install required packages

    sudo dnf install git rpm-build rpmdevtools yum-utils -y

  2. Clone the Repository

    git clone https://dev.town-square.de/cb601/edh-keygen.git

cd edh-keygen

  3. Build the RPM package

    You can use the provided Makefile:

    make clean
make rpm

  4. Install the RPM package

    sudo yum localinstall rpmbuild/RPMS/noarch/edh-keygen-1.0-1.noarch.rpm

  5. Verify the Installation

    ls -l /opt/edh-keygen

    You should see:

    -rwxr-x--- 1 root root ... edh-keygen.sh  
-rw-r----- 1 root root ... edh-keygen.conf

    Check RPM info:

    rpm -qil edh-keygen

Configuration

The configuration file (edh-keygen.conf or edh-keygen.local) supports both global path settings and per-service lines. See the file itself for detailed documentation and examples.

Directory Layout

Path Purpose
/opt/edh-keygen/edh-keygen.sh Main script
/opt/edh-keygen/edh-keygen.conf Overwritten config (always)
/opt/edh-keygen/edh-keygen.local User config (never overwritten)
/etc/cron.weekly/edh-keygen Cron job script (optional)

CRON Job Example

To run the key generator weekly, you have two options:

1. Crontab

You can add a weekly cron job directly to the root user's crontab:

Open the root crontab for editing:

sudo crontab -e

Add the following line to run the script every Sunday at 3:30 AM:

30 3 * * 0 /opt/edh-keygen/edh-keygen.sh

(Adjust the schedule as needed. This example runs the script weekly on Sunday.)

2. System Cron Weekly Directory

Create a script as /etc/cron.weekly/edh-keygen:

#!/bin/sh

/opt/edh-keygen/edh-keygen.sh

exit 0

Ensure the script is executable:

chmod 750 /etc/cron.weekly/edh-keygen

License

MIT

Authors

CB-601 - the open tec Elevator

Project Home

Project Home: https://dev.town-square.de/cb601/edh-keygen

Reference in New Issue View Git Blame Copy Permalink
Description
Automated Diffie-Hellman key generation and service management script with flexible configuration, systemd integration and RPM packaging.
Readme MIT 46 KiB
Languages
Shell 88.9%
Makefile 11.1%