Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: b4635f0a61
Branches Tags
krackattacks
/
tests
/
hwsim
/
auth_serv
/
rsa3072-generate.sh

rsa3072-generate.sh 2.5 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. #!/bin/sh
    2. 

  2. 

  3. OPENSSL=openssl
    4. 

  4. 

  5. echo
    6. 

  6. echo "---[ DH parameters ]----------------------------------------------------"
    7. 

  7. echo
    8. 

  8. 

  9. if [ -r dh_param_3072.pem ]; then
    10. 

  10.     echo "Use already generated dh_param_3072.pem"
    11. 

  11. else
    12. 

  12.     openssl dhparam -out dh_param_3072.pem 3072
    13. 

  13. fi
    14. 

  14. 

  15. echo
    16. 

  16. echo "---[ Root CA ]----------------------------------------------------------"
    17. 

  17. echo
    18. 

  18. 

  19. if [ -r rsa3072-ca.key ]; then
    20. 

  20.     echo "Use already generated Root CA"
    21. 

  21. else
    22. 

  22.     cat ec-ca-openssl.cnf |
    23. 

  23. 	sed "s/#@CN@/commonName_default = Suite B RSA 3k Root CA/" |
    24. 

  24. 	sed s%\./ec-ca$%./rsa3072-ca% \
    25. 

  25. 	    > rsa3072-ca-openssl.cnf.tmp
    26. 

  26.     $OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -x509 -new -newkey rsa:3072 -nodes -keyout rsa3072-ca.key -out rsa3072-ca.pem -outform PEM -days 3650 -sha384
    27. 

  27.     mkdir -p rsa3072-ca/certs rsa3072-ca/crl rsa3072-ca/newcerts rsa3072-ca/private
    28. 

  28.     touch rsa3072-ca/index.txt
    29. 

  29.     rm rsa3072-ca-openssl.cnf.tmp
    30. 

  30. fi
    31. 

  31. 

  32. echo
    33. 

  33. echo "---[ Server ]-----------------------------------------------------------"
    34. 

  34. echo
    35. 

  35. 

  36. cat ec-ca-openssl.cnf |
    37. 

  37. 	sed "s/#@CN@/commonName_default = rsa3072.server.w1.fi/" |
    38. 

  38. 	sed "s/#@ALTNAME@/subjectAltName=critical,DNS:rsa3072.server.w1.fi/" |
    39. 

  39. 	sed s%\./ec-ca$%./rsa3072-ca% \
    40. 

  40. 	> rsa3072-ca-openssl.cnf.tmp
    41. 

  41. $OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout rsa3072-server.key -out rsa3072-server.req -outform PEM -sha384
    42. 

  42. $OPENSSL ca -config rsa3072-ca-openssl.cnf.tmp -batch -keyfile rsa3072-ca.key -cert rsa3072-ca.pem -create_serial -in rsa3072-server.req -out rsa3072-server.pem -extensions ext_server -days 730 -md sha384
    43. 

  43. rm rsa3072-ca-openssl.cnf.tmp
    44. 

  44. 

  45. echo
    46. 

  46. echo "---[ User SHA-384 ]-----------------------------------------------------"
    47. 

  47. echo
    48. 

  48. 

  49. cat ec-ca-openssl.cnf |
    50. 

  50. 	sed "s/#@CN@/commonName_default = user-rsa3072/" |
    51. 

  51. 	sed "s/#@ALTNAME@/subjectAltName=email:user-rsa3072@w1.fi/" |
    52. 

  52. 	sed s%\./ec-ca$%./rsa3072-ca% \
    53. 

  53. 	> rsa3072-ca-openssl.cnf.tmp
    54. 

  54. $OPENSSL req -config rsa3072-ca-openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout rsa3072-user.key -out rsa3072-user.req -outform PEM -extensions ext_client -sha384
    55. 

  55. $OPENSSL ca -config rsa3072-ca-openssl.cnf.tmp -batch -keyfile rsa3072-ca.key -cert rsa3072-ca.pem -create_serial -in rsa3072-user.req -out rsa3072-user.pem -extensions ext_client -days 730 -md sha384
    56. 

  56. rm rsa3072-ca-openssl.cnf.tmp
    57. 

  57. 

  58. echo
    59. 

  59. echo "---[ Verify ]-----------------------------------------------------------"
    60. 

  60. echo
    61. 

  61. 

  62. $OPENSSL verify -CAfile rsa3072-ca.pem rsa3072-server.pem
    63. 

  63. $OPENSSL verify -CAfile rsa3072-ca.pem rsa3072-user.pem
    64.