naftulikay/genkeys.sh

## genkeys.sh
#!/bin/bash

# Generates 2048 and 4096 bit SSH private keys, then encrypts them in the following
# variations:
#
# Ciphers:
#   * aes-192-cbc
#   * aes-256-cbc
#
# PBKDF2 Iterations:
#   * 100,000
#   * 250,000
#   * 500,000
#   * 1,000,000
#
# This will allow you to quickly see how long keys take to decrypt given different
# key sizes (2048, 4096), different encryption algorithms (AES-192-CBC, AES-256-CBC),
# and most importantly, different amounts of PBKDF2 iterations.
#
# You'll need a build of OpenSSL which contains the custom iteration patch for the
# pkcs8 tool. See: https://j.mp/U9EBWO


set -e

OPENSSL="./openssl"
RAW_2048="raw-2048.pem"
RAW_4096="raw-4096.pem"

echo "Generating 2048 bit RSA key to $RAW_2048..."
$OPENSSL genrsa -rand /dev/urandom -out "$RAW_2048" 2048 && chmod 0600 "$RAW_2048" \
    && ssh-keygen -y -f "$RAW_2048" > "${RAW_2048%pem}pub.pem"

echo "Generating 4096 bit RSA key to $RAW_4096..."
$OPENSSL genrsa -rand /dev/urandom -out "$RAW_4096" 4096 && chmod 0600 "$RAW_4096" \
    && ssh-keygen -y -f "$RAW_4096" > "${RAW_4096%pem}pub.pem"

for keybits in 2048 4096 ; do
    for cipher in aes-192-cbc aes-256-cbc ; do
        for iter in 100000 250000 500000 1000000 ; do
            out="pkcs8-${keybits}bits-$cipher-$iter-iter.pem"

            echo "Generating PKCS#8 container in $cipher mode with $iter PBKDF iterations to $out..."

            # select our key input file
            if [ "$keybits" == "2048" ]; then source_key="$RAW_2048" ; else source_key="$RAW_4096" ; fi

            # generate the thing!
            $OPENSSL pkcs8 -passout pass:password -in "$source_key" -out "$out" -topk8 -v2 "$cipher" -iter "$iter"
        done
    done
done
	#!/bin/bash

	# Generates 2048 and 4096 bit SSH private keys, then encrypts them in the following
	# variations:
	#
	# Ciphers:
	# * aes-192-cbc
	# * aes-256-cbc
	#
	# PBKDF2 Iterations:
	# * 100,000
	# * 250,000
	# * 500,000
	# * 1,000,000
	#
	# This will allow you to quickly see how long keys take to decrypt given different
	# key sizes (2048, 4096), different encryption algorithms (AES-192-CBC, AES-256-CBC),
	# and most importantly, different amounts of PBKDF2 iterations.
	#
	# You'll need a build of OpenSSL which contains the custom iteration patch for the
	# pkcs8 tool. See: https://j.mp/U9EBWO


	set -e

	OPENSSL="./openssl"
	RAW_2048="raw-2048.pem"
	RAW_4096="raw-4096.pem"

	echo "Generating 2048 bit RSA key to $RAW_2048..."
	$OPENSSL genrsa -rand /dev/urandom -out "$RAW_2048" 2048 && chmod 0600 "$RAW_2048" \
	&& ssh-keygen -y -f "$RAW_2048" > "${RAW_2048%pem}pub.pem"

	echo "Generating 4096 bit RSA key to $RAW_4096..."
	$OPENSSL genrsa -rand /dev/urandom -out "$RAW_4096" 4096 && chmod 0600 "$RAW_4096" \
	&& ssh-keygen -y -f "$RAW_4096" > "${RAW_4096%pem}pub.pem"

	for keybits in 2048 4096 ; do
	for cipher in aes-192-cbc aes-256-cbc ; do
	for iter in 100000 250000 500000 1000000 ; do
	out="pkcs8-${keybits}bits-$cipher-$iter-iter.pem"

	echo "Generating PKCS#8 container in $cipher mode with $iter PBKDF iterations to $out..."

	# select our key input file
	if [ "$keybits" == "2048" ]; then source_key="$RAW_2048" ; else source_key="$RAW_4096" ; fi

	# generate the thing!
	$OPENSSL pkcs8 -passout pass:password -in "$source_key" -out "$out" -topk8 -v2 "$cipher" -iter "$iter"
	done
	done
	done