diff options
Diffstat (limited to 'libparc/parc/security/test/README.keystore')
-rw-r--r-- | libparc/parc/security/test/README.keystore | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/libparc/parc/security/test/README.keystore b/libparc/parc/security/test/README.keystore new file mode 100644 index 00000000..70227d33 --- /dev/null +++ b/libparc/parc/security/test/README.keystore @@ -0,0 +1,35 @@ + +# This set of commands creates an RSA public/private key pair, +# self-signs it, then puts it all in a pkcs12 container with +# the password "blueberry" +# +# We use these files in the test_ccnx_FileKeystore tests. + +openssl genrsa -out test_rsa_key.pem +openssl rsa -pubout -in test_rsa_key.pem -out test_rsa_pub.pem +openssl req -new -key test_rsa_key.pem -out test_rsa.csr +openssl x509 -req -days 365 -in test_rsa.csr -signkey test_rsa_key.pem -out test_rsa.crt +openssl pkcs12 -export -in test_rsa.crt -inkey test_rsa_key.pem -out test_rsa.p12 -name ccnxuser -CAfile test_rsa.crt -caname root -chain -passout pass:blueberry + +# saves the public key in DER form so we can calculate the sha256 of it +openssl rsa -in test_rsa_key.pem -outform DER -pubout -out test_rsa_pub.der + +# save the private key in DER form so we can compare in code +openssl rsa -in test_rsa_key.pem -outform DER -out test_rsa_key.der + +# computes the sha256 and saves it in binary form +openssl sha256 -out test_rsa_pub_sha256.bin -sha256 -binary < test_rsa_pub.der + +# Save the certificate in DER form, then get the SHA256 hash of it +# These are similar to doing "openssl x509 -in test_rsa.crt -fingerprint -sha256" +openssl x509 -outform DER -out test_rsa_crt.der -in test_rsa.crt +openssl sha256 -out test_rsa_crt_sha256.bin -sha256 -binary < test_rsa_crt.der + +# To verify signing, we create a random buffer, then sign with a SHA256 digest + +dd if=/dev/urandom of=test_random_bytes bs=512 count=1 +openssl sha -sha256 -sign test_rsa_key.pem -out test_random_bytes.sig < test_random_bytes + +# the "-in test_rsa_pub_sha256.bin" is the binary digest we will sign. +openssl rsautl -sign -inkey test_rsa_key.pem -in test_rsa_pub_sha256.bin -out test_rsa_pub_sha256.bin.sig + |