#!/bin/sh
# Usage: EMAIL=vasya@pupkin.ru NUM=1 sh key.sh
set -efu

cat << EOF > "x509_${NUM}.genkey"
[ req ]
prompt = no
default_bits = 4096
default_md = sha512
days = 109500
default_keyfile = full_key${NUM}.pem
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
organizationName = ROSA Linux
commonName = Additional private kernel modules signing key #${NUM}
emailAddress = ${EMAIL}
EOF

openssl req -new -nodes -utf8 -batch -x509 \
	-config "x509_${NUM}.genkey" \
	-outform PEM \
	-out "full_key${NUM}.pem" \
	-keyout "full_key${NUM}.pem" 

sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p;/^-----END CERTIFICATE-----$/q' "full_key${NUM}.pem" > "public${NUM}.pem"