mirror of
https://github.com/CloverHackyColor/CloverBootloader.git
synced 2024-12-02 13:03:28 +01:00
86 lines
3.7 KiB
Bash
86 lines
3.7 KiB
Bash
|
#!/bin/sh
|
||
|
# Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
#
|
||
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
# this file except in compliance with the License. You can obtain a copy
|
||
|
# in the file LICENSE in the source distribution or at
|
||
|
# https://www.openssl.org/source/license.html
|
||
|
|
||
|
|
||
|
# Utility to recreate S/MIME certificates
|
||
|
|
||
|
OPENSSL=../../apps/openssl
|
||
|
OPENSSL_CONF=./ca.cnf
|
||
|
export OPENSSL_CONF
|
||
|
|
||
|
# Root CA: create certificate directly
|
||
|
CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \
|
||
|
-keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501
|
||
|
|
||
|
# EE RSA certificates: create request first
|
||
|
CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \
|
||
|
-keyout smrsa1.pem -out req.pem -newkey rsa:2048
|
||
|
# Sign request: end entity extensions
|
||
|
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
|
||
|
|
||
|
CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \
|
||
|
-keyout smrsa2.pem -out req.pem -newkey rsa:2048
|
||
|
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
|
||
|
|
||
|
CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \
|
||
|
-keyout smrsa3.pem -out req.pem -newkey rsa:2048
|
||
|
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
|
||
|
|
||
|
# Create DSA parameters
|
||
|
|
||
|
$OPENSSL dsaparam -out dsap.pem 2048
|
||
|
|
||
|
CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \
|
||
|
-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
|
||
|
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
|
||
|
CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \
|
||
|
-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
|
||
|
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
|
||
|
CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \
|
||
|
-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
|
||
|
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
|
||
|
|
||
|
# Create EC parameters
|
||
|
|
||
|
$OPENSSL ecparam -out ecp.pem -name P-256
|
||
|
$OPENSSL ecparam -out ecp2.pem -name K-283
|
||
|
|
||
|
CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \
|
||
|
-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
|
||
|
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
|
||
|
CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \
|
||
|
-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
|
||
|
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
|
||
|
# Do not renew this cert as it is used for legacy data decrypt test
|
||
|
#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
|
||
|
# -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
|
||
|
#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
|
||
|
# Create X9.42 DH parameters.
|
||
|
$OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem
|
||
|
# Generate X9.42 DH key.
|
||
|
$OPENSSL genpkey -paramfile dhp.pem -out smdh.pem
|
||
|
$OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem
|
||
|
# Generate dummy request.
|
||
|
CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \
|
||
|
-keyout smtmp.pem -out req.pem -newkey rsa:2048
|
||
|
# Sign request but force public key to DH
|
||
|
$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||
|
-force_pubkey dhpub.pem \
|
||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem
|
||
|
# Remove temp files.
|
||
|
rm -f req.pem ecp.pem ecp2.pem dsap.pem dhp.pem dhpub.pem smtmp.pem smroot.srl
|