Increase diffie-hellman key length, except on BBB

This is a tradeoff between security and the amount of time which a user might be willing to wait for the installation to complete. If each key takes multiple hours to compute then the user may just abandon the install

src/freedombone

 
 ZERONET_REPO='https://github.com/HelloZeroNet/ZeroNet.git'
 
+# Default diffie-hellman key length in bits
+DH_KEYLENGTH=3072
+
 function show_help {
   echo ''
   echo 'freedombone -c [configuration file]'
   fi
 
   if [ -f $CONFIGURATION_FILE ]; then
+      if grep -q "DH_KEYLENGTH" $CONFIGURATION_FILE; then
+          DH_KEYLENGTH=$(grep "DH_KEYLENGTH" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
+      fi
       if grep -q "WIFI_INTERFACE" $CONFIGURATION_FILE; then
           WIFI_INTERFACE=$(grep "WIFI_INTERFACE" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
       fi
 
   apt-get -y install python python-msgpack python-gevent python-pip
   pip install msgpack-python --upgrade
-  
+
   adduser --home /opt/zeronet/ --shell /bin/false --no-create-home --ingroup daemon --disabled-password --disabled-login zeronet
   git clone $ZERONET_REPO /opt/zeronet
   sudo chown -R zeronet:zeronet /opt/zeronet
   echo '' >> /etc/systemd/system/zeronet.service
   echo '[Install]' >> /etc/systemd/system/zeronet.service
   echo 'WantedBy=multi-user.target' >> /etc/systemd/system/zeronet.service
-  
+
   systemctl enable zeronet.service
   systemctl start zeronet.service
-  
+
   echo 'mesh_zeronet' >> $COMPLETION_FILE
 }
 
   echo 'RemainAfterExit=yes' >> /etc/systemd/system/babel.service
   echo '' >> /etc/systemd/system/babel.service
   echo '# Allow time for the server to start/stop' >> /etc/systemd/system/babel.service
-  echo 'TimeoutSec=300' >> /etc/systemd/system/babel.service  
+  echo 'TimeoutSec=300' >> /etc/systemd/system/babel.service
   echo '' >> /etc/systemd/system/babel.service
   echo '[Install]' >> /etc/systemd/system/babel.service
   echo 'WantedBy=multi-user.target' >> /etc/systemd/system/babel.service
   echo 'RemainAfterExit=yes' >> /etc/systemd/system/batman.service
   echo '' >> /etc/systemd/system/batman.service
   echo '# Allow time for the server to start/stop' >> /etc/systemd/system/batman.service
-  echo 'TimeoutSec=300' >> /etc/systemd/system/batman.service  
+  echo 'TimeoutSec=300' >> /etc/systemd/system/batman.service
   echo '' >> /etc/systemd/system/batman.service
   echo '[Install]' >> /etc/systemd/system/batman.service
   echo 'WantedBy=multi-user.target' >> /etc/systemd/system/batman.service
 
   echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_SCRIPT_NAME
   echo '    echo "Creating backup key"' >> /usr/bin/$BACKUP_SCRIPT_NAME
-  echo '    freedombone-addcert -h backup' >> /usr/bin/$BACKUP_SCRIPT_NAME
+  echo "    freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_SCRIPT_NAME
   echo 'fi' >> /usr/bin/$BACKUP_SCRIPT_NAME
   echo '' >> /usr/bin/$BACKUP_SCRIPT_NAME
 
 
   echo "if [ ! -f $BACKUP_CERTIFICATE ]; then" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
   echo '    echo "Creating backup key"' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
-  echo '    freedombone-addcert -h backup' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
+  echo "    freedombone-addcert -h backup --dhkey $DH_KEYLENGTH" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
   echo 'fi' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
   echo '' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
 
 
   # make a tls certificate for email
   if [ ! -f /etc/ssl/certs/exim.dhparam ]; then
-      freedombone-addcert -h exim
+      freedombone-addcert -h exim --dhkey $DH_KEYLENGTH
       check_certificates exim
   fi
   cp /etc/ssl/private/exim.key /etc/exim4
   fi
 
   if [ ! -f /etc/ssl/certs/dovecot.dhparam ]; then
-      freedombone-addcert -h dovecot
+      freedombone-addcert -h dovecot --dhkey $DH_KEYLENGTH
       check_certificates dovecot
   fi
   chown root:dovecot /etc/ssl/certs/dovecot.*
   fi
   # make a CA cert
   if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
-      freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca ""
+      freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
   fi
   # CA configuration
   echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
   configure_php
 
   if [ ! -f /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam ]; then
-      freedombone-addcert -h $OWNCLOUD_DOMAIN_NAME
+      freedombone-addcert -h $OWNCLOUD_DOMAIN_NAME --dhkey $DH_KEYLENGTH
       check_certificates $OWNCLOUD_DOMAIN_NAME
   fi
 
   configure_php
 
   if [ ! -f /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam ]; then
-      freedombone-addcert -h $GIT_DOMAIN_NAME
+      freedombone-addcert -h $GIT_DOMAIN_NAME --dhkey $DH_KEYLENGTH
       check_certificates $GIT_DOMAIN_NAME
   fi
 
   fi
 
   if [ ! -f /etc/ssl/certs/xmpp.dhparam ]; then
-      freedombone-addcert -h xmpp
+      freedombone-addcert -h xmpp --dhkey $DH_KEYLENGTH
       check_certificates xmpp
   fi
   chown prosody:prosody /etc/ssl/private/xmpp.key
   fi
 
   if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
-      freedombone-addcert -h ngircd
+      freedombone-addcert -h ngircd --dhkey $DH_KEYLENGTH
       check_certificates ngircd
   fi
 
       rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
   fi
   if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then
-      freedombone-addcert -h $WIKI_DOMAIN_NAME
+      freedombone-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
       check_certificates $WIKI_DOMAIN_NAME
   fi
 
   chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
 
   if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then
-      freedombone-addcert -h $FULLBLOG_DOMAIN_NAME
+      freedombone-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
       check_certificates $FULLBLOG_DOMAIN_NAME
   fi
 
   configure_php
 
   if [ ! -f /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam ]; then
-      freedombone-addcert -h $MICROBLOG_DOMAIN_NAME
+      freedombone-addcert -h $MICROBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
       check_certificates $MICROBLOG_DOMAIN_NAME
   fi
 
   configure_php
 
   if [ ! -f /etc/ssl/certs/$REDMATRIX_DOMAIN_NAME.dhparam ]; then
-      freedombone-addcert -h $REDMATRIX_DOMAIN_NAME
+      freedombone-addcert -h $REDMATRIX_DOMAIN_NAME --dhkey $DH_KEYLENGTH
       check_certificates $REDMATRIX_DOMAIN_NAME
   fi
 
   echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
 
   if [ ! -f /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam ]; then
-      freedombone-addcert -h $MEDIAGOBLIN_DOMAIN_NAME
+      freedombone-addcert -h $MEDIAGOBLIN_DOMAIN_NAME --dhkey $DH_KEYLENGTH
       check_certificates $MEDIAGOBLIN_DOMAIN_NAME
   fi
 
 
   # Make an ssl cert for the server
   if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
-      freedombone-addcert -h mumble
+      freedombone-addcert -h mumble --dhkey $DH_KEYLENGTH
       check_certificates mumble
   fi
 

src/freedombone-config

 BATMAN_CELLID='02:BA:00:00:03:01'
 WIFI_CHANNEL=
 CONFIGURATION_FILE=
+DH_KEYLENGTH=
 
 function show_help {
   echo ''
   if [ $WIFI_CHANNEL ]; then
       echo "WIFI_CHANNEL=$WIFI_CHANNEL" >> $CONFIGURATION_FILE
   fi
+  if [ $DH_KEYLENGTH ]; then
+      echo "DH_KEYLENGTH=$DH_KEYLENGTH" >> $CONFIGURATION_FILE
+  fi
 }
 
 # test a domain name to see if it's valid
   esac
   if [[ $INSTALLING_ON_BBB == "yes" ]]; then
       USB_DRIVE=/dev/sda1
+	  # here a short diffie-hellman key length is used, because otherwise creation of keys
+	  # becomes impractically long on the beaglebone.
+	  DH_KEYLENGTH=1024
   fi
   save_configuration_file