From c2bbf275b2be79bcfccde4475331742e984c8e3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 10 Sep 2002 07:36:52 +0000 Subject: [PATCH] 1. switch from "-newkey ecdsa:..." to "-newkey ec:..." 2. automatically create required sub-directories Submitted by: Vipul Gupta --- demos/ssltest-ecc/ECC-RSAcertgen.sh | 9 +++++++-- demos/ssltest-ecc/ECCcertgen.sh | 27 +++++++++------------------ demos/ssltest-ecc/RSAcertgen.sh | 6 ++++++ 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/demos/ssltest-ecc/ECC-RSAcertgen.sh b/demos/ssltest-ecc/ECC-RSAcertgen.sh index ce182e313..b31a4f1ee 100755 --- a/demos/ssltest-ecc/ECC-RSAcertgen.sh +++ b/demos/ssltest-ecc/ECC-RSAcertgen.sh @@ -19,6 +19,8 @@ COMBO_DIR=$CERTS_DIR CAT=/bin/cat # rm command RM=/bin/rm +# mkdir command +MKDIR=/bin/mkdir # The certificate will expire these many days after the issue date. DAYS=1500 TEST_CA_FILE=rsa1024TestCA @@ -38,6 +40,9 @@ TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Micr # 4. [Optional] One can combine the cert and private key into a single # file and also delete the certificate request +$MKDIR -p $CERTS_DIR +$MKDIR -p $KEYS_DIR +$MKDIR -p $COMBO_DIR echo "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)" echo "==============================================================" @@ -45,7 +50,7 @@ $OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ - -newkey ecdsa:$TEST_SERVER_CURVE.pem -new \ + -newkey ec:$TEST_SERVER_CURVE.pem -new \ -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem $OPENSSL_CMD x509 -req -days $DAYS \ @@ -71,7 +76,7 @@ $OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ - -newkey ecdsa:$TEST_CLIENT_CURVE.pem -new \ + -newkey ec:$TEST_CLIENT_CURVE.pem -new \ -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem $OPENSSL_CMD x509 -req -days $DAYS \ diff --git a/demos/ssltest-ecc/ECCcertgen.sh b/demos/ssltest-ecc/ECCcertgen.sh index b99a9b938..a47b8bb0b 100755 --- a/demos/ssltest-ecc/ECCcertgen.sh +++ b/demos/ssltest-ecc/ECCcertgen.sh @@ -19,6 +19,8 @@ COMBO_DIR=$CERTS_DIR CAT=/bin/cat # rm command RM=/bin/rm +# mkdir command +MKDIR=/bin/mkdir # The certificate will expire these many days after the issue date. DAYS=1500 TEST_CA_CURVE=secp160r1 @@ -40,6 +42,10 @@ TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Micr # 4. [Optional] One can combine the cert and private key into a single # file and also delete the certificate request +$MKDIR -p $CERTS_DIR +$MKDIR -p $KEYS_DIR +$MKDIR -p $COMBO_DIR + echo "Generating self-signed CA certificate (on curve $TEST_CA_CURVE)" echo "===============================================================" $OPENSSL_CMD ecparam -name $TEST_CA_CURVE -out $TEST_CA_CURVE.pem @@ -51,7 +57,7 @@ $OPENSSL_CMD ecparam -name $TEST_CA_CURVE -out $TEST_CA_CURVE.pem # stored in the clear (rather than encrypted with a password). $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \ -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \ - -newkey ecdsa:$TEST_CA_CURVE.pem -new \ + -newkey ec:$TEST_CA_CURVE.pem -new \ -out $CERTS_DIR/$TEST_CA_FILE.req.pem # Sign the certificate request in $TEST_CA_FILE.req.pem using the @@ -89,7 +95,7 @@ $OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem # stored in the clear (rather than encrypted with a password). $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \ -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \ - -newkey ecdsa:$TEST_SERVER_CURVE.pem -new \ + -newkey ec:$TEST_SERVER_CURVE.pem -new \ -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem # Sign the certificate request in $TEST_SERVER_FILE.req.pem using the @@ -128,7 +134,7 @@ $OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem # stored in the clear (rather than encrypted with a password). $OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \ -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \ - -newkey ecdsa:$TEST_CLIENT_CURVE.pem -new \ + -newkey ec:$TEST_CLIENT_CURVE.pem -new \ -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem # Sign the certificate request in $TEST_CLIENT_FILE.req.pem using the @@ -154,20 +160,5 @@ $CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem # Remove the cert request file (no longer needed) $RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem -############################################################################ -#OLD STUFF (ignore this) -# -#These are the commands I used, but you may wish to add -named_curve to the first command per our discussion about parameter encoding in certificates. -# -#apps/openssl ecdsaparam -out nist192.param.pem -NIST_192 -# -#apps/openssl ecdsaparam -out nistB163.param.pem -named_curve -NIST_B163 -# the nodes option causes output key to be stored unencrypted -#apps/openssl req -nodes -keyout nistB163.priv.pem -newkey ecdsa:nistB163.param.pem -new -out nistB163.req.pem -#apps/openssl x509 -req -in nistB163.req.pem -extfile apps/cert.cnf -extensions v3_ca -signkey nistB163.priv.pem -out nistB163.cert.pem -# -#crypto/x509/x509_ext.c has X509_EXTENSION *X509_get_ext(X509 *x, int loc) -#crypto/asn1/t_x509.c has code to print certificates -#crypto/x509v3/v3_prn.c has code to print extensions X509V3_extensions_print diff --git a/demos/ssltest-ecc/RSAcertgen.sh b/demos/ssltest-ecc/RSAcertgen.sh index ea7984bae..0cb015359 100755 --- a/demos/ssltest-ecc/RSAcertgen.sh +++ b/demos/ssltest-ecc/RSAcertgen.sh @@ -19,6 +19,8 @@ COMBO_DIR=$CERTS_DIR CAT=/bin/cat # rm command RM=/bin/rm +# mkdir command +MKDIR=/bin/mkdir # The certificate will expire these many days after the issue date. DAYS=1500 TEST_CA_FILE=rsa1024TestCA @@ -37,6 +39,10 @@ TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Micr # 4. [Optional] One can combine the cert and private key into a single # file and also delete the certificate request +$MKDIR -p $CERTS_DIR +$MKDIR -p $KEYS_DIR +$MKDIR -p $COMBO_DIR + echo "Generating self-signed CA certificate (RSA)" echo "==========================================="