aboutsummaryrefslogtreecommitdiff
path: root/openssl/demos/ssltest-ecc/ECCcertgen.sh
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2009-06-28 22:07:26 +0000
committermarha <marha@users.sourceforge.net>2009-06-28 22:07:26 +0000
commit3562e78743202e43aec8727005182a2558117eca (patch)
tree8f9113a77d12470c5c851a2a8e4cb02e89df7d43 /openssl/demos/ssltest-ecc/ECCcertgen.sh
downloadvcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.gz
vcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.bz2
vcxsrv-3562e78743202e43aec8727005182a2558117eca.zip
Checked in the following released items:
xkeyboard-config-1.4.tar.gz ttf-bitstream-vera-1.10.tar.gz font-alias-1.0.1.tar.gz font-sun-misc-1.0.0.tar.gz font-sun-misc-1.0.0.tar.gz font-sony-misc-1.0.0.tar.gz font-schumacher-misc-1.0.0.tar.gz font-mutt-misc-1.0.0.tar.gz font-misc-misc-1.0.0.tar.gz font-misc-meltho-1.0.0.tar.gz font-micro-misc-1.0.0.tar.gz font-jis-misc-1.0.0.tar.gz font-isas-misc-1.0.0.tar.gz font-dec-misc-1.0.0.tar.gz font-daewoo-misc-1.0.0.tar.gz font-cursor-misc-1.0.0.tar.gz font-arabic-misc-1.0.0.tar.gz font-winitzki-cyrillic-1.0.0.tar.gz font-misc-cyrillic-1.0.0.tar.gz font-cronyx-cyrillic-1.0.0.tar.gz font-screen-cyrillic-1.0.1.tar.gz font-xfree86-type1-1.0.1.tar.gz font-adobe-utopia-type1-1.0.1.tar.gz font-ibm-type1-1.0.0.tar.gz font-bitstream-type1-1.0.0.tar.gz font-bitstream-speedo-1.0.0.tar.gz font-bh-ttf-1.0.0.tar.gz font-bh-type1-1.0.0.tar.gz font-bitstream-100dpi-1.0.0.tar.gz font-bh-lucidatypewriter-100dpi-1.0.0.tar.gz font-bh-100dpi-1.0.0.tar.gz font-adobe-utopia-100dpi-1.0.1.tar.gz font-adobe-100dpi-1.0.0.tar.gz font-util-1.0.1.tar.gz font-bitstream-75dpi-1.0.0.tar.gz font-bh-lucidatypewriter-75dpi-1.0.0.tar.gz font-adobe-utopia-75dpi-1.0.1.tar.gz font-bh-75dpi-1.0.0.tar.gz bdftopcf-1.0.1.tar.gz font-adobe-75dpi-1.0.0.tar.gz mkfontscale-1.0.6.tar.gz openssl-0.9.8k.tar.gz bigreqsproto-1.0.2.tar.gz xtrans-1.2.2.tar.gz resourceproto-1.0.2.tar.gz inputproto-1.4.4.tar.gz compositeproto-0.4.tar.gz damageproto-1.1.0.tar.gz zlib-1.2.3.tar.gz xkbcomp-1.0.5.tar.gz freetype-2.3.9.tar.gz pthreads-w32-2-8-0-release.tar.gz pixman-0.12.0.tar.gz kbproto-1.0.3.tar.gz evieext-1.0.2.tar.gz fixesproto-4.0.tar.gz recordproto-1.13.2.tar.gz randrproto-1.2.2.tar.gz scrnsaverproto-1.1.0.tar.gz renderproto-0.9.3.tar.gz xcmiscproto-1.1.2.tar.gz fontsproto-2.0.2.tar.gz xextproto-7.0.3.tar.gz xproto-7.0.14.tar.gz libXdmcp-1.0.2.tar.gz libxkbfile-1.0.5.tar.gz libfontenc-1.0.4.tar.gz libXfont-1.3.4.tar.gz libX11-1.1.5.tar.gz libXau-1.0.4.tar.gz libxcb-1.1.tar.gz xorg-server-1.5.3.tar.gz
Diffstat (limited to 'openssl/demos/ssltest-ecc/ECCcertgen.sh')
-rw-r--r--openssl/demos/ssltest-ecc/ECCcertgen.sh164
1 files changed, 164 insertions, 0 deletions
diff --git a/openssl/demos/ssltest-ecc/ECCcertgen.sh b/openssl/demos/ssltest-ecc/ECCcertgen.sh
new file mode 100644
index 000000000..a47b8bb0b
--- /dev/null
+++ b/openssl/demos/ssltest-ecc/ECCcertgen.sh
@@ -0,0 +1,164 @@
+#!/bin/sh
+
+# For a list of supported curves, use "apps/openssl ecparam -list_curves".
+
+# Path to the openssl distribution
+OPENSSL_DIR=../..
+# Path to the openssl program
+OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
+# Option to find configuration file
+OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
+# Directory where certificates are stored
+CERTS_DIR=./Certs
+# Directory where private key files are stored
+KEYS_DIR=$CERTS_DIR
+# Directory where combo files (containing a certificate and corresponding
+# private key together) are stored
+COMBO_DIR=$CERTS_DIR
+# cat command
+CAT=/bin/cat
+# rm command
+RM=/bin/rm
+# mkdir command
+MKDIR=/bin/mkdir
+# The certificate will expire these many days after the issue date.
+DAYS=1500
+TEST_CA_CURVE=secp160r1
+TEST_CA_FILE=secp160r1TestCA
+TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (Elliptic curve secp160r1)"
+
+TEST_SERVER_CURVE=secp160r2
+TEST_SERVER_FILE=secp160r2TestServer
+TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (Elliptic curve secp160r2)"
+
+TEST_CLIENT_CURVE=secp160r2
+TEST_CLIENT_FILE=secp160r2TestClient
+TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (Elliptic curve secp160r2)"
+
+# Generating an EC certificate involves the following main steps
+# 1. Generating curve parameters (if needed)
+# 2. Generating a certificate request
+# 3. Signing the certificate request
+# 4. [Optional] One can combine the cert and private key into a single
+# file and also delete the certificate request
+
+$MKDIR -p $CERTS_DIR
+$MKDIR -p $KEYS_DIR
+$MKDIR -p $COMBO_DIR
+
+echo "Generating self-signed CA certificate (on curve $TEST_CA_CURVE)"
+echo "==============================================================="
+$OPENSSL_CMD ecparam -name $TEST_CA_CURVE -out $TEST_CA_CURVE.pem
+
+# Generate a new certificate request in $TEST_CA_FILE.req.pem. A
+# new ecdsa (actually ECC) key pair is generated on the parameters in
+# $TEST_CA_CURVE.pem and the private key is saved in $TEST_CA_FILE.key.pem
+# WARNING: By using the -nodes option, we force the private key to be
+# stored in the clear (rather than encrypted with a password).
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
+ -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
+ -newkey ec:$TEST_CA_CURVE.pem -new \
+ -out $CERTS_DIR/$TEST_CA_FILE.req.pem
+
+# Sign the certificate request in $TEST_CA_FILE.req.pem using the
+# private key in $TEST_CA_FILE.key.pem and include the CA extension.
+# Make the certificate valid for 1500 days from the time of signing.
+# The certificate is written into $TEST_CA_FILE.cert.pem
+$OPENSSL_CMD x509 -req -days $DAYS \
+ -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
+ -extfile $OPENSSL_DIR/apps/openssl.cnf \
+ -extensions v3_ca \
+ -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+ -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
+
+# Display the certificate
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
+ > $COMBO_DIR/$TEST_CA_FILE.pem
+$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
+
+echo "GENERATING A TEST SERVER CERTIFICATE (on elliptic curve $TEST_SERVER_CURVE)"
+echo "=========================================================================="
+# Generate parameters for curve $TEST_SERVER_CURVE, if needed
+$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
+
+# Generate a new certificate request in $TEST_SERVER_FILE.req.pem. A
+# new ecdsa (actually ECC) key pair is generated on the parameters in
+# $TEST_SERVER_CURVE.pem and the private key is saved in
+# $TEST_SERVER_FILE.key.pem
+# WARNING: By using the -nodes option, we force the private key to be
+# stored in the clear (rather than encrypted with a password).
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
+ -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
+ -newkey ec:$TEST_SERVER_CURVE.pem -new \
+ -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+
+# Sign the certificate request in $TEST_SERVER_FILE.req.pem using the
+# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
+# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
+# file for this CA, create one. Make the certificate valid for $DAYS days
+# from the time of signing. The certificate is written into
+# $TEST_SERVER_FILE.cert.pem
+$OPENSSL_CMD x509 -req -days $DAYS \
+ -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
+ -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+ -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+ -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
+
+# Display the certificate
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
+ > $COMBO_DIR/$TEST_SERVER_FILE.pem
+$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+
+echo "GENERATING A TEST CLIENT CERTIFICATE (on elliptic curve $TEST_CLIENT_CURVE)"
+echo "=========================================================================="
+# Generate parameters for curve $TEST_CLIENT_CURVE, if needed
+$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
+
+# Generate a new certificate request in $TEST_CLIENT_FILE.req.pem. A
+# new ecdsa (actually ECC) key pair is generated on the parameters in
+# $TEST_CLIENT_CURVE.pem and the private key is saved in
+# $TEST_CLIENT_FILE.key.pem
+# WARNING: By using the -nodes option, we force the private key to be
+# stored in the clear (rather than encrypted with a password).
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
+ -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
+ -newkey ec:$TEST_CLIENT_CURVE.pem -new \
+ -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
+
+# Sign the certificate request in $TEST_CLIENT_FILE.req.pem using the
+# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
+# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
+# file for this CA, create one. Make the certificate valid for $DAYS days
+# from the time of signing. The certificate is written into
+# $TEST_CLIENT_FILE.cert.pem
+$OPENSSL_CMD x509 -req -days $DAYS \
+ -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
+ -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+ -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+ -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
+
+# Display the certificate
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
+ > $COMBO_DIR/$TEST_CLIENT_FILE.pem
+$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
+
+
+