summaryrefslogtreecommitdiffstats
path: root/libparc/parc/security/test/README.keystore
blob: 70227d33899836fd5b00d8bae38587c481e67058 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# This set of commands creates an RSA public/private key pair,
# self-signs it, then puts it all in a pkcs12 container with
# the password "blueberry"
#
# We use these files in the test_ccnx_FileKeystore tests.

openssl genrsa -out test_rsa_key.pem
openssl rsa -pubout -in test_rsa_key.pem -out test_rsa_pub.pem
openssl req -new -key test_rsa_key.pem  -out test_rsa.csr
openssl x509 -req -days 365 -in test_rsa.csr -signkey test_rsa_key.pem -out test_rsa.crt
openssl pkcs12 -export -in test_rsa.crt -inkey test_rsa_key.pem -out test_rsa.p12 -name ccnxuser -CAfile test_rsa.crt -caname root -chain -passout pass:blueberry

# saves the public key in DER form so we can calculate the sha256 of it
openssl rsa -in test_rsa_key.pem -outform DER -pubout -out test_rsa_pub.der

# save the private key in DER form so we can compare in code
openssl rsa -in test_rsa_key.pem -outform DER -out test_rsa_key.der

# computes the sha256 and saves it in binary form
openssl sha256 -out test_rsa_pub_sha256.bin -sha256 -binary < test_rsa_pub.der

# Save the certificate in DER form, then get the SHA256 hash of it
# These are similar to doing "openssl x509 -in test_rsa.crt -fingerprint -sha256"
openssl x509 -outform DER -out test_rsa_crt.der -in test_rsa.crt
openssl sha256 -out test_rsa_crt_sha256.bin -sha256 -binary < test_rsa_crt.der

# To verify signing, we create a random buffer, then sign with a SHA256 digest

dd if=/dev/urandom of=test_random_bytes bs=512 count=1
openssl sha -sha256 -sign test_rsa_key.pem -out test_random_bytes.sig < test_random_bytes

# the "-in test_rsa_pub_sha256.bin" is the binary digest we will sign.
openssl rsautl -sign -inkey test_rsa_key.pem -in test_rsa_pub_sha256.bin -out test_rsa_pub_sha256.bin.sig