aboutsummaryrefslogtreecommitdiffstats
path: root/libparc/parc/security/test/README.keystore
diff options
context:
space:
mode:
authorMauro Sardara <msardara+fdio@cisco.com>2018-12-18 11:05:49 +0000
committerGerrit Code Review <gerrit@fd.io>2018-12-18 11:05:49 +0000
commitcada1143501a48effc483e3873596c22849926b5 (patch)
tree93a1da95d69b69328a1e7d3621447797f65137c9 /libparc/parc/security/test/README.keystore
parent726949d76a7207694d5a1eee84ef134a8e539115 (diff)
parenta45edf23c2463ac9a4723a24792a6c5c89b1e021 (diff)
Merge "Adding gitreview config file for this branch sub project"
Diffstat (limited to 'libparc/parc/security/test/README.keystore')
-rw-r--r--libparc/parc/security/test/README.keystore63
1 files changed, 63 insertions, 0 deletions
diff --git a/libparc/parc/security/test/README.keystore b/libparc/parc/security/test/README.keystore
new file mode 100644
index 00000000..0c9c3a58
--- /dev/null
+++ b/libparc/parc/security/test/README.keystore
@@ -0,0 +1,63 @@
+
+# This set of commands creates an RSA public/private key pair,
+# self-signs it, then puts it all in a pkcs12 container with
+# the password "blueberry"
+#
+# We use these files in the test_ccnx_FileKeystore tests.
+
+openssl genrsa -out test_rsa_key.pem
+openssl rsa -pubout -in test_rsa_key.pem -out test_rsa_pub.pem
+openssl req -new -key test_rsa_key.pem -out test_rsa.csr
+openssl x509 -req -days 365 -in test_rsa.csr -signkey test_rsa_key.pem -out test_rsa.crt
+openssl pkcs12 -export -in test_rsa.crt -inkey test_rsa_key.pem -out test_rsa.p12 -name ccnxuser -CAfile test_rsa.crt -caname root -chain -passout pass:blueberry
+
+# saves the public key in DER form so we can calculate the sha256 of it
+openssl rsa -in test_rsa_key.pem -outform DER -pubout -out test_rsa_pub.der
+
+# save the private key in DER form so we can compare in code
+openssl rsa -in test_rsa_key.pem -outform DER -out test_rsa_key.der
+
+# computes the sha256 and saves it in binary form
+openssl sha256 -out test_rsa_pub_sha256.bin -sha256 -binary < test_rsa_pub.der
+
+# Save the certificate in DER form, then get the SHA256 hash of it
+# These are similar to doing "openssl x509 -in test_rsa.crt -fingerprint -sha256"
+openssl x509 -outform DER -out test_rsa_crt.der -in test_rsa.crt
+openssl sha256 -out test_rsa_crt_sha256.bin -sha256 -binary < test_rsa_crt.der
+
+# To verify signing, we create a random buffer, then sign with a SHA256 digest
+
+dd if=/dev/urandom of=test_random_bytes bs=512 count=1
+openssl sha -sha256 -sign test_rsa_key.pem -out test_random_bytes.sig < test_random_bytes
+
+# the "-in test_rsa_pub_sha256.bin" is the binary digest we will sign.
+openssl rsautl -sign -inkey test_rsa_key.pem -in test_rsa_pub_sha256.bin -out test_rsa_pub_sha256.bin.sig
+
+
+#EC
+openssl ecparam -name secp256k1 -genkey -noout -out test_ec_key.pem
+openssl ec -pubout -in test_ec_key.pem -out test_ec_pub.pem
+openssl req -new -key test_ec_key.pem -out test_ec.csr
+openssl x509 -req -days 365 -in test_ec.csr -signkey test_ec_key.pem -out test_ec.crt
+openssl pkcs12 -export -in test_ec.crt -inkey test_ec_key.pem -out test_ec.p12 -name ccnxuser -CAfile test_ec.crt -caname root -chain -passout pass:blueberry
+
+# saves the public key in DER form so we can calculate the sha256 of it
+openssl ec -in test_ec_key.pem -outform DER -pubout -out test_ec_pub.der
+
+# save the private key in DER form so we can compare in code
+openssl ec -in test_ec_key.pem -outform DER -out test_ec_key.der
+
+# computes the sha256 and saves it in binary form
+openssl sha256 -out test_ec_pub_sha256.bin -sha256 -binary < test_ec_pub.der
+
+# Save the certificate in DER form, then get the SHA256 hash of it
+# These are similar to doing "openssl x509 -in test_rsa.crt -fingerprint -sha256"
+openssl x509 -outform DER -out test_ec_crt.der -in test_ec.crt
+openssl sha256 -out test_ec_crt_sha256.bin -sha256 -binary < test_ec_crt.der
+
+# To verify signing, we create a random buffer, then sign with a SHA256 digest
+
+openssl sha -sha256 -sign test_ec_key.pem -out test_random_bytes.sig_ec < test_random_bytes
+
+# the "-in test_rsa_pub_sha256.bin" is the binary digest we will sign.
+openssl rsautl -sign -inkey test_ec_key.pem -in test_ec_pub_sha256.bin -out test_ec_pub_sha256.bin.sig \ No newline at end of file