89 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			89 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/bin/sh
 | |
| 
 | |
| # This shell script documents the process that was used to generate our fake
 | |
| # P-Ras PKI. It should not need to be run again under normal circumstances.
 | |
| 
 | |
| set -e
 | |
| 
 | |
| D=`dirname $0`
 | |
| DAYS=36524
 | |
| 
 | |
| pushd "$D"
 | |
| mkdir -p pki
 | |
| 
 | |
| # Generate CA
 | |
| 
 | |
| openssl genpkey \
 | |
|         -algorithm RSA \
 | |
|         -out pki/ca.key \
 | |
|         -pkeyopt rsa_keygen_bits:2048 \
 | |
| 
 | |
| openssl req \
 | |
|         -new \
 | |
|         -key pki/ca.key \
 | |
|         -extensions v3_ca \
 | |
|         -batch \
 | |
|         -out /tmp/ca.csr \
 | |
|         -utf8 \
 | |
|         -subj "/CN=DummyCA/O=DummyPKI" \
 | |
| 
 | |
| openssl req \
 | |
|         -x509 \
 | |
|         -sha256 \
 | |
|         -key pki/ca.key \
 | |
|         -in /tmp/ca.csr \
 | |
|         -out pki/ca.pem \
 | |
|         -days $DAYS \
 | |
| 
 | |
| # Convert PEM cert to DER form for emulated keychip.
 | |
| # DER must fit in 1024 bytes so it must be small.
 | |
| 
 | |
| openssl x509 \
 | |
|         -in pki/ca.pem \
 | |
|         -out pki/ca.crt \
 | |
|         -outform der \
 | |
| 
 | |
| # Generate server key
 | |
| 
 | |
| openssl genpkey \
 | |
|         -algorithm RSA \
 | |
|         -out pki/server.key \
 | |
|         -pkeyopt rsa_keygen_bits:2048 \
 | |
| 
 | |
| openssl req \
 | |
|         -new \
 | |
|         -key pki/server.key \
 | |
|         -extensions v3_ca \
 | |
|         -batch \
 | |
|         -out /tmp/server.csr \
 | |
|         -utf8 \
 | |
|         -subj "/CN=ib.naominet.jp" \
 | |
| 
 | |
| openssl x509 \
 | |
|         -req \
 | |
|         -sha256 \
 | |
|         -days $DAYS \
 | |
|         -in /tmp/server.csr \
 | |
|         -CAkey pki/ca.key \
 | |
|         -CA pki/ca.pem \
 | |
|         -set_serial 0 \
 | |
|         -out pki/server.pem \
 | |
| 
 | |
| # Generate billing key pair
 | |
| 
 | |
| openssl genpkey \
 | |
|         -algorithm RSA \
 | |
|         -out pki/billing.key \
 | |
|         -pkeyopt rsa_keygen_bits:1024 \
 | |
| 
 | |
| openssl rsa \
 | |
|         -pubout \
 | |
|         -outform der \
 | |
|         -in pki/billing.key \
 | |
|         -out pki/billing.pub \
 | |
| 
 | |
| # Clean up
 | |
| 
 | |
| rm -f /tmp/ca.csr
 | |
| rm -f /tmp/server.csr
 |