#!/bin/bash

openssl req -x509 -newkey ED25519 -sha256 -days 999 -noenc \
  -keyout backdoor.key -out backdoor.crt -subj "/CN=${1:-$LOGNAME}"

# Create a form of the private key that can be used by a web browser or similar
openssl pkcs12 -export -out backdoor.pfx -inkey backdoor.key -in backdoor.crt -passout pass: