onetimekey 1.63 KB
Newer Older
1 2 3
# usage: onetimekey path/to/mycert.pem
#        onetimekey -certonly path/to/mycert.pem
5 6 7 8 9 10 11 12 13 14 15 16 17
# Takes an openssl cert+key pem file and turns into a long string
# for the x11vnc SSL VNC Java Viewer.
# The Java applet URL parameter can be  oneTimeKey=<str> where str is
# the output of this program, or can be oneTimeKey=PROMPT in which
# case the applet will ask you to paste in the string.
# The problem trying to be solved here is it is difficult to get
# the Java applet to have or use a keystore with the key saved
# in it.  Also, as the name implies, an HTTPS server can create
# a one time key to send to the applet (the user has already
# logged in via password to the HTTPS server).
18 19 20 21 22 23 24 25 26 27 28 29 30
# Note oneTimeKey is to provide a CLIENT Certificate for the viewer
# to authenticate itself to the VNC Server.
# There is also the serverCert=<str> Applet parameter.  This is
# a cert to authenticate the VNC server against.  To create that
# string with this tool specify -certonly as the first argument.

if [ "X$1" = "X-certonly" ]; then
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59

touch $der
chmod 600 $der

openssl pkcs8 -topk8 -nocrypt -in "$in" -out "$der" -outform der

cat > $pbinhex <<END

\$str = '';
while (1) {
        \$c = getc(STDIN);
        last if \$c eq '';
        \$str .= sprintf("%02x", unpack("C", \$c));

print "\$str\n";

chmod 700 $pbinhex 

str1=`$pbinhex < "$der"`
rm -f "$der"

n=`grep -n 'BEGIN CERTIFICATE' $in | awk -F: '{print $1}' | head -1`
str2=`tail +$n $in | $pbinhex`
60 61 62 63 64
if [ "X$certonly" = "X1" ]; then
	echo "$str2"
	echo "$str1,$str2"
rm -f $pbinhex