diff options
author | Devel <acompagn+fdio@cisco.com> | 2018-04-12 18:07:08 +0200 |
---|---|---|
committer | Devel <acompagn+fdio@cisco.com> | 2018-04-12 18:07:08 +0200 |
commit | 75a923f0ee362a039b51a141a719ce50597ca233 (patch) | |
tree | df1b4e1d70db7fada07861dab3eb42c12edb70cb /libparc/parc/security/test/README.keystore | |
parent | abf52b860efb2cc0a247ab498cc962851e72c1ee (diff) |
Added signature calculation and verification for ECDSA
Change-Id: I946e146b9a6ae33ee294a09417e8366853faa502
Signed-off-by: Devel <acompagn+fdio@cisco.com>
Diffstat (limited to 'libparc/parc/security/test/README.keystore')
-rw-r--r-- | libparc/parc/security/test/README.keystore | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/libparc/parc/security/test/README.keystore b/libparc/parc/security/test/README.keystore index 70227d33..0c9c3a58 100644 --- a/libparc/parc/security/test/README.keystore +++ b/libparc/parc/security/test/README.keystore @@ -33,3 +33,31 @@ openssl sha -sha256 -sign test_rsa_key.pem -out test_random_bytes.sig < test_ran # the "-in test_rsa_pub_sha256.bin" is the binary digest we will sign. openssl rsautl -sign -inkey test_rsa_key.pem -in test_rsa_pub_sha256.bin -out test_rsa_pub_sha256.bin.sig + +#EC +openssl ecparam -name secp256k1 -genkey -noout -out test_ec_key.pem +openssl ec -pubout -in test_ec_key.pem -out test_ec_pub.pem +openssl req -new -key test_ec_key.pem -out test_ec.csr +openssl x509 -req -days 365 -in test_ec.csr -signkey test_ec_key.pem -out test_ec.crt +openssl pkcs12 -export -in test_ec.crt -inkey test_ec_key.pem -out test_ec.p12 -name ccnxuser -CAfile test_ec.crt -caname root -chain -passout pass:blueberry + +# saves the public key in DER form so we can calculate the sha256 of it +openssl ec -in test_ec_key.pem -outform DER -pubout -out test_ec_pub.der + +# save the private key in DER form so we can compare in code +openssl ec -in test_ec_key.pem -outform DER -out test_ec_key.der + +# computes the sha256 and saves it in binary form +openssl sha256 -out test_ec_pub_sha256.bin -sha256 -binary < test_ec_pub.der + +# Save the certificate in DER form, then get the SHA256 hash of it +# These are similar to doing "openssl x509 -in test_rsa.crt -fingerprint -sha256" +openssl x509 -outform DER -out test_ec_crt.der -in test_ec.crt +openssl sha256 -out test_ec_crt_sha256.bin -sha256 -binary < test_ec_crt.der + +# To verify signing, we create a random buffer, then sign with a SHA256 digest + +openssl sha -sha256 -sign test_ec_key.pem -out test_random_bytes.sig_ec < test_random_bytes + +# the "-in test_rsa_pub_sha256.bin" is the binary digest we will sign. +openssl rsautl -sign -inkey test_ec_key.pem -in test_ec_pub_sha256.bin -out test_ec_pub_sha256.bin.sig
\ No newline at end of file |