From 8975a23f33fc8b946e011e678394afef045c2f4f Mon Sep 17 00:00:00 2001
From: Matt Drollette <matt@drollette.com>
Date: Sat, 20 Dec 2014 01:20:36 -0600
Subject: [PATCH] revert back to RSA keys

---
 cmd/utils.go    | 19 +++++++------------
 reseed/utils.go |  6 +++---
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/cmd/utils.go b/cmd/utils.go
index 84dce8f..559be5b 100644
--- a/cmd/utils.go
+++ b/cmd/utils.go
@@ -2,8 +2,6 @@ package cmd
 
 import (
 	"bufio"
-	"crypto/ecdsa"
-	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
@@ -124,9 +122,9 @@ func createSigningCertificate(signerId string) error {
 
 func createTLSCertificate(host string) error {
 	fmt.Println("Generating TLS keys. This may take a minute...")
-	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	priv, err := rsa.GenerateKey(rand.Reader, 4096)
 	if err != nil {
-		return fmt.Errorf("failed to generate TLS private key:", err)
+		return err
 	}
 
 	tlsCert, err := reseed.NewTLSCertificate(host, priv)
@@ -144,17 +142,14 @@ func createTLSCertificate(host string) error {
 	fmt.Printf("TLS certificate saved to: %s\n", host+".crt")
 
 	// save the TLS private key
-	keyOut, err := os.OpenFile(host+".pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	privFile := host + ".pem"
+	keyOut, err := os.OpenFile(privFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
-		return fmt.Errorf("failed to open %s for writing: %s", host+".pem", err)
+		return fmt.Errorf("failed to open %s for writing: %s\n", privFile, err)
 	}
-	derBytes, err := x509.MarshalECPrivateKey(priv)
-	if nil != err {
-		return err
-	}
-	pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: derBytes})
+	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
 	keyOut.Close()
-	fmt.Printf("TLS private key saved to: %s\n", host+".pem")
+	fmt.Printf("TLS private key saved to: %s\n", privFile)
 
 	return nil
 }
diff --git a/reseed/utils.go b/reseed/utils.go
index e9d58fe..c75298a 100644
--- a/reseed/utils.go
+++ b/reseed/utils.go
@@ -1,8 +1,8 @@
 package reseed
 
 import (
-	"crypto/ecdsa"
 	"crypto/rand"
+	"crypto/rsa"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
@@ -33,7 +33,7 @@ func SignerFilename(signer string) string {
 	return strings.Replace(signer, "@", "_at_", 1) + ".crt"
 }
 
-func NewTLSCertificate(host string, priv *ecdsa.PrivateKey) ([]byte, error) {
+func NewTLSCertificate(host string, priv *rsa.PrivateKey) ([]byte, error) {
 	notBefore := time.Now()
 	notAfter := notBefore.Add(2 * 365 * 24 * time.Hour)
 
@@ -55,7 +55,7 @@ func NewTLSCertificate(host string, priv *ecdsa.PrivateKey) ([]byte, error) {
 		},
 		NotBefore:          notBefore,
 		NotAfter:           notAfter,
-		SignatureAlgorithm: x509.ECDSAWithSHA256,
+		SignatureAlgorithm: x509.SHA256WithRSA,
 
 		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},