# This set of commands creates an RSA public/private key pair, # self-signs it, then puts it all in a pkcs12 container with # the password "blueberry" # # We use these files in the test_ccnx_FileKeystore tests. openssl genrsa -out test_rsa_key.pem openssl rsa -pubout -in test_rsa_key.pem -out test_rsa_pub.pem openssl req -new -key test_rsa_key.pem -out test_rsa.csr openssl x509 -req -days 365 -in test_rsa.csr -signkey test_rsa_key.pem -out test_rsa.crt openssl pkcs12 -export -in test_rsa.crt -inkey test_rsa_key.pem -out test_rsa.p12 -name ccnxuser -CAfile test_rsa.crt -caname root -chain -passout pass:blueberry # saves the public key in DER form so we can calculate the sha256 of it openssl rsa -in test_rsa_key.pem -outform DER -pubout -out test_rsa_pub.der # save the private key in DER form so we can compare in code openssl rsa -in test_rsa_key.pem -outform DER -out test_rsa_key.der # computes the sha256 and saves it in binary form openssl sha256 -out test_rsa_pub_sha256.bin -sha256 -binary < test_rsa_pub.der # Save the certificate in DER form, then get the SHA256 hash of it # These are similar to doing "openssl x509 -in test_rsa.crt -fingerprint -sha256" openssl x509 -outform DER -out test_rsa_crt.der -in test_rsa.crt openssl sha256 -out test_rsa_crt_sha256.bin -sha256 -binary < test_rsa_crt.der # To verify signing, we create a random buffer, then sign with a SHA256 digest dd if=/dev/urandom of=test_random_bytes bs=512 count=1 openssl sha -sha256 -sign test_rsa_key.pem -out test_random_bytes.sig < test_random_bytes # the "-in test_rsa_pub_sha256.bin" is the binary digest we will sign. openssl rsautl -sign -inkey test_rsa_key.pem -in test_rsa_pub_sha256.bin -out test_rsa_pub_sha256.bin.sig #EC openssl ecparam -name secp256k1 -genkey -noout -out test_ec_key.pem openssl ec -pubout -in test_ec_key.pem -out test_ec_pub.pem openssl req -new -key test_ec_key.pem -out test_ec.csr openssl x509 -req -days 365 -in test_ec.csr -signkey test_ec_key.pem -out test_ec.crt openssl pkcs12 -export -in test_ec.crt -inkey test_ec_key.pem -out test_ec.p12 -name ccnxuser -CAfile test_ec.crt -caname root -chain -passout pass:blueberry # saves the public key in DER form so we can calculate the sha256 of it openssl ec -in test_ec_key.pem -outform DER -pubout -out test_ec_pub.der # save the private key in DER form so we can compare in code openssl ec -in test_ec_key.pem -outform DER -out test_ec_key.der # computes the sha256 and saves it in binary form openssl sha256 -out test_ec_pub_sha256.bin -sha256 -binary < test_ec_pub.der # Save the certificate in DER form, then get the SHA256 hash of it # These are similar to doing "openssl x509 -in test_rsa.crt -fingerprint -sha256" openssl x509 -outform DER -out test_ec_crt.der -in test_ec.crt openssl sha256 -out test_ec_crt_sha256.bin -sha256 -binary < test_ec_crt.der # To verify signing, we create a random buffer, then sign with a SHA256 digest openssl sha -sha256 -sign test_ec_key.pem -out test_random_bytes.sig_ec < test_random_bytes # the "-in test_rsa_pub_sha256.bin" is the binary digest we will sign. openssl rsautl -sign -inkey test_ec_key.pem -in test_ec_pub_sha256.bin -out test_ec_pub_sha256.bin.sig