ETOOBUSY 🚀 minimal blogging for the impatient
Remember ekeca? I added a couple things to it.
So… it’s almost 10 (ten!) months that I wrote about ekeca, and I eventually remembered about it! Mission accomplished!
I did a couple of additions:
it’s now possible to generate also client certificates, because well… I need to experiment a bit with them!
There is a new handy function to check whether a private key correspondes to a certificate (that is, to the public key carried by the certificate).
I’m somehow surprised that the last thing isn’t implemented natively in OpenSSL, but whatever it’s quite simple: the two keys correspond if they share the same modulus.
A lot of the hints around calculated a checksum over the modulus; this is a quick hack to compare something “short” instead of the modulus in its full width. This helps a lot when comparing stuff visually… but I guess the program can do without this slight teensy possibility of a collision.
You can find the code here; using the function is simple, just pass the key and the certificate file paths as arguments (in any order):
ekeca check_association /path/to/key /path/to/certificate