From e9e2b2ed53ebcf03d70e5bf7d87fdd84ad2a2130 Mon Sep 17 00:00:00 2001 From: 5HT Date: Mon, 4 Nov 2024 22:05:52 +0200 Subject: [PATCH] wip --- openssl/ca-1.sh | 4 +- openssl/ca-2.sh | 4 +- openssl/ca-3.sh | 2 +- openssl/client-1.sh | 8 +-- openssl/client-2.sh | 4 +- openssl/client-3.sh | 12 ++--- openssl/ecc/1000.pem | 63 ++++++++++++++++++++++++ openssl/ecc/1001.pem | 76 +++++++++++++++++++++++++++++ openssl/ecc/ca.key | 8 +-- openssl/ecc/caroot.key | 10 ++-- openssl/ecc/caroot.pem | 20 ++++---- openssl/ecc/crlnumber | 2 +- openssl/ecc/crlnumber.old | 1 + openssl/ecc/eccroot.crl | 8 +++ openssl/ecc/index.txt | 2 + openssl/ecc/index.txt.attr | 1 + openssl/ecc/index.txt.attr.old | 1 + openssl/ecc/index.txt.old | 1 + openssl/ecc/maxim.csr | 9 ++++ openssl/ecc/maxim.key | 6 +++ openssl/ecc/maxim.key.enc | 8 +++ openssl/ecc/maxim.p12 | Bin 0 -> 1346 bytes openssl/ecc/maxim.pem | 15 ++++++ openssl/ecc/maxim.pub | 5 ++ openssl/ecc/serial | 2 +- openssl/ecc/serial.old | 1 + openssl/ecc/server.csr | 9 ++++ openssl/ecc/server.key | 6 +++ openssl/ecc/server.key.enc | 8 +++ openssl/ecc/server.pem | 76 +++++++++++++++++++++++++++++ openssl/ecc/synrc.cnf | 2 +- openssl/ir.sh | 4 +- openssl/p10cr.sh | 4 +- openssl/rsa/{caroot.key => ca.key} | 0 openssl/rsa/{caroot.pem => ca.pem} | 0 openssl/rsa/synrc.cnf | 2 +- openssl/server-1.sh | 8 +-- openssl/server-2.sh | 2 +- openssl/server-3.sh | 6 +-- openssl/sign.sh | 2 +- openssl/synrc.cnf | 6 +-- openssl/synrc.pem | 14 ++++++ openssl/verify.sh | 4 +- 43 files changed, 368 insertions(+), 58 deletions(-) create mode 100644 openssl/ecc/1000.pem create mode 100644 openssl/ecc/1001.pem create mode 100644 openssl/ecc/crlnumber.old create mode 100644 openssl/ecc/eccroot.crl create mode 100644 openssl/ecc/index.txt.attr create mode 100644 openssl/ecc/index.txt.attr.old create mode 100644 openssl/ecc/index.txt.old create mode 100644 openssl/ecc/maxim.csr create mode 100644 openssl/ecc/maxim.key create mode 100644 openssl/ecc/maxim.key.enc create mode 100644 openssl/ecc/maxim.p12 create mode 100644 openssl/ecc/maxim.pem create mode 100644 openssl/ecc/maxim.pub create mode 100644 openssl/ecc/serial.old create mode 100644 openssl/ecc/server.csr create mode 100644 openssl/ecc/server.key create mode 100644 openssl/ecc/server.key.enc create mode 100644 openssl/ecc/server.pem rename openssl/rsa/{caroot.key => ca.key} (100%) rename openssl/rsa/{caroot.pem => ca.pem} (100%) create mode 100644 openssl/synrc.pem diff --git a/openssl/ca-1.sh b/openssl/ca-1.sh index ceb36a1..9de19f8 100755 --- a/openssl/ca-1.sh +++ b/openssl/ca-1.sh @@ -1,4 +1,4 @@ #!/bin/bash -openssl ecparam -genkey -name secp384r1 -out cert/ecc/ca.key -openssl ec -aes256 -passout pass:0 -in cert/ecc/ca.key -out cert/ecc/caroot.key +openssl ecparam -genkey -name secp384r1 -out ecc/ca.key +openssl ec -aes256 -passout pass:0 -in ecc/ca.key -out ecc/caroot.key diff --git a/openssl/ca-2.sh b/openssl/ca-2.sh index 54b49fd..2912585 100755 --- a/openssl/ca-2.sh +++ b/openssl/ca-2.sh @@ -1,6 +1,6 @@ #!/bin/bash -openssl req -config cert/ecc/synrc.cnf -days 3650 \ +openssl req -config ecc/synrc.cnf -days 3650 \ -new -x509 -passin pass:0 \ - -key cert/ecc/caroot.key -out cert/ecc/caroot.pem \ + -key ecc/caroot.key -out ecc/caroot.pem \ -subj "/C=UA/ST=Kyiv/O=SYNRC/CN=CA" diff --git a/openssl/ca-3.sh b/openssl/ca-3.sh index 906d17c..9ed2e5b 100755 --- a/openssl/ca-3.sh +++ b/openssl/ca-3.sh @@ -1,3 +1,3 @@ #!/bin/bash -openssl ca -config cert/ecc/synrc.cnf -passin pass:0 -gencrl -out cert/ecc/eccroot.crl +openssl ca -config ecc/synrc.cnf -passin pass:0 -gencrl -out ecc/eccroot.crl diff --git a/openssl/client-1.sh b/openssl/client-1.sh index 09c6670..fcb9341 100755 --- a/openssl/client-1.sh +++ b/openssl/client-1.sh @@ -1,7 +1,7 @@ #!/bin/bash -export CLIENT=client -openssl req -config cert/ecc/synrc.cnf -passout pass:0 \ +export CLIENT=maxim +openssl req -passout pass:0 \ -new -newkey ec:<(openssl ecparam -name secp384r1) \ - -keyout cert/ecc/$CLIENT.key.enc -out cert/ecc/$CLIENT.csr \ - -subj "/C=UA/ST=Kyiv/O=SYNRC/CN="$CLIENT + -keyout ecc/$CLIENT.key.enc -out ecc/$CLIENT.csr \ + -subj "/C=UA/ST=Kyiv/O=SYNRC/CN=$CLIENT" diff --git a/openssl/client-2.sh b/openssl/client-2.sh index e19624d..e967a65 100755 --- a/openssl/client-2.sh +++ b/openssl/client-2.sh @@ -1,4 +1,4 @@ #!/bin/bash -export CLIENT=client -openssl ec -in cert/ecc/$CLIENT.key.enc -out cert/ecc/$CLIENT.key -passin pass:0 +export CLIENT=maxim +openssl ec -in ecc/$CLIENT.key.enc -out ecc/$CLIENT.key -passin pass:0 diff --git a/openssl/client-3.sh b/openssl/client-3.sh index 656dd1e..aaf6c9f 100755 --- a/openssl/client-3.sh +++ b/openssl/client-3.sh @@ -1,11 +1,11 @@ #!/bin/bash -export CLIENT=client -openssl ca -config cert/ecc/synrc.cnf -passin pass:0 \ +export CLIENT=maxim +openssl ca -config ecc/synrc.cnf -passin pass:0 \ -extensions usr_cert -batch -days 365 \ - -in cert/ecc/$CLIENT.csr -out cert/ecc/$CLIENT.pem \ - -cert cert/ecc/caroot.pem -keyfile cert/ecc/caroot.key + -in ecc/$CLIENT.csr -out ecc/$CLIENT.pem \ + -cert ecc/caroot.pem -keyfile ecc/caroot.key openssl pkcs12 -export \ - -inkey cert/ecc/$CLIENT.key -in cert/ecc/$CLIENT.pem \ - -out cert/ecc/$CLIENT.p12 + -inkey ecc/$CLIENT.key -in ecc/$CLIENT.pem \ + -out ecc/$CLIENT.p12 diff --git a/openssl/ecc/1000.pem b/openssl/ecc/1000.pem new file mode 100644 index 0000000..33678d3 --- /dev/null +++ b/openssl/ecc/1000.pem @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=UA, ST=Kyiv, O=SYNRC, CN=CA + Validity + Not Before: Nov 4 19:59:44 2024 GMT + Not After : Nov 4 19:59:44 2025 GMT + Subject: C=UA, ST=Kyiv, O=SYNRC, CN=maxim + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:27:d2:bf:e7:92:a6:59:d4:00:c3:22:2f:d6:89: + 78:2f:ee:15:bd:b7:d5:e8:e1:33:b6:9f:89:16:24: + dd:2f:60:fb:2b:8a:a6:83:1c:ae:2d:9a:a3:dd:1d: + 74:c2:bf:db:81:d7:40:b3:f3:4b:f5:e6:df:9a:fe: + db:3e:5c:62:97:4c:8e:ff:25:a0:ff:b4:5b:bb:f9: + 55:dc:e1:f1:f8:98:f2:48:9d:8e:01:59:1e:22:ea: + 07:b3:60:54:83:46:49 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Cert Type: + SSL Client, S/MIME + Netscape Comment: + SYNRC CLIENT + X509v3 Subject Key Identifier: + F2:8F:BB:B1:86:59:2A:21:04:BF:20:08:95:5B:CD:99:ED:DC:8E:60 + X509v3 Authority Key Identifier: + 5A:7F:83:A2:0E:05:E8:A2:2B:04:35:DE:9A:D9:AD:10:15:1C:63:30 + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, E-mail Protection + X509v3 Subject Alternative Name: + DNS:localhost + Signature Algorithm: ecdsa-with-SHA384 + Signature Value: + 30:64:02:30:74:1c:dd:57:81:ec:73:62:80:71:9d:45:e1:1c: + e9:8c:76:43:33:77:4b:e8:7f:04:2c:3e:f1:09:2b:86:94:af: + f5:6b:a1:8f:6f:7a:c5:19:4b:16:bc:fb:3c:8b:df:85:02:30: + 63:63:7c:10:27:29:de:33:35:fd:3e:69:60:2c:bd:bc:d3:3e: + 3b:47:06:54:09:da:ef:75:7e:36:ac:71:48:30:b0:bb:02:81: + b7:3a:77:86:7a:68:18:e5:5a:cf:dd:91 +-----BEGIN CERTIFICATE----- +MIICaDCCAe+gAwIBAgICEAAwCgYIKoZIzj0EAwMwOTELMAkGA1UEBhMCVUExDTAL +BgNVBAgMBEt5aXYxDjAMBgNVBAoMBVNZTlJDMQswCQYDVQQDDAJDQTAeFw0yNDEx +MDQxOTU5NDRaFw0yNTExMDQxOTU5NDRaMDwxCzAJBgNVBAYTAlVBMQ0wCwYDVQQI +DARLeWl2MQ4wDAYDVQQKDAVTWU5SQzEOMAwGA1UEAwwFbWF4aW0wdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQn0r/nkqZZ1ADDIi/WiXgv7hW9t9Xo4TO2n4kWJN0vYPsr +iqaDHK4tmqPdHXTCv9uB10Cz80v15t+a/ts+XGKXTI7/JaD/tFu7+VXc4fH4mPJI +nY4BWR4i6gezYFSDRkmjgcYwgcMwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEE +BAMCBaAwGwYJYIZIAYb4QgENBA4WDFNZTlJDIENMSUVOVDAdBgNVHQ4EFgQU8o+7 +sYZZKiEEvyAIlVvNme3cjmAwHwYDVR0jBBgwFoAUWn+Dog4F6KIrBDXemtmtEBUc +YzAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +BDAUBgNVHREEDTALgglsb2NhbGhvc3QwCgYIKoZIzj0EAwMDZwAwZAIwdBzdV4Hs +c2KAcZ1F4RzpjHZDM3dL6H8ELD7xCSuGlK/1a6GPb3rFGUsWvPs8i9+FAjBjY3wQ +JyneMzX9PmlgLL280z47RwZUCdrvdX42rHFIMLC7AoG3OneGemgY5VrP3ZE= +-----END CERTIFICATE----- diff --git a/openssl/ecc/1001.pem b/openssl/ecc/1001.pem new file mode 100644 index 0000000..96eaf88 --- /dev/null +++ b/openssl/ecc/1001.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=UA, ST=Kyiv, O=SYNRC, CN=CA + Validity + Not Before: Nov 4 20:02:33 2024 GMT + Not After : Nov 4 20:02:33 2026 GMT + Subject: C=UA, ST=Kyiv, O=SYNRC, CN=server + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:8d:98:29:43:f2:c4:8b:14:3f:27:bc:f7:91:bd: + 31:5f:6d:6d:af:77:e0:ad:21:5e:e1:f3:ee:dd:c6: + b8:eb:d7:02:7b:f7:b2:61:08:59:1f:e8:73:d9:77: + bd:76:02:f7:46:14:ba:31:8a:e1:a4:df:5c:cb:22: + 4f:24:23:80:15:5d:41:f7:2a:fd:f2:8b:7e:15:cb: + 93:43:38:61:2f:46:c6:cd:c7:55:94:96:ea:26:50: + 6f:f2:ac:81:50:d6:fe + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Cert Type: + SSL Server + Netscape Comment: + SYNRC SERVER + X509v3 Subject Key Identifier: + 25:D9:26:D6:6B:13:33:46:14:B8:1D:DE:EC:83:6A:AC:5E:0E:E3:77 + X509v3 Authority Key Identifier: + keyid:5A:7F:83:A2:0E:05:E8:A2:2B:04:35:DE:9A:D9:AD:10:15:1C:63:30 + DirName:/C=UA/ST=Kyiv/O=SYNRC/CN=CA + serial:08:74:64:5E:02:C2:C7:3B:A5:A4:BF:34:DF:13:21:3E:C5:6A:FB:07 + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 CRL Distribution Points: + Full Name: + URI:http://crl.n2o.dev:8081/eccroot.crl + Authority Information Access: + CA Issuers - URI:http://crl.n2o.dev:8081/eccroot.crt + OCSP - URI:http://ocsp.n2o.dev:8081/ + X509v3 Subject Alternative Name: + DNS:localhost + Signature Algorithm: ecdsa-with-SHA384 + Signature Value: + 30:65:02:30:2c:5f:07:32:1c:f3:92:3c:00:90:2f:3b:be:7b: + a6:9c:b0:dd:5e:20:37:f3:3a:05:72:c1:cf:e3:cf:59:66:d0: + 04:38:26:2f:9a:06:5f:80:1b:e4:63:a3:39:fb:f0:d6:02:31: + 00:e4:f8:8d:49:02:68:9c:49:be:22:78:39:55:58:e2:e1:c3: + 21:90:04:4c:71:2c:59:9e:c5:73:86:6d:4a:64:97:f2:9d:5b: + 86:5c:3e:b7:95:68:41:c0:65:85:53:b7:6d +-----BEGIN CERTIFICATE----- +MIIDVTCCAtugAwIBAgICEAEwCgYIKoZIzj0EAwMwOTELMAkGA1UEBhMCVUExDTAL +BgNVBAgMBEt5aXYxDjAMBgNVBAoMBVNZTlJDMQswCQYDVQQDDAJDQTAeFw0yNDEx +MDQyMDAyMzNaFw0yNjExMDQyMDAyMzNaMD0xCzAJBgNVBAYTAlVBMQ0wCwYDVQQI +DARLeWl2MQ4wDAYDVQQKDAVTWU5SQzEPMA0GA1UEAwwGc2VydmVyMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEjZgpQ/LEixQ/J7z3kb0xX21tr3fgrSFe4fPu3ca469cC +e/eyYQhZH+hz2Xe9dgL3RhS6MYrhpN9cyyJPJCOAFV1B9yr98ot+FcuTQzhhL0bG +zcdVlJbqJlBv8qyBUNb+o4IBsDCCAawwDAYDVR0TBAUwAwEB/zARBglghkgBhvhC +AQEEBAMCBkAwGwYJYIZIAYb4QgENBA4WDFNZTlJDIFNFUlZFUjAdBgNVHQ4EFgQU +Jdkm1msTM0YUuB3e7INqrF4O43cwdAYDVR0jBG0wa4AUWn+Dog4F6KIrBDXemtmt +EBUcYzChPaQ7MDkxCzAJBgNVBAYTAlVBMQ0wCwYDVQQIDARLeWl2MQ4wDAYDVQQK +DAVTWU5SQzELMAkGA1UEAwwCQ0GCFAh0ZF4Cwsc7paS/NN8TIT7FavsHMA4GA1Ud +DwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATA0BgNVHR8ELTArMCmgJ6Al +hiNodHRwOi8vY3JsLm4yby5kZXY6ODA4MS9lY2Nyb290LmNybDBmBggrBgEFBQcB +AQRaMFgwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jcmwubjJvLmRldjo4MDgxL2VjY3Jv +b3QuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC5uMm8uZGV2OjgwODEvMBQG +A1UdEQQNMAuCCWxvY2FsaG9zdDAKBggqhkjOPQQDAwNoADBlAjAsXwcyHPOSPACQ +Lzu+e6acsN1eIDfzOgVywc/jz1lm0AQ4Ji+aBl+AG+Rjozn78NYCMQDk+I1JAmic +Sb4ieDlVWOLhwyGQBExxLFmexXOGbUpkl/KdW4ZcPreVaEHAZYVTt20= +-----END CERTIFICATE----- diff --git a/openssl/ecc/ca.key b/openssl/ecc/ca.key index 4f0f49d..e4cf1a1 100644 --- a/openssl/ecc/ca.key +++ b/openssl/ecc/ca.key @@ -2,8 +2,8 @@ BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- -MIGkAgEBBDCBHouia/uNUz6gwINDtacw3MEMajh6zkXlma2g7jB23Pnl5Pjuotie -GgmJtpZXf/GgBwYFK4EEACKhZANiAAS9fFQvIWh5mEX+lFuvcwPjoJeCbt4FjDP0 -PqBnPo8It17ncWsPoIrTQeT0AOtGPAbzm1lvt6NepGuPie9ot5/jws4hL0CjQU1C -HESANQI6TDtZWZEw297U9wNk7zTSz6g= +MIGkAgEBBDCa9iumY96flVOwWp2gHq8qkkgnYTwc+oej3SVjVyCzC4KVheTCP9wp +szu8yu8lB3mgBwYFK4EEACKhZANiAATE8ROic+jeM9D4Hg0dHGM3Ok00YymUlAKR +Uh1L+kU/kWcpWrr5Lx9Qd/uXfLtdOvXAwfwFdw7xMRbof+L8JaQnEjy+eRGL3iA5 +RP9DFilMHOajDWxqDz4Hl+sbmVLon9c= -----END EC PRIVATE KEY----- diff --git a/openssl/ecc/caroot.key b/openssl/ecc/caroot.key index 7cc39ac..25863b9 100644 --- a/openssl/ecc/caroot.key +++ b/openssl/ecc/caroot.key @@ -1,9 +1,9 @@ -----BEGIN EC PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,9326115A2E6CC69C5BD17C83928DDBD9 +DEK-Info: AES-256-CBC,8FAE6B7402A1DF1F038426F46E9EC52E -NUoOfUWhRWujMUaxbQWhW+2+6CKpPwTMcJXGA7HT96DRgYdNApU2QD0kyCTdGFng -m/mVRH8thRVveGOxlfwNlKf+9p4q1Zl8ghiaKfMudiOCB0yOZw+jTCjwp5H6nVRr -9P0PDso+SfiPVdDY3lBx5M45cCjgJnXIGYuv9r/nEv3vMJiOsnF5tfXm9iICQD71 -vpJc3o09hF2ytrmIA6pw66rGb33a9lQZVXmjssUGoAg= +9w+JAATeUF3zrSkElNp6wV9t9H0qi+uzA8bHOW6sf/sRaSXrEHUQ9BBZvJwJWppp +EdJNBTHpk+avSVRDap1Tqo0pm/oIz2PA4s2v9qasvc/FvA9yvNQgvtYbaakzH5+f +M8mrKFBwLklKWCsqb8Y+Y2CsKNWILBBLOh7mdluT2WSXsApnZYmUzb93q+YH3Ykq +jcyk25oB8b0K+ALf8tkfsocM+QrmISrrRuAsmMdpA2E= -----END EC PRIVATE KEY----- diff --git a/openssl/ecc/caroot.pem b/openssl/ecc/caroot.pem index d16c76c..e65ca58 100644 --- a/openssl/ecc/caroot.pem +++ b/openssl/ecc/caroot.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICFDCCAZqgAwIBAgIUa7KnORl8uKdJieS7jsgsmq1kKE4wCgYIKoZIzj0EAwMw +MIICEzCCAZqgAwIBAgIUCHRkXgLCxzulpL803xMhPsVq+wcwCgYIKoZIzj0EAwMw OTELMAkGA1UEBhMCVUExDTALBgNVBAgMBEt5aXYxDjAMBgNVBAoMBVNZTlJDMQsw -CQYDVQQDDAJDQTAeFw0yNDEwMjQxODI3NTVaFw0zNDEwMjIxODI3NTVaMDkxCzAJ +CQYDVQQDDAJDQTAeFw0yNDExMDQxOTM3MjBaFw0zNDExMDIxOTM3MjBaMDkxCzAJ BgNVBAYTAlVBMQ0wCwYDVQQIDARLeWl2MQ4wDAYDVQQKDAVTWU5SQzELMAkGA1UE -AwwCQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS9fFQvIWh5mEX+lFuvcwPjoJeC -bt4FjDP0PqBnPo8It17ncWsPoIrTQeT0AOtGPAbzm1lvt6NepGuPie9ot5/jws4h -L0CjQU1CHESANQI6TDtZWZEw297U9wNk7zTSz6ijYzBhMB0GA1UdDgQWBBSeVAlj -M625/YPABmpDLNx1byUOcDAfBgNVHSMEGDAWgBSeVAljM625/YPABmpDLNx1byUO -cDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAwNo -ADBlAjEA+JspUSmjMcyqrIlMPR8aW/kSOCAvOsGYsPYIs2x1OJA8cYkSqLJKJBXt -6xiD9uNyAjADy7C2FaYxIELqbyHb4XkDJQZBvIFfTKfeIxjQbVv7FziinRfXJaBZ -yNJsHKyaKrE= +AwwCQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE8ROic+jeM9D4Hg0dHGM3Ok00 +YymUlAKRUh1L+kU/kWcpWrr5Lx9Qd/uXfLtdOvXAwfwFdw7xMRbof+L8JaQnEjy+ +eRGL3iA5RP9DFilMHOajDWxqDz4Hl+sbmVLon9ejYzBhMB0GA1UdDgQWBBRaf4Oi +DgXooisENd6a2a0QFRxjMDAfBgNVHSMEGDAWgBRaf4OiDgXooisENd6a2a0QFRxj +MDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAwNn +ADBkAjA0jgJeClQTIIJ/GYoCx0V6orJ/s5xO5TnZ1fhHIMwWwEz1vbAroMUGpGZZ +vdL0JlQCMDDxCVVpi9w4FAVL/gTXauMuTlKFBj8AL3ctx1i9V2ASsBmYCmepPJOQ +gc3ciMzAOw== -----END CERTIFICATE----- diff --git a/openssl/ecc/crlnumber b/openssl/ecc/crlnumber index e37d32a..dd11724 100644 --- a/openssl/ecc/crlnumber +++ b/openssl/ecc/crlnumber @@ -1 +1 @@ -1000 \ No newline at end of file +1001 diff --git a/openssl/ecc/crlnumber.old b/openssl/ecc/crlnumber.old new file mode 100644 index 0000000..e37d32a --- /dev/null +++ b/openssl/ecc/crlnumber.old @@ -0,0 +1 @@ +1000 \ No newline at end of file diff --git a/openssl/ecc/eccroot.crl b/openssl/ecc/eccroot.crl new file mode 100644 index 0000000..8f18551 --- /dev/null +++ b/openssl/ecc/eccroot.crl @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBEzCBmgIBATAKBggqhkjOPQQDAzA5MQswCQYDVQQGEwJVQTENMAsGA1UECAwE +S3lpdjEOMAwGA1UECgwFU1lOUkMxCzAJBgNVBAMMAkNBFw0yNDExMDQxOTM3MjZa +Fw0zNDExMDIxOTM3MjZaoDAwLjAfBgNVHSMEGDAWgBRaf4OiDgXooisENd6a2a0Q +FRxjMDALBgNVHRQEBAICEAAwCgYIKoZIzj0EAwMDaAAwZQIxAIVBDLCl4zBXve7y +d5i3eG/YkKqMzGyhQmgtrGRpeeNaJT/dhfYDAuL6fLr7nOO6DgIwPfTH8gr374cQ +G+Ibrfx/MIBvl21Nyrvll7c1S/IH/dP+MpRr071G9xGepm2kChcd +-----END X509 CRL----- diff --git a/openssl/ecc/index.txt b/openssl/ecc/index.txt index e69de29..64b7177 100644 --- a/openssl/ecc/index.txt +++ b/openssl/ecc/index.txt @@ -0,0 +1,2 @@ +V 251104195944Z 1000 unknown /C=UA/ST=Kyiv/O=SYNRC/CN=maxim +V 261104200233Z 1001 unknown /C=UA/ST=Kyiv/O=SYNRC/CN=server diff --git a/openssl/ecc/index.txt.attr b/openssl/ecc/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/openssl/ecc/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/openssl/ecc/index.txt.attr.old b/openssl/ecc/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/openssl/ecc/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/openssl/ecc/index.txt.old b/openssl/ecc/index.txt.old new file mode 100644 index 0000000..941a4b3 --- /dev/null +++ b/openssl/ecc/index.txt.old @@ -0,0 +1 @@ +V 251104195944Z 1000 unknown /C=UA/ST=Kyiv/O=SYNRC/CN=maxim diff --git a/openssl/ecc/maxim.csr b/openssl/ecc/maxim.csr new file mode 100644 index 0000000..ed8c6e8 --- /dev/null +++ b/openssl/ecc/maxim.csr @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBNDCBuwIBADA8MQswCQYDVQQGEwJVQTENMAsGA1UECAwES3lpdjEOMAwGA1UE +CgwFU1lOUkMxDjAMBgNVBAMMBW1heGltMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE +J9K/55KmWdQAwyIv1ol4L+4VvbfV6OEztp+JFiTdL2D7K4qmgxyuLZqj3R10wr/b +gddAs/NL9ebfmv7bPlxil0yO/yWg/7Rbu/lV3OHx+JjySJ2OAVkeIuoHs2BUg0ZJ +oAAwCgYIKoZIzj0EAwIDaAAwZQIwXihAz/p3p/dTcAhlhq8/RuBOcLPhDozUV9b7 +tit6Rh5fVO+WW78zGy5n9ndA+MvzAjEA9XnFEotPCuX20xHWGTR/9PjN9qVHhzOX +4miKzjKkEv3tOaTihwMLJuldH3RgkQkw +-----END CERTIFICATE REQUEST----- diff --git a/openssl/ecc/maxim.key b/openssl/ecc/maxim.key new file mode 100644 index 0000000..ed95f19 --- /dev/null +++ b/openssl/ecc/maxim.key @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDDKx/LS9+PzwTtqri87PHndM/oSSR0Dv5nUaiDXmkxyG2gT4QrHmW0F +15fKmnvY2HSgBwYFK4EEACKhZANiAAQn0r/nkqZZ1ADDIi/WiXgv7hW9t9Xo4TO2 +n4kWJN0vYPsriqaDHK4tmqPdHXTCv9uB10Cz80v15t+a/ts+XGKXTI7/JaD/tFu7 ++VXc4fH4mPJInY4BWR4i6gezYFSDRkk= +-----END EC PRIVATE KEY----- diff --git a/openssl/ecc/maxim.key.enc b/openssl/ecc/maxim.key.enc new file mode 100644 index 0000000..c53c822 --- /dev/null +++ b/openssl/ecc/maxim.key.enc @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBGzBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQJbYXzIh/1LbT0J0O +d/TnNgICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIaVsKNA48w5cEgcB8 +FKrv9sK/qsdE0EbzyidM0Z346nPzQ02U3+kCB9sUOZ9tnCvG7uh6kJqbc1ZtsDdM +bNlT9SJupp87eS6poU+nOmhvBDzgbow91/eYrdawK9hiNa+jTGUG0DHA8gGTaEBO +dXDNEyIZWjdqoaMHIUWXL4ivA42SdTouI+F2EYrD/1xrXbyod9DVUm3M8DIy5YIM +rNVwYW6exVShdY3VJF1fA30EIfPpDXFDNC/VR+kEXqbbGzW52h+jVqV4C97JDVI= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/openssl/ecc/maxim.p12 b/openssl/ecc/maxim.p12 new file mode 100644 index 0000000000000000000000000000000000000000..35e0c2c1b51fc54e96fd9eaca1793cb48fc69f5a GIT binary patch literal 1346 zcmXqLVzpypWHxAG`NGDj)#lOmotKfFaX}NyQ3fQO9(Vk;9T zD}#Y78)rhB2V*KT3!@f`z?xUQ)6WOp`r=q4aQXZFD`pK%Ocx^7Kb`q*%9$(A)Gg&L zuGh{u`|9XAHK%l@Wxh{y-?ywirTuFow?VB8|69HTO3%K8B(u-1XXALER+84y#M_(~ zuPLL$dAH%;U7^=rU)bMget9sxl=pR)!m+KQZujRZ+_4TmQ&}-5{?pXlH=>6OzXukc z{Z;Wc>-AQS=B1jUweJpfN>?t|FVNdCy+Uf?8!Jv-jYve_inN>6Y^mkL3US zS3i93x78DgOlh0TS1qKCZ?E33aXI#2kY0Sc-m;E^x8*fk#rDQ7l2^1)`e$)0UGkVz zZTN5~nS8daZx>vQwK(j-Xp&@#jK*x0VU0c>3Jf6M$;zU)AQY*d_9xJy9 zrtTK*-sj6ZHA^ilYIDYkkJ+*h#k;;-X*$GZf5Z9to6f_JN|&trH9sJ!*e%ENZ+gO; z$qF4Ywb>1u3ann~+}}0BT+A=J<}dG=y3-;eYhxZ(*6^%i`ftdOBQZQF0ZG!MSN>eZ|S)~jO8?#+f)R!el>XPC~Kbu8mUfBNUIN=&N) zm%lcA@_5JAH*f0FJQjQw>u-I$&M(^qvvD7Ay}HGZdJH*WlL)AIQO6NgQ{oj(qT26egoZ#e9{T(353T|!u=z=Z0FI@@2Z z7Vc!za0+ZVc;?~H_klGFX1=@>K528{^{$}b&V|$0yZY{Rd-;X0_zFYY?NGCe&yFNr z+H!RB{7oKPCt6G~iCK2imt&)y->O3==4^Rk*I%HioV&5g#P9K%;3l@<_YwbFSNZhS zUi%xwE&rrjV(P>NOT*uJ-<@AOom089@@`;4{~p0jN~iTB3{?%3;o-_DYAD7cvfu`{ zs>JczvI|(g&EVAe?ikd%ZI^+gfuR8}ywqW0WMyDc`1Eyxt?;w+JC)b*{OlJ$HQ;06a9MahRibC=I#9?003lLPW&i*H literal 0 HcmV?d00001 diff --git a/openssl/ecc/maxim.pem b/openssl/ecc/maxim.pem new file mode 100644 index 0000000..d28c5b6 --- /dev/null +++ b/openssl/ecc/maxim.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICQDCCAcagAwIBAgIIBSJ1PZRh03MwCgYIKoZIzj0EAwIwPTELMAkGA1UEBhMC +VUExETAPBgNVBAcMCNCa0LjRl9CyMQ4wDAYDVQQKDAVTWU5SQzELMAkGA1UEAwwC +Q0EwHhcNMjQxMTA0MTk1NjM1WhcNMjUxMjA0MjAwMTM1WjA8MQswCQYDVQQGEwJV +QTENMAsGA1UECAwES3lpdjEOMAwGA1UECgwFU1lOUkMxDjAMBgNVBAMMBW1heGlt +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ9K/55KmWdQAwyIv1ol4L+4VvbfV6OEz +tp+JFiTdL2D7K4qmgxyuLZqj3R10wr/bgddAs/NL9ebfmv7bPlxil0yO/yWg/7Rb +u/lV3OHx+JjySJ2OAVkeIuoHs2BUg0ZJo4GTMIGQMAkGA1UdEwQCMAAwDgYDVR0P +AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E +FgQU3JGQL910f+RwHP9QajTEM7mrxKAwHwYDVR0jBBgwFoAUph3VRHaSOdMp/2As +pNDFj3PL4E4wFAYDVR0RBA0wC4IJc3lucmMuY29tMAoGCCqGSM49BAMCA2gAMGUC +MEFa/gcDf419xTmE8PHBb45KRSmKLI1rzb8klvbj4Ztd53KqJWc4V7jYwuGxkQMQ +AAIxANw0L3wUHm7J0htRvIg3rAbWq5irS6ZbpUnqVD0b4y5wRo2v/FVDvWhudI+q +712NmQ== +-----END CERTIFICATE----- diff --git a/openssl/ecc/maxim.pub b/openssl/ecc/maxim.pub new file mode 100644 index 0000000..0481474 --- /dev/null +++ b/openssl/ecc/maxim.pub @@ -0,0 +1,5 @@ +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ9K/55KmWdQAwyIv1ol4L+4VvbfV6OEz +tp+JFiTdL2D7K4qmgxyuLZqj3R10wr/bgddAs/NL9ebfmv7bPlxil0yO/yWg/7Rb +u/lV3OHx+JjySJ2OAVkeIuoHs2BUg0ZJ +-----END PUBLIC KEY----- diff --git a/openssl/ecc/serial b/openssl/ecc/serial index e37d32a..7d802a3 100644 --- a/openssl/ecc/serial +++ b/openssl/ecc/serial @@ -1 +1 @@ -1000 \ No newline at end of file +1002 diff --git a/openssl/ecc/serial.old b/openssl/ecc/serial.old new file mode 100644 index 0000000..dd11724 --- /dev/null +++ b/openssl/ecc/serial.old @@ -0,0 +1 @@ +1001 diff --git a/openssl/ecc/server.csr b/openssl/ecc/server.csr new file mode 100644 index 0000000..0b45f36 --- /dev/null +++ b/openssl/ecc/server.csr @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBNTCBvAIBADA9MQswCQYDVQQGEwJVQTENMAsGA1UECAwES3lpdjEOMAwGA1UE +CgwFU1lOUkMxDzANBgNVBAMMBnNlcnZlcjB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BI2YKUPyxIsUPye895G9MV9tba934K0hXuHz7t3GuOvXAnv3smEIWR/oc9l3vXYC +90YUujGK4aTfXMsiTyQjgBVdQfcq/fKLfhXLk0M4YS9Gxs3HVZSW6iZQb/KsgVDW +/qAAMAoGCCqGSM49BAMDA2gAMGUCMCaP6wXRFYkjE1ERfkCj0EkBPu3P7Erw9OL5 +ep4kgc1cRh0zpfQjnQQuaG2r3FI/AwIxAM4qxWik4WDII2eZqA0JLf2OEZ0AVnh6 +A9Yl/0CHb+BQIbFBOQ5RisRjc3S6v0f0sw== +-----END CERTIFICATE REQUEST----- diff --git a/openssl/ecc/server.key b/openssl/ecc/server.key new file mode 100644 index 0000000..e6c4de8 --- /dev/null +++ b/openssl/ecc/server.key @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDC8zzl+EU2Q8UQHeUaiSihTi8AFA8hfeSLekw/VhLBfuYJ9Hfb+0LaW +JIGbp/0HVJCgBwYFK4EEACKhZANiAASNmClD8sSLFD8nvPeRvTFfbW2vd+CtIV7h +8+7dxrjr1wJ797JhCFkf6HPZd712AvdGFLoxiuGk31zLIk8kI4AVXUH3Kv3yi34V +y5NDOGEvRsbNx1WUluomUG/yrIFQ1v4= +-----END EC PRIVATE KEY----- diff --git a/openssl/ecc/server.key.enc b/openssl/ecc/server.key.enc new file mode 100644 index 0000000..c80a439 --- /dev/null +++ b/openssl/ecc/server.key.enc @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBGzBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQIZz1m7FwO02W/vGw +Io168QICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQImaRn92uoeP0EgcBX +en0OQRieiIKTlhWuNTnwLMCxbfkF4JLNZjaU+F1jfb1cMkiqDvxGtcAdLOEVtQ52 +UD9ZO4zP94GorfgTjecxVwtvJud9QQx+2wFHWDkQMTlKEyaR+MZ3bIgehMtzv/j+ +p/ODHA70V6xAk4LqZyOyRd/tWRDJ2ZU1uhLyMwzDYzrj2cmmGn7eyor313dof05X +ebhvBOe9SXlFvth9bAOqbruDTUNv8gXhNpXECNWgC72nH3SJ+hmRIFzW1KXfz2M= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/openssl/ecc/server.pem b/openssl/ecc/server.pem new file mode 100644 index 0000000..96eaf88 --- /dev/null +++ b/openssl/ecc/server.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=UA, ST=Kyiv, O=SYNRC, CN=CA + Validity + Not Before: Nov 4 20:02:33 2024 GMT + Not After : Nov 4 20:02:33 2026 GMT + Subject: C=UA, ST=Kyiv, O=SYNRC, CN=server + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:8d:98:29:43:f2:c4:8b:14:3f:27:bc:f7:91:bd: + 31:5f:6d:6d:af:77:e0:ad:21:5e:e1:f3:ee:dd:c6: + b8:eb:d7:02:7b:f7:b2:61:08:59:1f:e8:73:d9:77: + bd:76:02:f7:46:14:ba:31:8a:e1:a4:df:5c:cb:22: + 4f:24:23:80:15:5d:41:f7:2a:fd:f2:8b:7e:15:cb: + 93:43:38:61:2f:46:c6:cd:c7:55:94:96:ea:26:50: + 6f:f2:ac:81:50:d6:fe + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Cert Type: + SSL Server + Netscape Comment: + SYNRC SERVER + X509v3 Subject Key Identifier: + 25:D9:26:D6:6B:13:33:46:14:B8:1D:DE:EC:83:6A:AC:5E:0E:E3:77 + X509v3 Authority Key Identifier: + keyid:5A:7F:83:A2:0E:05:E8:A2:2B:04:35:DE:9A:D9:AD:10:15:1C:63:30 + DirName:/C=UA/ST=Kyiv/O=SYNRC/CN=CA + serial:08:74:64:5E:02:C2:C7:3B:A5:A4:BF:34:DF:13:21:3E:C5:6A:FB:07 + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 CRL Distribution Points: + Full Name: + URI:http://crl.n2o.dev:8081/eccroot.crl + Authority Information Access: + CA Issuers - URI:http://crl.n2o.dev:8081/eccroot.crt + OCSP - URI:http://ocsp.n2o.dev:8081/ + X509v3 Subject Alternative Name: + DNS:localhost + Signature Algorithm: ecdsa-with-SHA384 + Signature Value: + 30:65:02:30:2c:5f:07:32:1c:f3:92:3c:00:90:2f:3b:be:7b: + a6:9c:b0:dd:5e:20:37:f3:3a:05:72:c1:cf:e3:cf:59:66:d0: + 04:38:26:2f:9a:06:5f:80:1b:e4:63:a3:39:fb:f0:d6:02:31: + 00:e4:f8:8d:49:02:68:9c:49:be:22:78:39:55:58:e2:e1:c3: + 21:90:04:4c:71:2c:59:9e:c5:73:86:6d:4a:64:97:f2:9d:5b: + 86:5c:3e:b7:95:68:41:c0:65:85:53:b7:6d +-----BEGIN CERTIFICATE----- +MIIDVTCCAtugAwIBAgICEAEwCgYIKoZIzj0EAwMwOTELMAkGA1UEBhMCVUExDTAL +BgNVBAgMBEt5aXYxDjAMBgNVBAoMBVNZTlJDMQswCQYDVQQDDAJDQTAeFw0yNDEx +MDQyMDAyMzNaFw0yNjExMDQyMDAyMzNaMD0xCzAJBgNVBAYTAlVBMQ0wCwYDVQQI +DARLeWl2MQ4wDAYDVQQKDAVTWU5SQzEPMA0GA1UEAwwGc2VydmVyMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEjZgpQ/LEixQ/J7z3kb0xX21tr3fgrSFe4fPu3ca469cC +e/eyYQhZH+hz2Xe9dgL3RhS6MYrhpN9cyyJPJCOAFV1B9yr98ot+FcuTQzhhL0bG +zcdVlJbqJlBv8qyBUNb+o4IBsDCCAawwDAYDVR0TBAUwAwEB/zARBglghkgBhvhC +AQEEBAMCBkAwGwYJYIZIAYb4QgENBA4WDFNZTlJDIFNFUlZFUjAdBgNVHQ4EFgQU +Jdkm1msTM0YUuB3e7INqrF4O43cwdAYDVR0jBG0wa4AUWn+Dog4F6KIrBDXemtmt +EBUcYzChPaQ7MDkxCzAJBgNVBAYTAlVBMQ0wCwYDVQQIDARLeWl2MQ4wDAYDVQQK +DAVTWU5SQzELMAkGA1UEAwwCQ0GCFAh0ZF4Cwsc7paS/NN8TIT7FavsHMA4GA1Ud +DwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATA0BgNVHR8ELTArMCmgJ6Al +hiNodHRwOi8vY3JsLm4yby5kZXY6ODA4MS9lY2Nyb290LmNybDBmBggrBgEFBQcB +AQRaMFgwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jcmwubjJvLmRldjo4MDgxL2VjY3Jv +b3QuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC5uMm8uZGV2OjgwODEvMBQG +A1UdEQQNMAuCCWxvY2FsaG9zdDAKBggqhkjOPQQDAwNoADBlAjAsXwcyHPOSPACQ +Lzu+e6acsN1eIDfzOgVywc/jz1lm0AQ4Ji+aBl+AG+Rjozn78NYCMQDk+I1JAmic +Sb4ieDlVWOLhwyGQBExxLFmexXOGbUpkl/KdW4ZcPreVaEHAZYVTt20= +-----END CERTIFICATE----- diff --git a/openssl/ecc/synrc.cnf b/openssl/ecc/synrc.cnf index 9ba6f9c..d47f291 100644 --- a/openssl/ecc/synrc.cnf +++ b/openssl/ecc/synrc.cnf @@ -2,7 +2,7 @@ default_ca = CA_default [ CA_default ] -dir = /Users/maxim/depot/synrc/ca/cert/ecc +dir = /Users/5ht/depot/arvo-computer/ca/openssl/ecc certs = $dir crl_dir = $dir new_certs_dir = $dir diff --git a/openssl/ir.sh b/openssl/ir.sh index 88a2276..e2e8152 100755 --- a/openssl/ir.sh +++ b/openssl/ir.sh @@ -1,5 +1,5 @@ #!/bin/sh openssl cmp -cmd ir -server 127.0.0.1:1829 \ - -path . -srvcert ca.pem -ref NewUser \ - -secret pass:0000 -certout x.pem -newkey maxim.key.enc -subject "/CN=maxim/O=SYNRC/ST=Kyiv/C=UA" + -path . -srvcert ecc/caroot.pem -ref NewUser \ + -secret pass:0000 -certout x.pem -newkey ecc/maxim.key.enc -subject "/CN=maxim/O=SYNRC/ST=Kyiv/C=UA" diff --git a/openssl/p10cr.sh b/openssl/p10cr.sh index bdb80ac..4d5d80a 100755 --- a/openssl/p10cr.sh +++ b/openssl/p10cr.sh @@ -2,5 +2,5 @@ export client=maxim openssl cmp -cmd p10cr -server localhost:1829 -secret pass:0000 \ - -path . -srvcert ca.pem -ref cmptestp10cr \ - -certout $client.pem -csr $client.csr + -path . -srvcert synrc.pem -ref cmptestp10cr \ + -certout ecc/$client.pem -csr ecc/$client.csr diff --git a/openssl/rsa/caroot.key b/openssl/rsa/ca.key similarity index 100% rename from openssl/rsa/caroot.key rename to openssl/rsa/ca.key diff --git a/openssl/rsa/caroot.pem b/openssl/rsa/ca.pem similarity index 100% rename from openssl/rsa/caroot.pem rename to openssl/rsa/ca.pem diff --git a/openssl/rsa/synrc.cnf b/openssl/rsa/synrc.cnf index 9ba6f9c..dff611e 100644 --- a/openssl/rsa/synrc.cnf +++ b/openssl/rsa/synrc.cnf @@ -2,7 +2,7 @@ default_ca = CA_default [ CA_default ] -dir = /Users/maxim/depot/synrc/ca/cert/ecc +dir = /Users/maxim/depot/synrc/ca/openssl/rsa certs = $dir crl_dir = $dir new_certs_dir = $dir diff --git a/openssl/server-1.sh b/openssl/server-1.sh index 6421ff4..c041ef6 100755 --- a/openssl/server-1.sh +++ b/openssl/server-1.sh @@ -1,8 +1,8 @@ #!/bin/bash export SERVER=server -openssl req -config cert/ecc/synrc.cnf \ +openssl req -config ecc/synrc.cnf \ -new -newkey ec:<(openssl ecparam -name secp384r1) \ - -keyout cert/ecc/$SERVER.key.enc \ - -out cert/ecc/$SERVER.csr -passout pass:0 \ - -subj "/C=UA/ST=Kyiv/O=SYNRC/CN="$SERVER + -keyout ecc/$SERVER.key.enc \ + -out ecc/$SERVER.csr -passout pass:0 \ + -subj "/C=UA/ST=Kyiv/O=SYNRC/CN=$SERVER" diff --git a/openssl/server-2.sh b/openssl/server-2.sh index cc4a564..a123388 100755 --- a/openssl/server-2.sh +++ b/openssl/server-2.sh @@ -1,4 +1,4 @@ #!/bin/bash export SERVER=server -openssl ec -in cert/ecc/$SERVER.key.enc -out cert/ecc/$SERVER.key -passin pass:0 +openssl ec -in ecc/$SERVER.key.enc -out ecc/$SERVER.key -passin pass:0 diff --git a/openssl/server-3.sh b/openssl/server-3.sh index 702dfb0..5b0b3ae 100755 --- a/openssl/server-3.sh +++ b/openssl/server-3.sh @@ -1,7 +1,7 @@ #!/bin/bash export SERVER=server -openssl ca -config cert/ecc/synrc.cnf -days 730 -batch \ - -in cert/ecc/$SERVER.csr -out cert/ecc/$SERVER.pem \ - -keyfile cert/ecc/caroot.key -cert cert/ecc/caroot.pem \ +openssl ca -config ecc/synrc.cnf -days 730 -batch \ + -in ecc/$SERVER.csr -out ecc/$SERVER.pem \ + -keyfile ecc/caroot.key -cert ecc/caroot.pem \ -passin pass:0 -extensions server_cert diff --git a/openssl/sign.sh b/openssl/sign.sh index 3a20008..45cbff2 100755 --- a/openssl/sign.sh +++ b/openssl/sign.sh @@ -1,4 +1,4 @@ #!/bin/sh export client=maxim -openssl dgst -sha256 -sign $client.key mix.exs > mix.sig +openssl dgst -sha256 -sign ecc/$client.key ../mix.exs > mix.sig diff --git a/openssl/synrc.cnf b/openssl/synrc.cnf index 9ba6f9c..6e35a72 100644 --- a/openssl/synrc.cnf +++ b/openssl/synrc.cnf @@ -2,15 +2,15 @@ default_ca = CA_default [ CA_default ] -dir = /Users/maxim/depot/synrc/ca/cert/ecc +dir = /Users/5ht/depot/synrc/ca/openssl certs = $dir crl_dir = $dir new_certs_dir = $dir database = $dir/index.txt serial = $dir/serial RANDFILE = $dir/.rand -private_key = $dir/caroot.key -certificate = $dir/caroot.pem +private_key = $dir/ca.key +certificate = $dir/ca.pem crlnumber = $dir/crlnumber crl = $dir/eccroot.crl crl_extensions = crl_ext diff --git a/openssl/synrc.pem b/openssl/synrc.pem new file mode 100644 index 0000000..db81a2e --- /dev/null +++ b/openssl/synrc.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICEzCCAZmgAwIBAgIIEeeKLB5jXnowCgYIKoZIzj0EAwIwPTELMAkGA1UEBhMC +VUExETAPBgNVBAcMCNCa0LjRl9CyMQ4wDAYDVQQKDAVTWU5SQzELMAkGA1UEAwwC +Q0EwHhcNMjQxMTA0MTQ1NTE2WhcNNDkxMTA0MTUwMDE2WjA9MQswCQYDVQQGEwJV +QTERMA8GA1UEBwwI0JrQuNGX0LIxDjAMBgNVBAoMBVNZTlJDMQswCQYDVQQDDAJD +QTB2MBAGByqGSM49AgEGBSuBBAAiA2IABAfVE47YXGmwvrxvVJVBn7ouTciL6Pku +9HVVaEiHwkdMA0+oMeCG8BWKiFHJR0HUbr1r8o/f4MfPT3YBuCXnpguP0peMs5g/ +vqgHe97xaxBl9AJUnGCJbcESp3RiV70SDKNmMGQwEgYDVR0TAQH/BAgwBgEB/wIB +ATAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFFTxrIPDKu1RTTfTM4BlnL1IZsnE +MB8GA1UdIwQYMBaAFFTxrIPDKu1RTTfTM4BlnL1IZsnEMAoGCCqGSM49BAMCA2gA +MGUCMDtPPzsviLlPBPKOticWPP6ZL+hN/LaxpWOZHua65NVc09dSi20oILGN430u +bEFYeAIxANL1rLjldPt84Ax0WCHfOXC/d4CH7n3c0ZuC0fRh4IzmpgcD9r93X47P +Km1tfAMYBQ== +-----END CERTIFICATE----- diff --git a/openssl/verify.sh b/openssl/verify.sh index 10dc648..d0a7bbb 100755 --- a/openssl/verify.sh +++ b/openssl/verify.sh @@ -1,5 +1,5 @@ #!/bin/sh export client=maxim -openssl x509 -pubkey -noout -in $client.pem > $client.pub -openssl dgst -sha256 -verify $client.pub -signature mix.sig mix.exs +openssl x509 -pubkey -noout -in ecc/$client.pem > ecc/$client.pub +openssl dgst -sha256 -verify ecc/$client.pub -signature mix.sig ../mix.exs