Skip to content

Instantly share code, notes, and snippets.

@Someguy123

Someguy123/irc_key_gen.md

Created May 19, 2021 23:11
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Someguy123/c420aa05e7c4ca62ba109b3487f099a3 to your computer and use it in GitHub Desktop.
Save Someguy123/c420aa05e7c4ca62ba109b3487f099a3 to your computer and use it in GitHub Desktop.
Download ZIP
How to generate an ECDSA NIST256P key / certificate for use on IRC (SASL ECDSA-NIST256p-CHALLENGE) - macOS instructions using openssl, Libera (Freenode), and Textual IRC Client
Raw
irc_key_gen.md

1. Generating keys

1.1. Generate ECDSA key

Generate private key:

openssl ecparam -name prime256v1 -genkey -out irc_nist256.pem

View info about key:

openssl ec -noout -text -conv_form compressed -in irc_nist256.pem

1.2. Generate CSR

openssl req -new -key irc_nist256.pem -sha256 -days 1096 -nodes -out freenode.csr

View CSR info:

openssl x509 -in freenode.csr -text -noout
openssl req -in freenode.csr -text -noout

1.3. Generate Certificate (PEM)

openssl req -x509 -in freenode.csr -key irc_nist256.pem -sha256 -days 1096 -nodes -out freenode.pem

View info about PEM file:

openssl x509 -in freenode.pem -text -noout

1.4. Generate PKCS12 ( .p12 ) cert + key file for import into Apple Keychain

openssl pkcs12 -export -clcerts -inkey irc_nist256.pem -in freenode.pem -out freenode.p12 -name "Someguy123 IRC"

NOTE: You must set an export password when asked, to be able to actually import the key into Apple Keychain.

2. Get fingerprint

2.1. Get long SHA512 fingerprint

openssl x509 -in freenode.pem -outform der | sha512sum -b | cut -d' ' -f1

2.2. Get short SHA1 fingerprint

openssl x509 -in freenode.pem -outform der | sha1sum -b | cut -d' ' -f1

3. Add fingerprint to Libera ( Freenode )

In my case, I added the SHA512 fingerprint, which worked great.

/msg NickServ CERT ADD abcd1234abcd1234def4321

4. Import PKCS12 .p12 file into Apple KeyChain (Mac Only / Textual App)

Screenshot of Add Certificate prompt

Simply double click on the freenode.p12 file, or right click and press Open In... > Keychain Access

Screenshot of Apple Keychain

You should now be able to find your certificate under the login keychain, in the category Certificates

5. Use the certificate in your IRC client for the IRC server you're using

Screenshot of Textual Choose an Identity certificate prompt

Screenshot of Textual Client Certificate tab

In the Textual App for macOS, you can select the certificate within the server settings for the IRC server of your choice, under Advanced > Client Certificate, and then press Select Certificate - and select the certificate you loaded into KeyChain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment