From 0cb804d5ca54518fcf4fb1507f8b75a9cb70e831 Mon Sep 17 00:00:00 2001 From: Tau Date: Wed, 6 Nov 2019 21:02:49 -0500 Subject: [PATCH] Add reference PKI --- initpki | 88 ++++++++++++++++++++++++++++++++++++++++++++++++ pki/billing.key | 16 +++++++++ pki/billing.pub | Bin 0 -> 162 bytes pki/ca.crt | Bin 0 -> 817 bytes pki/ca.key | 28 +++++++++++++++ pki/ca.pem | 20 +++++++++++ pki/server.key | 28 +++++++++++++++ pki/server.pem | 17 ++++++++++ 8 files changed, 197 insertions(+) create mode 100755 initpki create mode 100644 pki/billing.key create mode 100644 pki/billing.pub create mode 100644 pki/ca.crt create mode 100644 pki/ca.key create mode 100644 pki/ca.pem create mode 100644 pki/server.key create mode 100644 pki/server.pem diff --git a/initpki b/initpki new file mode 100755 index 0000000..53848aa --- /dev/null +++ b/initpki @@ -0,0 +1,88 @@ +#!/bin/sh + +# This shell script documents the process that was used to generate our fake +# P-Ras PKI. It should not need to be run again under normal circumstances. + +set -e + +D=`dirname $0` +DAYS=36524 + +pushd "$D" +mkdir -p pki + +# Generate CA + +openssl genpkey \ + -algorithm RSA \ + -out pki/ca.key \ + -pkeyopt rsa_keygen_bits:2048 \ + +openssl req \ + -new \ + -key pki/ca.key \ + -extensions v3_ca \ + -batch \ + -out /tmp/ca.csr \ + -utf8 \ + -subj "/CN=DummyCA/O=DummyPKI" \ + +openssl req \ + -x509 \ + -sha256 \ + -key pki/ca.key \ + -in /tmp/ca.csr \ + -out pki/ca.pem \ + -days $DAYS \ + +# Convert PEM cert to DER form for emulated keychip. +# DER must fit in 1024 bytes so it must be small. + +openssl x509 \ + -in pki/ca.pem \ + -out pki/ca.crt \ + -outform der \ + +# Generate server key + +openssl genpkey \ + -algorithm RSA \ + -out pki/server.key \ + -pkeyopt rsa_keygen_bits:2048 \ + +openssl req \ + -new \ + -key pki/server.key \ + -extensions v3_ca \ + -batch \ + -out /tmp/server.csr \ + -utf8 \ + -subj "/CN=ib.naominet.jp" \ + +openssl x509 \ + -req \ + -sha256 \ + -days $DAYS \ + -in /tmp/server.csr \ + -CAkey pki/ca.key \ + -CA pki/ca.pem \ + -set_serial 0 \ + -out pki/server.pem \ + +# Generate billing key pair + +openssl genpkey \ + -algorithm RSA \ + -out pki/billing.key \ + -pkeyopt rsa_keygen_bits:1024 \ + +openssl rsa \ + -pubout \ + -outform der \ + -in pki/billing.key \ + -out pki/billing.pub \ + +# Clean up + +rm -f /tmp/ca.csr +rm -f /tmp/server.csr diff --git a/pki/billing.key b/pki/billing.key new file mode 100644 index 0000000..39d1804 --- /dev/null +++ b/pki/billing.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAML2GPUuzv2N4bYC +xtc5bZSzolHFWdCUbP+whjr3K98FOLnYeoi7mtUSUUYOW8wIqy6WM3c4c0Bp7FcQ +LnZ0zWMm1TfLGHZzZmk5n7Iv6HDPr3ehDgbWLnOpRrVqZDxpAGD2vQb4p2DW4I2x +GUqnqDa++C8dH/0lXqE6cqwGXNGtAgMBAAECgYEAizgPhG4Dk55QkpeTBDfXH3vT +Ko9B3qdO2ptkjxDX/C8PXe7POXq2SvcEoIE6Xg3Gp8LMR5NBAbth8J32f9JSov3P +SiGCGno4k2i2s3jRuVg76FGLDsZH/N1dt4h78VnW0VlInwaM6bQv3zp0u8rXVk/P +wpYh9AGmquBJS3VYUcECQQD0PDRe28SrhollygGZSO321rYbYhoTIstDXZWyQ/y/ +PWKNwNHcYTHIVGmTrJx2AJUyr1tJhwjiOwlsI5Y1Q4/9AkEAzFpFPcs1r/xgSFxB +eYrcNseWYbVajtVxG9t57sayaEQbH2UMNA2vqSYK/nU6oJhj5eLRIsPHlA5ZbIiZ +rvc/cQJAKS0RQ0DX+ncXKQMSm+4wuGHgl+NFNB60mCnp+AEAVpmZyP5OI1J7myOo +HQ6H3lkgzkfEIzRR6ho773BcfaRjXQJAfS4nEE11G9ML4AezjBLGB0CIHF6NlMWn +PhtaPCy3iSt/OeIacaCYpJNLVMjXGx1+xIoG9rbbgRSxLs0W55lJ4QJBALOUVcNw +GKEJdxhIkA8iuUlEyGpKluAgHUNOOKvC3ogRoB0OyH+If/9o8wWDfxgexgM0zGBc +u178W9XDW+IijDA= +-----END PRIVATE KEY----- diff --git a/pki/billing.pub b/pki/billing.pub new file mode 100644 index 0000000000000000000000000000000000000000..b1197504c9dc5a356848775b38c37d46445cf24b GIT binary patch literal 162 zcmV;T0A2qufuAr91_>&LNQUZADTg(WnE|xQQICDU0>{k#jc67~SCe=5~ z7 Qp*nJ`23*mt0s{d60U38jr~m)} literal 0 HcmV?d00001 diff --git a/pki/ca.crt b/pki/ca.crt new file mode 100644 index 0000000000000000000000000000000000000000..8c131b5a1ed276e7aec625cffa92a7e7bd9ddcb7 GIT binary patch literal 817 zcmXqLV%9ZiViH}z%*4pVB;vg8j`*=x_wq9fvv!@CKGXF)?`uZ`UN%mxHjlRNyo`+8 ztPBRKh5`nBY|No7%slKarMbD4&W?tH2K*oqE*=iBNPxGefr2=%p@pG=p{b#zv4N>! zlmx$#A&LO81~oA%Av=MQm4Ug5k)Oe!iIIz`iII`vo{UqO{=@LK$HSx#olXC`WUkGT zZ_$hodfoCj-C0|)KWY7Hp~9N3-P_tbzIL8$_Ikt3s{en5v)_&FM}DcAp36>cGmw}1 zFO;bI;M!@19JxvRyWgL8HCb|@VP8?b_EFw<4&pMh*@veG?s;d;{Mgjwz0j*^!um5# zwybZ=xSD3a##Me$q7Jq!H=Ygzui*}C$mo_D=f>fxjABCdP9t}H&f_{0H&@QXJW zhHY=Jb~w#6pKqJ8_<^@27x&)Debj7~|Dfx|1MU{D%}4ItGko@<@1ajYz_S(`XpyK!t28RGKye=WH=L48JFN@e+Z9wV(l@$XE`j0}v6gAD== zWPx!Y%f}+dB66fWI+pM5il`0!Hcu}n{R@14Y}^e@$+rJ zt^S2r&O0D?BHiKYguV9zmOo$Ea*MlXU-H6CTech?n*{zA0sYPk4?nVU2QV?KCL9w# zu$ISc+NZ`FeFuVBRg<;e`ec8eYIr_h+)>%k?YrJhuQcb7RjEvUf%f5PHRfrz zwDsJBHQ}e09~8Z6?4wY>vhM1S;`Gf1uM`50{^prHDOkvw<%-hoYY*i%FETxSnd4&F zZ^xA->usWT$|m`j@ygc5Yzi^Ud#`-%9y6!jO6CdGQVF}w6c%2ITjZ2e(D|Pu(=a(A bspqgr*2AjHLHl~&Xi3)|`oeYj