use regex to parse type argument.

now we can make standard compliant certs of any size.

issue-root.sh

@@ -1,31 +1,44 @@
 #!/bin/sh
 
-RSA_OPTS="-newkey rsa:2048 -sha256"
 ECDSA_OPTS="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -sha384"
 
  
-while getopts ":ht:n:d:s:" opt; do
+while getopts ":ht:d:n:s:" opt; do
   case $opt in
     h)
       echo "Usage:  -t rsa|ec -n <name> -d <days>"
       exit 0
       ;;
     t)
-      if [ "$OPTARG" = "rsa" ]; then
+      if [[ $OPTARG =~ ^rsa:([0-9]+) ]]; then
-        NEWKEY_OPT=$RSA_OPTS
+        NEWKEY_OPT="-newkey rsa:${BASH_REMATCH[1]} -sha256"
-      elif [ "$OPTARG" = "ec" ]; then
+      elif [[ $OPTARG =~ ^ec:([0-9]+) ]]; then
-        NEWKEY_OPT=$ECDSA_OPTS
+        BITS=${BASH_REMATCH[1]}
+        if [[ $BITS -eq 256 ]]; then
+          CURVE=prime256v1
+          SHA=sha256
+        elif [[ $BITS -eq 384 ]]; then
+          CURVE=secp384r1
+          SHA=sha384
+        elif [[ $BITS -eq 512 ]]; then
+          CURVE=secp521r1
+          SHA=sha512
+        else
+          echo "Invalid ec bits: ec:$BITS" >&2
+          exit 1
+        fi
+        NEWKEY_OPT="-newkey ec -pkeyopt ec_paramgen_curve:${CURVE} -${SHA}"
       else 
         echo "Invalid option: -t $OPTARG" >&2
         exit 1
       fi
       ;;
-    n)
-      NAME_OPT=(-keyout "$OPTARG".key -out "$OPTARG".crt)
-      ;;
     d)
       DAYS_OPT="-days $OPTARG"
       ;;
+    n)
+      NAME_OPT=(-keyout "$OPTARG".key -out "$OPTARG".crt)
+      ;;
     s)
       SUBJECT_OPT=(-subj "/C=CN/CN=Root CA/O=$OPTARG")
       ;;