WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

added additional certs for testing with TIRTOS

pull/1/head
Kaleb Himes 2014-08-13 16:33:16 -06:00
parent ea7ea7d3e8
commit f2d55d5707
53 changed files with 1548 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/1024/client-cert.der 100644
View File

Binary file not shown.

59
certs/1024/client-cert.pem 100644
View File

@ -0,0 +1,59 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10163970144298616102 (0x8d0dacfec6984526)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
Validity
Not Before: Jan 18 21:42:49 2013 GMT
Not After : Oct 15 21:42:49 2015 GMT
Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:
99:21:f9:c8:ec:b3:6d:48:e5:35:35:75:77:37:ec:
d1:61:90:5f:3e:d9:e4:d5:df:94:ca:c1:a9:d7:19:
da:86:c9:e8:4d:c4:61:36:82:fe:ab:ad:7e:77:25:
bb:8d:11:a5:bc:62:3a:a8:38:cc:39:a2:04:66:b4:
f7:f7:f3:aa:da:4d:02:0e:bb:5e:8d:69:48:dc:77:
c9:28:0e:22:e9:6b:a4:26:ba:4c:e8:c1:fd:4a:6f:
2b:1f:ef:8a:ae:f6:90:62:e5:64:1e:eb:2b:3c:67:
c8:dc:27:00:f6:91:68:65:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
X509v3 Authority Key Identifier:
keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
72:66:0f:6a:a1:85:95:06:e6:87:1a:ed:2b:da:ed:84:90:89:
a6:31:4d:60:f2:7b:63:0c:dc:9b:44:4c:d6:62:41:24:74:30:
70:4e:07:10:05:12:5e:14:b3:dd:cf:58:27:93:cf:aa:4f:85:
2c:35:0e:ff:5b:a8:6b:b5:95:32:d5:cc:73:68:5b:1b:c4:f8:
89:5e:3d:f8:02:39:32:7d:06:a4:32:e9:b3:ef:62:a0:43:5d:
4f:fb:ce:3d:08:33:af:3d:7f:12:cb:8a:5a:c2:63:db:3e:dd:
ea:5b:67:10:49:9f:5b:96:1b:4e:5d:bc:4e:9a:7c:1f:ab:56:
47:4a
-----BEGIN CERTIFICATE-----
MIIC7DCCAlWgAwIBAgIJAI0NrP7GmEUmMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
VQQGEwJVUzEPMA0GA1UECAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDEOMAwG
A1UECgwFeWFTU0wxFDASBgNVBAsMC1Byb2dyYW1taW5nMRYwFAYDVQQDDA13d3cu
eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMzAx
MTgyMTQyNDlaFw0xNTEwMTUyMTQyNDlaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
CAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDEOMAwGA1UECgwFeWFTU0wxFDAS
BgNVBAsMC1Byb2dyYW1taW5nMRYwFAYDVQQDDA13d3cueWFzc2wuY29tMR0wGwYJ
KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEAvHMOqEnzdKKp7xil2lWZIfnI7LNtSOU1NXV3N+zRYZBfPtnk1d+UysGp
1xnahsnoTcRhNoL+q61+dyW7jRGlvGI6qDjMOaIEZrT39/Oq2k0CDrtejWlI3HfJ
KA4i6WukJrpM6MH9Sm8rH++KrvaQYuVkHusrPGfI3CcA9pFoZakCAwEAAaNQME4w
HQYDVR0OBBYEFIFpD/jf3c80KdVndXGFx3UQaVnsMB8GA1UdIwQYMBaAFIFpD/jf
3c80KdVndXGFx3UQaVnsMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
cmYPaqGFlQbmhxrtK9rthJCJpjFNYPJ7Ywzcm0RM1mJBJHQwcE4HEAUSXhSz3c9Y
J5PPqk+FLDUO/1uoa7WVMtXMc2hbG8T4iV49+AI5Mn0GpDLps+9ioENdT/vOPQgz
rz1/EsuKWsJj2z7d6ltnEEmfW5YbTl28Tpp8H6tWR0o=
-----END CERTIFICATE-----

BIN
certs/1024/client-key.der 100644
View File

Binary file not shown.

15
certs/1024/client-key.pem 100644
View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC8cw6oSfN0oqnvGKXaVZkh+cjss21I5TU1dXc37NFhkF8+2eTV
35TKwanXGdqGyehNxGE2gv6rrX53JbuNEaW8YjqoOMw5ogRmtPf386raTQIOu16N
aUjcd8koDiLpa6Qmukzowf1Kbysf74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQAB
AoGAE5fq6Dh4JaJcBM4NQHwx5cRwzZuCO1gJhjtmX9wxkPFP1dsV3d7XO5WTMRgx
Dl6j1qIacW6BSBxLz9uOeoZhMtz7VcEWbSeSJEWL8bhIsUsdrN7a3Y4vwpH7palu
+Dpq8f1QGO+f58PKeOpW09NyW5bdTgZOOsPZvnK2ZQcHTAECQQD6R9R6fJI8Ve+B
8EEwLaPPjxzmhycFcA3fmDXW8Ys4LyS10IS2eU9xKZRa8GRqrOdyxu1NWZg+Zzrz
dCz5YRdpAkEAwMGCDQzrxi/ckvmdghox6en3S/KChxzuFmrRHRiCcPPAti/28/cd
8YYjyE7rj1aOj/W/8fcrtcw9xlc5DBtUQQJBAJ1+Bd7t9Ley+/wwS1Ud4y8BR5Zp
Bc0OLiy9g2O2q3y3bcpbZKfOvobfO1PeYdIe66X2N+2sq3jZTOdV+9cRmcECQBiY
GCnmHic5cCForAovoXLBIYaVOMZYkKBXnLrjp7EVyN72G8JhI3bvsJ0cRL4TQzln
F8idyvv1RWSLOIIs8oECQDmJ5ZwZVTC6t0iMSBQO9J9+d5dD4bQZNTEjdZw7RK1p
ElbuAGFkFmbTfHQrFbSi/r8IaxpdP5ASsQWGMSnb2eI=
-----END RSA PRIVATE KEY-----

BIN
certs/1024/dh1024.der 100644
View File

Binary file not shown.

17
certs/1024/dh1024.pem 100644
View File

@ -0,0 +1,17 @@
PKCS#3 DH Parameters: (1024 bit)
prime:
00:a4:d2:b8:6e:78:f5:d9:ed:2d:7c:dd:b6:16:86:
5a:4b:05:76:90:dd:66:61:b9:6d:52:a7:1c:af:62:
c6:69:47:7b:39:f2:fb:94:ec:bc:79:ff:24:5e:ef:
79:bb:59:b2:fc:ca:07:d6:f4:e9:34:f7:e8:38:e7:
d7:33:44:1d:a3:64:76:1a:84:97:54:74:40:84:1f:
15:fe:7c:25:2a:2b:25:fd:9e:c1:89:33:8c:39:25:
2b:40:e6:cd:f8:a8:a1:8a:53:c6:47:b2:a0:d7:8f:
eb:2e:60:0a:0d:4b:f8:b4:94:8c:63:0a:ad:c7:10:
ea:c7:a1:b9:9d:f2:a8:37:73
generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIGHAoGBAKTSuG549dntLXzdthaGWksFdpDdZmG5bVKnHK9ixmlHezny+5TsvHn/
JF7vebtZsvzKB9b06TT36Djn1zNEHaNkdhqEl1R0QIQfFf58JSorJf2ewYkzjDkl
K0DmzfiooYpTxkeyoNeP6y5gCg1L+LSUjGMKrccQ6sehuZ3yqDdzAgEC
-----END DH PARAMETERS-----

BIN
certs/1024/dsa1024.der 100644
View File

Binary file not shown.

12
certs/1024/dsa1024.pem 100644
View File

@ -0,0 +1,12 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQD3S/m7FZjr3d4eTnGIhfK3uuJK2nZAzWlInoN8EfdlMXj1JS33
t/hSP77YtsX+GBVbudWShryyF3zYsL6gfPLVc3pYj43lSgCZg0rAnhYJoRA01Rm7
Y+Pdg3R/EMpzde4xSt2f4AJqne6yS6drKmzHhnfoBBXckrR6KR9Og2OFVQIVANIF
5HP7wZnF3GikjZInPeJSX4mLAoGBAKohAglDbvuiVBSFCvQofMvM2/UeohipId6I
iDOMLuuNo/AdyI/2fvjPEvW0oRFvDNTwBq3E/BRFx5QVvBlLru+Tak/MFNhHizlm
hwLUKAq47gk39ACgBKd5p9I89zRDVo7QfMLYTQ+J7RTBLJxMGZue3FMJn98t8Awn
VDp3FC3eAoGBAOgffLfAVFGnKC1YfN7UXN3VdoQ8NiDAwyXXOjjhVMj9QGgaIVQm
ORS/9qOcXtkr98klugAJy38MSiT9FRYVSM0LUkRAe5BjK5AixRgFgFOvgx9U4rCi
C1qSJOFiKD+3yrmJ1qC3ra4F4cFZQO1KG2ine/vDIIHvS/NpkbDOOrA4AhQlODuh
GXXfm/VyU0854RzsE4SCGA==
-----END DSA PRIVATE KEY-----

17
certs/1024/include.am 100644
View File

@ -0,0 +1,17 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/1024/client-cert.pem \
certs/1024/client-key.pem \
certs/1024/dh1024.pem \
certs/1024/dsa1024.pem
EXTRA_DIST += \
certs/1024/client-cert.der \
certs/1024/client-key.der \
certs/1024/dh1024.der \
certs/1024/dsa1024.der \
certs/1024/rsa1024.der

BIN
certs/1024/rsa1024.der 100644
View File

Binary file not shown.

BIN
certs/ca-cert.der 100644
View File

Binary file not shown.

BIN
certs/ca-key.der 100644
View File

Binary file not shown.

27
certs/ca-key.pem 100644
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY
sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB
la0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlcOM13Je+9gHVT
lDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5je
hHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgW
C6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABAoIBAD1uTmAahH+dhXzh
Swd84NaZKt6d+TY0DncOPgjqT+UGJtT2OPffDQ8cLgai9CponGNy4zXmBJGRtcGx
pFSs18b7QaDWdW+9C06/sVLoX0kmmFZHx97p6jxgAb8o3DG/SV+TSYd6gVuWS03K
XDhPt+Gy08ch2jwShwfkG9xD7OjsVGHn9u2mCy7134J/xh9hGZykgznfIYWJb3ev
hhUyCKJaCyZh+3AMypw4fbwi7uujqBYA+YqAHgCEqEpB+IQDZy8jWy+baybDBzSU
owM7ctWfcuCtzDSrvcfV9SYwhQ8wIzlS/zzLmSFNiKWr7mK5x+C7R4fBac9z8zC+
zjkEnOUCgYEA4XZFgFm200nfCu8S1g/wt8sqN7+n+LVN9TE1reSjlKHb8ZattQVk
hYP8G1spqr74Jj92fq0c8MvXJrQbBY5Whn4IYiHBhtZHeT63XaTGOtexdCD2UJdB
BFPtPybWb5H6aCbsKtya8efc+3PweUMbIaNZBGNSB8nX5tEbXV6W+lMCgYEA2O1O
ZGFrkQxhAbUPu0RnUx7cB8Qkfp5shCORDOQSBBZNeJjMlj0gTg9Fmrb4s5MNsqIb
KfImecjF0nh+XnPy13Bhu0DOYQX+aR6CKeYUuKHnltAjPwWTAPLhTX7tt5Zs9/Dk
0c8BmE/cdFSqbV5aQTH+/5q2oAXdqRBU+GvQqoMCgYAh0wSKROtQt3xmv4cr5ihO
6oPi6TXh8hFH/6H1/J8t5TqB/AEDb1OtVCe2Uu7lVtETq+GzD3WQCoS0ocCMDNae
RrorPrUx7WO7pNUNj3LN0R4mNeu+G3L9mzm0h7cT9eqDRZOYuo/kSsy0TKh/CLpB
SahJKD1ePcHONwDL+SzdUQKBgQChV58+udavg22DP4/70NyozgMJI7GhG2PKxElW
NSvRLmVglQVVmRE1/dXfRMeliHJfsoJRqHFFkzbPXB9hUQwFgOivxXu6XiLjPHXD
hAVVbdY6LYSJkzPLONqqMQXNzmwt3VXTVwvwpTVqsK4xukOWygDHS+MZEkPTQvpv
6oDA0QKBgQC524kgNCdwYjTqXyViEvOdgb9I7poOwY0Q/2WanS0aipRayMClpYRh
ntQkue+pncl3C8dwZj26yFTf0jPh9X/5J2G+V0Xdt0UXJPUj5DgOkSfu4yDYFMiU
R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==
-----END RSA PRIVATE KEY-----

BIN
certs/client-cert.der 100644
View File

Binary file not shown.

54
certs/client-ecc-cert.pem 100644
View File

@ -0,0 +1,54 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bf:cc:cb:7a:0a:07:42:82
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
Validity
Not Before: May 1 23:51:33 2012 GMT
Not After : Jan 26 23:51:33 2015 GMT
Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
5f:c7:5d:7f:b4
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
X509v3 Authority Key Identifier:
keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
serial:BF:CC:CB:7A:0A:07:42:82
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:26:08:44:95:35:2e:fa:9d:20:01:a6:79:60:ed:
35:a7:0a:dd:7a:0e:75:c5:80:d2:0b:9f:6a:90:d6:31:76:75:
02:20:2d:87:a2:bb:d5:e2:42:61:35:19:59:40:1d:fd:71:4f:
28:65:96:99:e6:85:1b:09:ad:d4:58:71:56:63:0b:c7
-----BEGIN CERTIFICATE-----
MIIC+jCCAqKgAwIBAgIJAL/My3oKB0KCMAkGByqGSM49BAEwgYkxCzAJBgNVBAYT
AlVTMQ8wDQYDVQQIEwZPcmVnb24xDjAMBgNVBAcTBVNhbGVtMRMwEQYDVQQKEwpD
bGllbnQgRUNDMQ0wCwYDVQQLEwRGYXN0MRYwFAYDVQQDEw13d3cueWFzc2wuY29t
MR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMjA1MDEyMzUxMzNa
Fw0xNTAxMjYyMzUxMzNaMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29u
MQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsGA1UECxME
RmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5m
b0B5YXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARVv/QPRFCaPc6b
t/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam99nUaQve9qbI2
Il/HXX+0o4HxMIHuMB0GA1UdDgQWBBTr1EtZa5VhP1FXtgRNiUGIRFyr8jCBvgYD
VR0jBIG2MIGzgBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBj6SBjDCBiTELMAkGA1UE
BhMCVVMxDzANBgNVBAgTBk9yZWdvbjEOMAwGA1UEBxMFU2FsZW0xEzARBgNVBAoT
CkNsaWVudCBFQ0MxDTALBgNVBAsTBEZhc3QxFjAUBgNVBAMTDXd3dy55YXNzbC5j
b20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggkAv8zLegoHQoIwDAYD
VR0TBAUwAwEB/zAJBgcqhkjOPQQBA0cAMEQCICYIRJU1LvqdIAGmeWDtNacK3XoO
dcWA0gufapDWMXZ1AiAth6K71eJCYTUZWUAd/XFPKGWWmeaFGwmt1FhxVmMLxw==
-----END CERTIFICATE-----

BIN
certs/client-key.der 100644
View File

Binary file not shown.

12
certs/client-keyEnc.pem 100644
View File

@ -0,0 +1,12 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BDE979D13CCC0ABD
N7yz2JV13EmQ7MZPL5wamid5+G1V1gp8FKqMemAC5JDxonS/W9oViMLUcxbfPTDx
FznKdYSVTIQ7vv3ofmDG4MEyV/2C568N2kdtAw+jTfrZFN+IU9CI+W+In/nacirF
02sAcvDMofustnooKNOO7/iyb5+3vRvEt5vSSRQn5WuSQ9sUKjuzoLs/lbf7fyAt
4NeqfI3rYBZXxiUOLITOGXzGNRuFoY+o2uDCfelLAJ8uhiVG6ME3LeJEo1dT5lZ8
CSJOLPasKg0iG4V7olM4j9FvAfZr48RRsSfUen756Jo2HpI4bad8LKhFYIdNs2Au
WwKLmjpo6QB9hBmRshR04rEXPdrgTqLBExCE08PyaGYnWU8ggWritCeBzDQFj/n4
sI+NO0Mymuvg98e5RpO52lg3Xnqv9RIK3guLFOmI6aEHC0PS4WwOEQ==
-----END RSA PRIVATE KEY-----

39
certs/crl/cliCrl.pem 100644
View File

@ -0,0 +1,39 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Jul 11 20:39:48 2014 GMT
Next Update: Jul 11 20:39:48 2015 GMT
CRL extensions:
X509v3 CRL Number:
2
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
35:c1:34:91:04:d9:88:99:83:40:ef:09:ee:04:28:91:be:7a:
b1:84:48:f4:f8:c5:9d:50:6c:67:56:4c:ee:b2:3a:32:5c:1d:
1c:49:ef:58:72:a7:69:71:9a:d8:a6:68:0c:3e:ff:48:15:c7:
44:28:67:6b:34:9d:c0:dc:c5:1b:d1:2f:e6:90:0f:45:7c:aa:
0c:f9:3c:19:dd:55:a0:92:8a:a0:fe:93:1d:1f:42:ae:5f:7c:
48:a5:de:61:89:94:bf:43:d3:c1:2d:e8:8b:f9:c5:6e:b9:8a:
40:0e:6e:32:5e:39:83:cb:9b:76:6b:de:6e:6c:da:4e:1e:5c:
69:d6:8c:08:0e:9f:de:4e:77:9d:f5:e9:97:29:b3:4c:e0:cb:
ed:46:68:ed:e1:89:ac:d7:b9:11:ca:5a:ed:fe:e3:73:20:6e:
01:e6:77:a8:48:c7:01:83:40:25:a5:ee:d7:ef:2f:af:b8:e2:
2d:85:37:2a:80:8f:7f:6a:a7:32:29:86:42:66:40:d7:eb:87:
44:66:54:5f:04:5f:7b:22:14:6c:4c:5d:f0:57:ac:33:e0:da:
53:d6:13:52:ea:85:b2:89:de:41:e6:a6:f5:0d:34:47:37:75:
26:b8:c4:f3:e0:1b:c6:32:3f:3b:65:0a:20:08:8e:c7:7e:6d:
61:f1:aa:eb
-----BEGIN X509 CRL-----
MIIB7jCB1wIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wx
FDASBgNVBAsMC1Byb2dyYW1taW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE0MDcxMTIwMzk0OFoX
DTE1MDcxMTIwMzk0OFqgDjAMMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBBQUAA4IB
AQA1wTSRBNmImYNA7wnuBCiRvnqxhEj0+MWdUGxnVkzusjoyXB0cSe9YcqdpcZrY
pmgMPv9IFcdEKGdrNJ3A3MUb0S/mkA9FfKoM+TwZ3VWgkoqg/pMdH0KuX3xIpd5h
iZS/Q9PBLeiL+cVuuYpADm4yXjmDy5t2a95ubNpOHlxp1owIDp/eTned9emXKbNM
4MvtRmjt4Yms17kRylrt/uNzIG4B5neoSMcBg0Alpe7X7y+vuOIthTcqgI9/aqcy
KYZCZkDX64dEZlRfBF97IhRsTF3wV6wz4NpT1hNS6oWyid5B5qb1DTRHN3UmuMTz
4BvGMj87ZQogCI7Hfm1h8arr
-----END X509 CRL-----

39
certs/crl/crl.pem 100644
View File

@ -0,0 +1,39 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Last Update: Jul 11 20:36:35 2014 GMT
Next Update: Jul 11 20:36:35 2015 GMT
CRL extensions:
X509v3 CRL Number:
1
No Revoked Certificates.
Signature Algorithm: sha1WithRSAEncryption
b4:54:84:e9:f8:c3:5c:e4:c4:a1:9a:71:eb:bc:46:96:09:bd:
84:9d:4c:ac:29:a8:23:12:9d:80:8e:18:30:85:92:94:72:04:
6d:74:05:31:e0:1b:20:b1:ef:6f:44:98:e8:d4:20:74:b1:ec:
9f:fe:ad:74:14:66:ad:6f:5b:7a:45:02:b5:6f:a8:d3:bd:dc:
88:94:d1:e2:78:e1:11:44:95:57:7d:d9:8c:7e:09:dc:aa:4f:
07:e0:59:f2:09:30:d5:7c:a0:6c:54:88:d0:76:88:33:11:61:
20:9d:3d:89:49:3b:85:be:e7:c0:38:f1:08:be:44:7a:1d:4c:
e4:84:7a:40:23:6f:85:bd:67:7b:77:7e:00:78:d2:3c:e2:a8:
47:ba:5c:21:c4:78:15:81:a2:9e:a6:9c:c4:47:4c:ee:97:81:
18:91:5e:18:2b:92:e8:06:1f:dc:f2:51:e1:b3:14:bf:c3:c5:
9c:78:ce:41:2e:61:0b:71:ad:ea:9e:2d:bb:2e:e4:98:a9:14:
47:3f:00:65:4e:09:17:82:ee:be:ea:48:1e:2e:a5:92:64:ce:
e9:b1:ee:ce:01:5b:e8:e3:fe:ba:dd:8c:eb:ad:34:32:15:00:
56:4d:fe:9d:60:bf:a1:cd:9e:1b:61:94:21:0a:b1:98:4f:ec:
c1:af:b3:dc
-----BEGIN X509 CRL-----
MIIB7jCB1wIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE0MDcxMTIwMzYzNVoX
DTE1MDcxMTIwMzYzNVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IB
AQC0VITp+MNc5MShmnHrvEaWCb2EnUysKagjEp2AjhgwhZKUcgRtdAUx4Bsgse9v
RJjo1CB0seyf/q10FGatb1t6RQK1b6jTvdyIlNHieOERRJVXfdmMfgncqk8H4Fny
CTDVfKBsVIjQdogzEWEgnT2JSTuFvufAOPEIvkR6HUzkhHpAI2+FvWd7d34AeNI8
4qhHulwhxHgVgaKeppzER0zul4EYkV4YK5LoBh/c8lHhsxS/w8WceM5BLmELca3q
ni27LuSYqRRHPwBlTgkXgu6+6kgeLqWSZM7pse7OAVvo4/663YzrrTQyFQBWTf6d
YL+hzZ4bYZQhCrGYT+zBr7Pc
-----END X509 CRL-----

13
certs/crl/crl.revoked 100644
View File

@ -0,0 +1,13 @@
-----BEGIN X509 CRL-----
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE0MDcxMTEyMzUyN1oX
DTE1MDcxMTEyMzUyN1owFDASAgEBFw0xNDA3MTExMjM1MjdaoA4wDDAKBgNVHRQE
AwIBOzANBgkqhkiG9w0BAQsFAAOCAQEAB+ao48FzCAbRKKPkFJX8Ho5SZl44YhNW
Uy/JxMkonyjyaMwp7GSwd2hNpv3geC6tHO7YLSRcyvyKu1BQVbeoa6FpultQSv5+
twk6mmeSenzhzNhfJmzSEhJicXOgBoLAh4aBXkixQis9dAVg16/nNSS2DAJwEKMW
kXcJpuBLt6XLL0aM71+NDqB8HAUUPyuNWLiYEb4NlScIWNh7lI6ZWmsv8vb1PMmn
2hn4CVJIkHkfEHYnikek55iE31QMUyobCXzro+cR9jGR1iPZSQu9dxstRHF5bXai
eBYWZIblBVCSJ896a5TJ5uaA1RKk6ZZbAG43oQTB/hupaEPjTTXysw==
-----END X509 CRL-----

26
certs/crl/eccCliCRL.pem 100644
View File

@ -0,0 +1,26 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA1
Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions:
X509v3 CRL Number:
4
Revoked Certificates:
Serial Number: 02
Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:10:95:f9:c8:20:bc:7d:ce:79:6d:35:23:4c:82:
8c:f5:8b:d1:4f:69:a9:5e:70:97:dd:bb:c2:67:13:46:b0:47:
02:20:4f:1f:43:c2:cc:63:1c:6e:26:89:2d:e7:ce:69:45:6d:
fb:8f:53:cd:1f:84:0f:93:fe:83:91:69:f2:91:c6:f9
-----BEGIN X509 CRL-----
MIIBNTCB3gIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
ARYOaW5mb0B5YXNzbC5jb20XDTE0MDIwNzIwMTQwNloXDTE1MDIwNzIwMTQwNlow
FDASAgECFw0xNDAyMDcyMDE0MDZaoA4wDDAKBgNVHRQEAwIBBDAJBgcqhkjOPQQB
A0cAMEQCIBCV+cggvH3OeW01I0yCjPWL0U9pqV5wl927wmcTRrBHAiBPH0PCzGMc
biaJLefOaUVt+49TzR+ED5P+g5Fp8pHG+Q==
-----END X509 CRL-----

26
certs/crl/eccSrvCRL.pem 100644
View File

@ -0,0 +1,26 @@
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA1
Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
Last Update: Feb 7 20:14:06 2014 GMT
Next Update: Feb 7 20:14:06 2015 GMT
CRL extensions:
X509v3 CRL Number:
5
Revoked Certificates:
Serial Number: 02
Revocation Date: Feb 7 20:14:06 2014 GMT
Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:2a:2a:2c:ff:8a:0f:6a:74:57:b8:41:a8:5a:5c:
8c:7d:c1:7d:b1:76:a3:db:ff:22:1a:69:cd:80:8d:d5:e4:2a:
02:20:2d:51:3e:01:5b:79:6c:f4:89:89:63:46:0b:65:44:46:
59:2d:42:3e:ba:a8:6d:08:4a:20:1f:9a:06:cc:a9:65
-----BEGIN X509 CRL-----
MIIBNzCB4AIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTQwMjA3MjAxNDA2WhcNMTUwMjA3MjAxNDA2
WjAUMBICAQIXDTE0MDIwNzIwMTQwNlqgDjAMMAoGA1UdFAQDAgEFMAkGByqGSM49
BAEDRwAwRAIgKios/4oPanRXuEGoWlyMfcF9sXaj2/8iGmnNgI3V5CoCIC1RPgFb
eWz0iYljRgtlREZZLUI+uqhtCEogH5oGzKll
-----END X509 CRL-----

57
certs/crl/gencrls.sh 100755
View File

@ -0,0 +1,57 @@
#!/bin/bash
# gencrls, crl config already done, see taoCerts.txt for setup
# caCrl
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
# metadata
openssl crl -in crl.pem -text > tmp
mv tmp crl.pem
# install (only needed if working outside cyassl)
#cp crl.pem ~/cyassl/certs/crl/crl.pem
# caCrl server revoked
openssl ca -config ../renewcerts/cyassl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
# caCrl server revoked generation
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem
# metadata
openssl crl -in crl.revoked -text > tmp
mv tmp crl.revoked
# install (only needed if working outside cyassl)
#cp crl.revoked ~/cyassl/certs/crl/crl.revoked
# remove revoked so next time through the normal CA won't have server revoked
cp blank.index.txt demoCA/index.txt
# cliCrl
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
# metadata
openssl crl -in cliCrl.pem -text > tmp
mv tmp cliCrl.pem
# install (only needed if working outside cyassl)
#cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
# eccCliCRL
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
# metadata
openssl crl -in eccCliCRL.pem -text > tmp
mv tmp eccCliCRL.pem
# install (only needed if working outside cyassl)
#cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
# eccSrvCRL
openssl ca -config ../renewcerts/cyassl.cnf -gencrl -crldays 365 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
# metadata
openssl crl -in eccSrvCRL.pem -text > tmp
mv tmp eccSrvCRL.pem
# install (only needed if working outside cyassl)
#cp eccSrvCRL.pem ~/cyassl/certs/crl/eccSrvCRL.pem

14
certs/crl/include.am 100644
View File

@ -0,0 +1,14 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/crl/crl.pem \
certs/crl/cliCrl.pem \
certs/crl/eccSrvCRL.pem \
certs/crl/eccCliCRL.pem
EXTRA_DIST += \
certs/crl/crl.revoked

BIN
certs/dh2048.der 100644
View File

Binary file not shown.

29
certs/dh2048.pem 100644
View File

@ -0,0 +1,29 @@
Diffie-Hellman-Parameters: (2048 bit)
prime:
00:b0:a1:08:06:9c:08:13:ba:59:06:3c:bc:30:d5:
f5:00:c1:4f:44:a7:d6:ef:4a:c6:25:27:1c:e8:d2:
96:53:0a:5c:91:dd:a2:c2:94:84:bf:7d:b2:44:9f:
9b:d2:c1:8a:c5:be:72:5c:a7:e7:91:e6:d4:9f:73:
07:85:5b:66:48:c7:70:fa:b4:ee:02:c9:3d:9a:4a:
da:3d:c1:46:3e:19:69:d1:17:46:07:a3:4d:9f:2b:
96:17:39:6d:30:8d:2a:f3:94:d3:75:cf:a0:75:e6:
f2:92:1f:1a:70:05:aa:04:83:57:30:fb:da:76:93:
38:50:e8:27:fd:63:ee:3c:e5:b7:c8:09:ae:6f:50:
35:8e:84:ce:4a:00:e9:12:7e:5a:31:d7:33:fc:21:
13:76:cc:16:30:db:0c:fc:c5:62:a7:35:b8:ef:b7:
b0:ac:c0:36:f6:d9:c9:46:48:f9:40:90:00:2b:1b:
aa:6c:e3:1a:c3:0b:03:9e:1b:c2:46:e4:48:4e:22:
73:6f:c3:5f:d4:9a:d6:30:07:48:d6:8c:90:ab:d4:
f6:f1:e3:48:d3:58:4b:a6:b9:cd:29:bf:68:1f:08:
4b:63:86:2f:5c:6b:d6:b6:06:65:f7:a6:dc:00:67:
6b:bb:c3:a9:41:83:fb:c7:fa:c8:e2:1e:7e:af:00:
3f:93
generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE
v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN
nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1
joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa
wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW
tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==
-----END DH PARAMETERS-----

BIN
certs/dsa2048.der 100644
View File

Binary file not shown.

9
certs/ecc-client-key.pem 100644
View File

@ -0,0 +1,9 @@
ASN1 OID: prime256v1
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIPjPkmu9HijxqKuhI08ydBiIUK1+x+yS+I+XTa9WiWXHoAoGCCqGSM49
AwEHoUQDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSOGYDsWkyiJANiLJva76I1EkOE
dhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA==
-----END EC PRIVATE KEY-----

BIN
certs/ecc-key.der 100644
View File

Binary file not shown.

9
certs/ecc-key.pem 100644
View File

@ -0,0 +1,9 @@
ASN1 OID: prime256v1
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEW2aQJznGyFoThbcujox6zEA41TNQT6bCjcNI3hqAmMoAoGCCqGSM49
AwEHoUQDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKT
mjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ2A==
-----END EC PRIVATE KEY-----

5
certs/ecc-keyPkcs8.pem 100644
View File

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgRbZpAnOcbIWhOFty
6OjHrMQDjVM1BPpsKNw0jeGoCYyhRANCAAS7M6xMJ1BKxkqlBMM83p8223ItzpTq
K/rLIAk5LBboYQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInY
-----END PRIVATE KEY-----

42
certs/include.am 100644
View File

@ -0,0 +1,42 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/ca-cert.pem \
certs/ca-key.pem \
certs/client-cert.pem \
certs/client-keyEnc.pem \
certs/client-key.pem \
certs/ecc-key.pem \
certs/ecc-keyPkcs8.pem \
certs/ecc-client-key.pem \
certs/client-ecc-cert.pem \
certs/ntru-cert.pem \
certs/dh2048.pem \
certs/server-cert.pem \
certs/server-ecc.pem \
certs/server-ecc-rsa.pem \
certs/server-keyEnc.pem \
certs/server-key.pem \
certs/server-keyPkcs8Enc12.pem \
certs/server-keyPkcs8Enc2.pem \
certs/server-keyPkcs8Enc.pem \
certs/server-keyPkcs8.pem
EXTRA_DIST += \
certs/ca-key.der \
certs/ca-cert.der \
certs/client-cert.der \
certs/client-key.der \
certs/dh2048.der \
certs/rsa2048.der \
certs/dsa2048.der \
certs/ecc-key.der \
certs/server-key.der \
certs/server-cert.der
dist_doc_DATA+= certs/taoCert.txt
EXTRA_DIST+= certs/ntru-key.raw

28
certs/ntru-cert.pem 100644
View File

@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE-----
MIIEzzCCA7egAwIBAgIIAXf7v+vECVkwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD
VQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3
LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCIY
DzIwMTQwNzEwMjMyMDM5WhgPMjAxNTExMjMyMjIwMzlaMIGKMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCT1IxETAPBgNVBAcMCFBvcnRsYW5kMQ4wDAYDVQQKDAV5YVNT
TDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFjAUBgNVBAMMDXd3dy55YXNzbC5jb20x
HTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMIICTTAaBgsrBgEEAcEWAQEB
AQYLKwYBBAHBFgEBAi4DggItAASCAijYe+JeNLXR6gSUtCr6lgMmeCQqvDRCb8wp
bzUt/kqyRU7K0eMTSMv40ThD6jriU3p8uQQ92OkfbNwtWfB3VyScTpyr4INIvS3D
gB6Y4uH+kDlWVQutqiPNvNSn0AxBnTEBOsBqqyDqzAXujcoSOxTbU9GLv5jk08iU
Q9H4EkGMQgUr0VsPSBjrxK0VrQY9StpyObUM2z6LfRNjI5SGDvR6FBRdKUBdmUWw
EMvUhB39MbFebvXHNkyFeFaTbc6hgCRgzLNHpb2xzq7YCb+F5CsLFD8WuWKLn/Fn
61MSLvP99mIUM5MBBqacfrJSFzBWL8LX/NpEAO4SRbnKUJRr3e8cjfALU9oZnCgr
2TY91lnlJcfPTeHLckkYVacz+l0E8zJpge7PViYGK2Zdune7EJZ2QZ/EnhV7mrjc
GVwK6PZQ/l0UpzSz0yYyAzsb9OW7AlGOnH6u6lCP0sYwMDRdr1fPvq5Cu0ZkVzy+
sfVD5kOyy35WEJQVmyuTu8ifos0QcmbqCNF5IrZtfZL7m/4Msg+GePL6x20A1TMF
rZ//+1gNbcxaeZZVG7Jw7RfW461SMbTuypt3Qp2eNHox6OrF+6A96t5vfOwqYa8W
GMMobFVQR8lH4qsBt/km0iQVjkvIjoSaPSSBcIgBxzXJwU2XCzVsj8tFW9IXP1SG
4ouMty6qbFb73k9EwliEQkLBjXfINp5/wlR1nv4dAA66rZNtysktWah8t8jXtSAw
DQYJKoZIhvcNAQEFBQADggEBAGCcqiwYrVUdQ7t4CvuPkuD7NFIAlVFNdwKaiJSp
moCCNL3sBWW1UjGKTLLRvn08oPAmrOQ8OkK1rusw+G7hxWjicEypp/WcaVCQv4or
M+BtWOUZ+fgIn6gHt4JRLMqt/R/t70AvONhIESL/XEjgQCP+GDuz+UDiwIxhzdcn
pSFU7APxKbeKIrFxiMaH8fB8fwPY60IH/LRTX7jA5ixXQWOm6r3u5ocmMW4naHd4
qAWB5wGmU/rmvrSw+v0mHjwvI66DiCeZl9Y9i4mOKk+7eOTdOsKR1VifBtEg/+Qj
UHiltbupX9fkm5ncvaRS/stAYywBheGYbEMYMaatndvMuzw=
-----END CERTIFICATE-----

BIN
certs/ntru-key.raw 100644
View File

Binary file not shown.

252
certs/renewcerts.sh 100755
View File

@ -0,0 +1,252 @@
#!/bin/bash
###############################################################################
######################## FUNCTIONS SECTION ####################################
###############################################################################
#the function that will be called when we are ready to renew the certs.
function run_renewcerts(){
cd certs/
echo ""
#move the custom cnf into our working directory
cp renewcerts/cyassl.cnf cyassl.cnf
# To generate these all in sha1 add the flag "-sha1" on appropriate lines
# That is all lines beginning with: "openssl req"
############################################################
########## update the self-signed client-cert.pem ##########
############################################################
echo "Updating client-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
openssl x509 -req -in client-cert.csr -days 1000 -extfile cyassl.cnf -extensions cyassl_opts -signkey client-key.pem -out client-cert.pem
rm client-cert.csr
openssl x509 -in client-cert.pem -text > tmp.pem
mv tmp.pem client-cert.pem
############################################################
########## update the self-signed ca-cert.pem ##############
############################################################
echo "Updating ca-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-key.pem -nodes -out ca-cert.csr
openssl x509 -req -in ca-cert.csr -days 1000 -extfile cyassl.cnf -extensions cyassl_opts -signkey ca-key.pem -out ca-cert.pem
rm ca-cert.csr
openssl x509 -in ca-cert.pem -text > tmp.pem
mv tmp.pem ca-cert.pem
###########################################################
########## update and sign server-cert.ptm ################
###########################################################
echo "Updating server-cert.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem
openssl x509 -req -in server-req.pem -extfile cyassl.cnf -extensions cyassl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
rm server-req.pem
openssl x509 -in ca-cert.pem -text > ca_tmp.pem
openssl x509 -in server-cert.pem -text > srv_tmp.pem
mv srv_tmp.pem server-cert.pem
cat ca_tmp.pem >> server-cert.pem
rm ca_tmp.pem
############################################################
########## update and sign the server-ecc-rsa.pem ##########
############################################################
echo "Updating server-ecc-rsa.pem"
echo ""
echo -e "US\nMontana\nBozeman\nElliptic - RSAsig\nECC-RSAsig\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes > server-ecc-req.pem
openssl x509 -req -in server-ecc-req.pem -extfile cyassl.cnf -extensions cyassl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-ecc-rsa.pem
rm server-ecc-req.pem
openssl x509 -in server-ecc-rsa.pem -text > tmp.pem
mv tmp.pem server-ecc-rsa.pem
############################################################
########## make .der files from .pem files #################
############################################################
echo "Generating new ca-cert.der, client-cert.der, server-cert.der..."
echo ""
openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der
openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der
openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der
echo "Changing directory to cyassl root..."
echo ""
cd ../
echo "Execute ./gencertbuf.pl..."
echo ""
./gencertbuf.pl
############################################################
########## generate the new crls ###########################
############################################################
echo "Change directory to cyassl/certs"
echo ""
cd certs
echo "We are back in the certs directory"
echo ""
#set up the file system for updating the crls
echo "setting up the file system for generating the crls..."
echo ""
touch crl/index.txt
touch crl/crlnumber
echo "01" >> crl/crlnumber
touch crl/blank.index.txt
mkdir crl/demoCA
touch crl/demoCA/index.txt
echo "Updating the crls..."
echo ""
cd crl
echo "changed directory: cd/crl"
echo ""
./gencrls.sh
echo "ran ./gencrls.sh"
echo ""
#cleanup the file system now that we're done
echo "Performing final steps, cleaning up the file system..."
echo ""
rm ../cyassl.cnf
rm blank.index.txt
rm index.*
rm crlnumber*
rm -r demoCA
echo "Removed ../cyassl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
echo ""
}
#function for restoring a previous configure state
function restore_config(){
mv tmp.status config.status
mv tmp.options.h cyassl/options.h
make clean
make -j 8
}
#function for copy and pasting ntru updates
function move_ntru(){
cp ntru-cert.pem certs/ntru-cert.pem
cp ntru-key.raw certs/ntru-key.raw
}
###############################################################################
##################### THE EXECUTABLE BODY #####################################
###############################################################################
#start in root.
cd ../
#if HAVE_NTRU already defined && there is no argument
if grep HAVE_NTRU "cyassl/options.h" && [ -z "$1" ]
then
#run the function to renew the certs
run_renewcerts
# run_renewcerts will end in the cyassl/certs/crl dir, backup to root.
cd ../../
echo "changed directory to cyassl root directory."
echo ""
############################################################
########## update ntru if already installed ################
############################################################
# We cannot assume that user has certgen and keygen enabled
./configure --with-ntru --enable-certgen --enable-keygen
make check
#copy/paste ntru-certs and key to certs/
move_ntru
#else if there was an argument given, check it for validity or print out error
elif [ ! -z "$1" ]; then
#valid argument then renew certs without ntru
if [ "$1" == "--override-ntru" ]; then
echo "overriding ntru, update all certs except ntru."
run_renewcerts
#valid argument print out other valid arguments
elif [ "$1" == "-h" ] || [ "$1" == "-help" ]; then
echo ""
echo "\"no argument\" will attempt to update all certificates"
echo "--override-ntru updates all certificates except ntru"
echo "-h or -help display this menu"
echo ""
echo ""
#else the argument was invalid, tell user to use -h or -help
else
echo ""
echo "That is not a valid option."
echo ""
echo "use -h or -help for a list of available options."
echo ""
fi
#else HAVE_NTRU not already defined
else
echo "Saving the configure state"
echo ""
cp config.status tmp.status
cp cyassl/options.h tmp.options.h
echo "Running make clean"
echo ""
make clean
#attempt to define ntru by configuring with ntru
echo "Configuring with ntru, enabling certgen and keygen"
echo ""
./configure --with-ntru --enable-certgen --enable-keygen
make check
# check options.h a second time, if the user had
# ntru installed on their system and in the default
# path location, then it will now be defined, if the
# user does not have ntru on their system this will fail
# again and we will not update any certs until user installs
# ntru in the default location
# if now defined
if grep HAVE_NTRU "cyassl/options.h"; then
run_renewcerts
#run_renewcerts leaves us in cyassl/certs/crl, backup to root
cd ../../
echo "changed directory to cyassl root directory."
echo ""
move_ntru
echo "ntru-certs, and ntru-key.raw have been updated"
echo ""
# restore previous configure state
restore_config
else
# restore previous configure state
restore_config
echo ""
echo "ntru is not installed at the default location,"
echo "or ntru not installed, none of the certs were updated."
echo ""
echo "clone the ntru repository into your \"cd ~\" directory then,"
echo "\"cd NTRUEncrypt\" and run \"make\" then \"make install\""
echo "once complete run this script again to update all the certs."
echo ""
echo "To update all certs except ntru use \"./renewcerts.sh --override-ntru\""
echo ""
fi #END now defined
fi #END already defined

170
certs/renewcerts/cyassl.cnf 100644
View File

@ -0,0 +1,170 @@
#
# cyassl configuration file
#
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
####################################################################
# CHANGE THIS LINE TO BE YOUR CYASSL_ROOT DIRECTORY #
# #
dir = $HOME./.. #
####################################################################
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/certs/crl # Where the issued crl are kept
database = $dir/certs/crl/demoCA/index.txt # database index file.
new_certs_dir = $dir/certs # default place for new certs.
certificate = $dir/certs/ca-cert.pem # The CA certificate
serial = $dir/certs/serial # The current serial number
crlnumber = $dir/certs/crl/crlnumber # the current crl number
crl = $dir/certs/crl/crl.pem # The current CRL
private_key = $dir/certs/ca-key.pem # The private key
RANDFILE = $dir/certs/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
default_days = 1000 # how long to certify for
default_crl_days = 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# default req
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = utf8only
#default req_dist_name
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Montana
localityName = Locality Name (eg, city)
localityName_default = Bozeman
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Sawtooth
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Consulting
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = www.wolfssl.com
commonName_max = 64
emailAddress = Email Address
emailAddress_default = info@wolfssl.com
emailAddress_max = 64
#default req_attr
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
# These extensions are added when 'ca' signs a request.
[ usr_cert ]
basicConstraints=CA:FALSE
nsComment = "cyaSSL Generated Certificate using openSSL command line utility."
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
#cyassl extensions
[cyassl_opts]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints=CA:true
# Extensions to add to a certificate request
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# Extensions for a typical CA
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
# CRL extensions.
[ crl_ext ]
authorityKeyIdentifier=keyid:always
# These extensions should be added when creating a proxy certificate
[ proxy_cert_ext ]
basicConstraints=CA:FALSE
nsComment = "cyaSSL Generated Certificate using openSSL command line utility"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
#tsa default
[ tsa ]
default_tsa = tsa_config1
# These are used by the TSA reply generation only.
[ tsa_config1 ]
dir = ./demoCA # directory
serial = $dir/tsaserial # (mandatory)
crypto_device = builtin # engine
signer_cert = $dir/tsacert.pem # certificate
certs = $dir/cacert.pem # chain
signer_key = $dir/private/tsakey.pem # (optional)
default_policy = tsa_policy1 # Policy
other_policies = tsa_policy2, tsa_policy3 # (optional)
digests = md5, sha1 # (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # (optional)
ordering = yes # timestamps?
tsa_name = yes # include?
ess_cert_id_chain = no # include chain?

BIN
certs/rsa2048.der 100644
View File

Binary file not shown.

BIN
certs/server-cert.der 100644
View File

Binary file not shown.

69
certs/server-ecc-rsa.pem 100644
View File

@ -0,0 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
Not Before: Jul 11 17:25:56 2014 GMT
Not After : Apr 6 17:25:56 2017 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
0b:80:34:89:d8
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:9A:41:47:CD:A1:14:62:8C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
61:a8:c1:b3:39:c8:f6:77:e7:cc:58:ed:15:25:44:81:47:ac:
09:58:37:ab:5f:1d:2d:a7:78:70:96:c4:7f:98:cf:56:80:a3:
0f:ce:e1:80:fa:80:f6:96:04:97:50:4e:08:04:30:97:64:e7:
0d:c2:16:a3:ab:a8:d4:11:f2:70:10:65:6c:b6:65:4d:bc:9a:
40:20:a3:6c:e7:93:6d:fa:ab:a5:e0:82:9a:30:e6:0c:82:6c:
1c:7f:76:cc:78:a1:9c:3d:56:67:37:58:6c:e2:ab:8a:ae:c9:
b2:83:d5:a5:79:74:e5:c9:bb:f3:39:5a:45:ca:ad:54:65:06:
1b:bf:c5:d4:16:33:f2:10:6b:2a:07:fe:a7:ef:47:c6:df:02:
4d:28:35:a5:ed:1b:86:d8:82:3b:4a:cb:76:fe:98:62:d4:bd:
98:28:aa:86:b5:02:3b:24:4e:ad:bb:63:f7:e3:dc:e5:12:41:
ca:ee:93:b3:33:1e:a1:26:82:ce:ff:66:8d:c5:51:5f:b0:1f:
0f:03:df:e2:c5:66:82:9a:42:ab:36:ef:3e:cf:44:d9:39:e3:
59:63:f2:9c:24:13:6f:9a:cb:3c:78:be:4b:c6:be:c8:e7:11:
31:8b:de:5f:c5:de:50:d0:87:c5:5b:6e:1e:d6:cf:68:39:b1:
e1:f2:a3:d6
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTQwNzEx
MTcyNTU2WhcNMTcwNDA2MTcyNTU2WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
IX/wzxjakRECNIboIFgzC4A0idijgfwwgfkwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
K0olAiPvsokwMIHJBgNVHSMEgcEwgb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGa
pIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcx
GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
b2xmc3NsLmNvbYIJAJpBR82hFGKMMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADggEBAGGowbM5yPZ358xY7RUlRIFHrAlYN6tfHS2neHCWxH+Yz1aAow/O4YD6
gPaWBJdQTggEMJdk5w3CFqOrqNQR8nAQZWy2ZU28mkAgo2znk236q6Xggpow5gyC
bBx/dsx4oZw9Vmc3WGziq4quybKD1aV5dOXJu/M5WkXKrVRlBhu/xdQWM/IQayoH
/qfvR8bfAk0oNaXtG4bYgjtKy3b+mGLUvZgoqoa1AjskTq27Y/fj3OUSQcruk7Mz
HqEmgs7/Zo3FUV+wHw8D3+LFZoKaQqs27z7PRNk541lj8pwkE2+ayzx4vkvGvsjn
ETGL3l/F3lDQh8Vbbh7Wz2g5seHyo9Y=
-----END CERTIFICATE-----

55
certs/server-ecc.pem 100644
View File

@ -0,0 +1,55 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f9:ec:48:2d:d0:a4:49:6c
Signature Algorithm: ecdsa-with-SHA1
Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.yassl.com/emailAddress=info@yassl.com
Validity
Not Before: Oct 22 04:02:45 2013 GMT
Not After : Jul 18 04:02:45 2016 GMT
Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
0b:80:34:89:d8
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
X509v3 Authority Key Identifier:
keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
serial:F9:EC:48:2D:D0:A4:49:6C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ecdsa-with-SHA1
30:44:02:20:36:14:3b:c8:19:43:87:b9:3d:aa:32:6f:18:9a:
4e:07:0c:47:6c:e1:dc:87:fd:ad:f4:2c:71:ec:04:ba:c9:58:
02:20:65:4e:67:ee:68:26:ed:1c:03:11:0e:31:91:69:f6:16:
27:06:f7:33:68:18:0b:5d:63:5f:8b:e8:bc:d6:00:57
-----BEGIN CERTIFICATE-----
MIIDADCCAqigAwIBAgIJAPnsSC3QpElsMAkGByqGSM49BAEwgYsxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRAwDgYD
VQQKEwdFbGlwdGljMQwwCgYDVQQLEwNFQ0MxFjAUBgNVBAMTDXd3dy55YXNzbC5j
b20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEzMTAyMjA0MDI0
NVoXDTE2MDcxODA0MDI0NVowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo
aW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRAwDgYDVQQKEwdFbGlwdGljMQwwCgYD
VQQLEwNFQ0MxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW
DmluZm9AeWFzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQ
SsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0
huggWDMLgDSJ2KOB8zCB8DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUrSiUCI++yiTAw
gcAGA1UdIwSBuDCBtYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZGkgY4wgYsxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxl
MRAwDgYDVQQKEwdFbGlwdGljMQwwCgYDVQQLEwNFQ0MxFjAUBgNVBAMTDXd3dy55
YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggkA+exILdCk
SWwwDAYDVR0TBAUwAwEB/zAJBgcqhkjOPQQBA0cAMEQCIDYUO8gZQ4e5Paoybxia
TgcMR2zh3If9rfQscewEuslYAiBlTmfuaCbtHAMRDjGRafYWJwb3M2gYC11jX4vo
vNYAVw==
-----END CERTIFICATE-----

BIN
certs/server-key.der 100644
View File

Binary file not shown.

30
certs/server-keyEnc.pem 100644
View File

@ -0,0 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,136C7D8A69656668
jvNTyPaztxPIoAzbdmZnD0Zw2+60tMxNc0GMHNmeOyG25aHP/dT+TWiKFpFVkkkY
uoCIhYUyw7gmpw+CnRJwWd+ans4nrvAjwy5oWJvarvsyUpjqvnPoIlAqd+d4TDKN
eESzcI76+gHdisAtCrQD+fGqgTZhli5TgDbnpasL/QnY2qDlutvakkVw7gPXe156
2Phy8WN+efr65J6wt3K/dj7Datl9u4JeHQK81gYyWBVX+EagEjPGDzkFQCj9Z0q7
8K3iB5GW1JAqJS0IfZPB40AnSTF/n1TL1SN3qfU3l7hTGNrx9o7580bgDEoAR7pI
F8eZlS15KHtZmh11AnU1KTKZ6kmgnNqeMTGMN6N0ct2wMKW1dV87eTDlF0oiR2ol
XwtFgKmrIjfpmzkdWjbJmWnGMjD56KdiFZga/ZyKMsPrVoYLgfJEpn36iQspfygx
HCGNTf0PjIsjEWU0WyQiF86t+c45W3wNFsv/AxVyfMl+su02yrd6u2ecuQDir3Cs
b2k8IKtQgVe/NIpEWLKuiHG5oedIPPQyDYK5uq+gHxCGeOoKnWlsWFEHZRiza4X5
tbgTrJB8Sw0ENWrvVGGmQZN4pSImlsMwzQ2qik5CQ00N1b3+56/obn0z75I3bUSb
tC5g8DRjl6oclAenNgh/MYMT287y5W2dD4npxHcekX4O3J2CDXNfg4vV2j5GRxtg
LVJdYE2p7bpYePCDHrYng8b9ubBprx0CrEnkIvvtUjzNPf6VDL0+MBKl+XgR2/nz
iRqTuZnlGGOyM+KYDwXpgwfs/HfvFGksxTAlO/40GkGh+WGPaIoNyCK0SgQKhyb4
JIkR0vd2/yLg3lWMJrGwh7A0Gm07Z/781oURP3uWd+PaCOgGcd5ipcAjcEyuxNly
AthipWqmQWUcbf6Z2N9j3OA22Hv2Uzk8HSfi9VOZtL9svdEEZ0NnOekJgnc6stQp
bXiknlK/T5WdrWxSyCfgUq68Vf6DFfIRAVuFdJ3WHT2wVXHrDfft6D+Ne/XCxPoE
8zGmkyusaph33UHQ1oNyUbLbwcDCDSmOo8gYoedD3IwxtMA3wJRugomqosItwV8X
vkgmcy8eSE/+gZUxJEN2gnLcfKFhCkC80J6oFhmoDD6vuUnPHcFdKZgVPw2rzPk5
Vb1kX+gpORplYmKpq1vz/ujscL4T0TmYLz02hkIS4edpW55ncTTv7JWefpRiTB1J
RB3td3me4htqR+YIDWJ+emrOmqsCG2WvpAS+MTw2mj1jYk9LL/ZYobTjSCEWmuwT
yVK6m303irR7HQDauxhslRFgoK21w63viOyj5NKIU1gQtaAANGDxcgORC1XLjjgt
oNutSQA+7P42vfHSHK4cnTBXl6V32H/GyVpdHQOZqSrqIjgLmUZodSmRPROxosZF
a46B1O7m/rJFxkiKW4vod+/WqjoE0Hhfrb8rRrkRjzGeCqqSSnQ3vrunVkvF8hlA
b6FOv4ZBJL4piC1GKH+rscqke9NEiDqXN8C3iYz86jbck/Ha21yUS8T3X7N52sg+
B3AmOGnLK6BebYeto9vZxQjacChJZSixSxLV+l9/nVQ0+mW42azHdzk0ru59TGAj
-----END RSA PRIVATE KEY-----

28
certs/server-keyPkcs8.pem 100644
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDAlQjhV0HycW23
0kVBJwFlxkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98
q2SoF/zKXXu64CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSz
rgCgY8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7
LyG1/WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAy
loAyI5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW
39nQT63XAgMBAAECggEBAJrQNA9SYgVQAe+f7WRuwsTaGvKE15IQSJLE6Wrri3Vs
xnk48slySoZkVJV3y8OanbfUHaQAyJ5O5N3HumcWwXS8qdaUjyswGvvt3yEFI9lK
Ob2Ya2WauNzEfe6mQxUuPb4dImAqczDVPtiirIZDLsT1ZF4/iXUPEdhRJU6f2Kqj
zmCz4orZfhvwZMqaWwULW6rL5eM/bjIiBfPQ+u90UoHiX3TTvf8xg0V1+mN6ly7W
thnGkibkKAZQUA54Lql4DRSXtBLYMUCroQFBwjD4B18W5GF30mDyn43o9LrrY94q
l4HvTGzmVTRRKyg09FMcxFgKP7uvtfdKhUMtPPFYWIECgYEA8ixUdjkjY8kQMreT
ra++GXWWgWTmtbiJQkHRbdAcG/gbrGnLNjxkfdz0GbjDYLFXSF9ST1k6VX8ywBlD
UD+uzm8X8w6fQMpOrRU7yXnpwFk4c3CcCnzJOkgyp9hJdQqFwsL9FXPamQkqaZqf
CnG/sASmjHpab0haVDvGsVMX3+cCgYEAy5PedxVdt1xcfNiQqZgt1mkOY7Oj3KbM
i2qkohKMjntILLJLN9wGGH3q/nah1KHpPw3NG1+vX56WW1sPoXyvs5uQ21dzOu2w
I0SuQU8fB0ITI0zL+vQUpNX3njZ8W5+oPMGFX3TSOS3/0ITf+7Mgei6bF67muguu
X1OkUu0bxJECgYEA7Jjau9X++VJKfQJVSW9VblIvhKMrs4Zis1TSY1La44h2oO+L
FaXTGBRyd17HowQfnhlitRsbnsPytTL5TMGq6wwmfdRfSlFcpEUGcESnVsDUIhR2
nthjUImQ0+K/gZWSMUGHORpDCxilUx85Gl8fQ7yHat9u0yIA/iKYcE4aGSkCgYEA
ikFWKFGeX9SeCzuYo1TybFbUqulpM4UkDNrUDC3Ev08CaTh81ObcTO3XFhHDPgDn
wybAUQLeu3Wcb1acevOO78+KxSvS2gZqRMlz/m6Zh/hbvvF85mW1T2zwycX/FsqL
GxfiWD2iN6sBvL9AzlOMju3v7lmd4GPmfF71jkvxO8ECgYBNRflAjMVb9CoairTy
HKxr6QxWNrdOcpbV5YrS4v/x8RgTPYYJuNh2p8kccVKUMEPg8Xh0/WEbTAnM5mgq
ca0c30O8VtulpL41cKRez0/8AFWZOj0jz2da9SL4tSnQRBHrNS5Gvv2OGLJfqL8Z
MqH13APmfJofDHypsA4hNzvxsA==
-----END PRIVATE KEY-----

29
certs/server-keyPkcs8Enc.pem 100644
View File

@ -0,0 +1,29 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6TAbBgkqhkiG9w0BBQMwDgQIr3AyvPqfFRQCAggABIIEyPUs6wCboqtKmExH
zfez3vfHn2cp6s3X563Bz73hYn/8vXtI/q0oDNOpgav60/N7rMy50fno3LmW0/6E
+UN4MwofmBS3lp1ZVY3KmzDy6lz5vcFo4GCCj+X6dacsyBQ4lFOge5BihQ3R9cKt
dSrd1EFKwGGu3qTDG7ajTZukmYjxuRqpyHqPO5OJO7yXxHOB7B7sSKIyJRCkkucd
oBC86kQdWraweSYj+Klza6VjKzmNzDBx9Fyhrj9XGXJ3rJLhjgNpelwX+PIMU31i
/yklI4jm0aMSoAvXgdBXZuOsnsI27GXxy//i7AOgLLWi+Bu4dJSSl5PMtespf83u
5jSysJymXiNcN6vEautGyjCujdMs5c/FEMbgubAMXymCI9DsAN+5dNMDY8Zrfqdl
hFKfctcu8BxFa+0tavJ28fOEBuEyJLsQ9OvvS7dn4AV502JRKWObfsw7fi+mMzMu
oxhYo99MRqic6a9uDmYB3SPeU31eOHiEi0n51D7Gtcn++F+IaDFwSHMirThzakGn
go3nj0yq62euzVcEuhIfTTAe3F2tqzpzznVFbs1XgrGVREJ6gp5vRgMUUGYIqQir
p5oW0HVRI4iuoSjdN4/wNAxIP9zakwYx+vWx1VXhDVEJfgNmxDRvEbF+OOz+iJCf
7A2e8L+kZ/5oC3HO8h7GdHNTUjRRdh8FUM8lGo+HbMYDznMy/bJlIP2bx9hIIha7
U70i09glS2Z7Ei+VecJbvFzdro0vdYyGO2ef8bWwCc5JMucxDcRklWdUxK6amKJN
VpXL3TW0VYCfr1rLmZXUfBGk/KXM20/BoM04WLjeR3oiV/2b7SYK7GnJ7kBmAHHx
gnrwMDO3JvH89CwlHRizVSQl59ViqEMGLmbHThcMqkEOkFphB2xox7/IOVyp6cFn
mY0ZCrbhdX+L6t5jiyq/4us5bzF7FOBYsJr6n1Rm9b8eeOL693y/6uM3CvTJcTOb
5RqWiHgTgmefeOeUQ0/dVgvEOIWz2yqBQmHKiB4+0CGGIRwUOXBrTKSLilumsjQe
qGhJ6yw25VIpdXsMD1WVviczgRTNYjdldIJoHQdvpCEAhQ1RR3rkuIPniTumJFmY
CnjfNqjtkaZWIN1nOCmcu50tswksWEEFEfkcP1xyzhr3EVCYAoFncLTp5vHBtdmg
6KBdar40/OFGAcbDGDX1g3XEEi6jHmy0Lyz7M3DwESgaMgwzscsQLr+wMITk1IUN
yfiXHl1CQjGxhDj8KoAhdDjjPENkSlCSd1vEO+lg1/IFb1dtnL2DJp6BQt9/VLHo
Fp3pdZ7r95H20+pEhCZp0HXLNo1o8xjJQ5RWUCs1Zc1cauDOAh8lAjps6MBxTa3a
LOgTW9lgiAQ+S1g2jK4BmqbLvZUF+Z6xupc8uE3E3HhJolmDRYojMNFNmmvODa8M
CneWmj3T1KvqEToAIq46mStlTfQufSMpaJ73Wds4gmIiGwn5hIuUN6f3kybbt4f2
4DLZXMcjYweLi9tJtFC+JaO0rS5gtX/k/ys1QSblSU5qfRu1XfwNAcZO1ReKgGYN
ymI78cSACGIcEvAwin8CdRu3W99NbMqHW9AcCETFlTsC3wNlQxyYSem75sjPaWVF
sxLy7YxEJ8tDEJZbSQ==
-----END ENCRYPTED PRIVATE KEY-----

29
certs/server-keyPkcs8Enc12.pem 100644
View File

@ -0,0 +1,29 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE5TAcBgoqhkiG9w0BDAEBMA4ECFytdly5R2o9AgIIAASCBMOa6fgAUIR5GokK
Z81YZMxC3sNqAwjLEkOwmez2za2fq+2mw6T8tB5W75lFpWyXD1MDPa1PpLzyw27c
d2C8nipCzp37yYLmXr+aS519CBJR80ily/WLcdv+ScsA6pjOEW2p+VDY55jFp2pr
n94/K2nFQpMxAdjxnqQCF5ewMLqzy3o3s6U3V9zIxy/xlLYi//UWFI8fqtOikqs4
apWLNqJONRZq95OITKO/Nhz7GyEfjrewJmv4zVToEnSagSwbR4IVFn5Lok8rSpI9
qwey9wsB1CguVwR0O2NjDVKUGXinfhdr+zMQlCoz+xY/Q1TkH4gEY5wpln4cBvtm
PL/BnD4wEWHh8vS61wfOQ7wPgY+cdCe75stTrKzc6amVJB+40Qi3Vt4TEPGwcP16
/qGl0zpYuAgilPtuEBw3GX3LiigpHmSt43D3DiYNGzv+Aran2Ei9iGSGeI2zHz8r
WFZEnptAwlqeyL7+MZjAOXlu6QG1yix8HvZLmtBHrE2MhuR4KbS3fAUCNQpn8OKu
zxYzs1ti5F2V4c9yK63gSz3H1ObRNsM2OkpUbSVGqLUN6a8HsI6yYh4we6q0gxKD
VGdzEz4S1BFEBfXWVSPnRNMR4YD8kiQEPutUZFLiWWZ7WliH5yNfHZUia8dovxFa
MWmAbSjMKRGvV+LvAGQHYBVfJSQO6VvBfBDtu0H4rLr8urmcPY+hbw1XxGfKSQp1
iIdvVwjefl8wM9LSRsvqY5l4mu+XDPanQlFbzKBOSyLQts97ys3AR+jkK8Bmv14l
xmCF8bJzzz5a2wAqbPhWIbk4J4VfcJEXNMzd19w4SxGv9fUXNiZZElUdNE+wtRsQ
YvACYn9sZ6JUwg9hNTLXuXZY47LuQrrdTDHupoVA9zLvUYMKgO+pjwS8uy1dLQao
0aztHLZEXuVJvpiRoMtYZl37ZNoLHQJeZUNyNATshAoD1+uSc7aywl8yqdTzXRR2
g0rkExXEVJ5OPyzbFdOQSC5HoOC7dInIBmkrSFEJMKDkMzwYI+uSoIbn+8i+Gjzy
Vh3/lftts/BIvr4NAh1ZAq/215jZSdAGo+1VZeuBeybwh3RBdBl8PhDBviTvbxSk
P+F1T+UcbAz9bgjQJgNvDb9XHNI8rfEhfDPX/Pr4VvxBZNndmRJVQDKi23YD/7yF
WAwXy418M7DPqp7NYmUHFe7JRm9bHk41EeknLZaZGW5qHwQKA10RoJCgjoOIFTsd
kD3Qq/0mEuOiuJn5UPE19xtUpvFWamDf3s3zSHM7VJ+gGNrS/WbQ+KmTimj0Wucd
2vWiNCGbhWwmp3LLKQlB5xDwXJy099SZUUkgcxGmfcT7FOpd3QSLYnwtPz8uLW0N
76zbiUTYCQ/ASLrwcKFGCKKBz62DlRreK23E/RjqkKKCVFzzg8AzQTa02ml+wQyG
+5EOwEF2yIrhV0p4hY/GDAIe3cdchiy1EQf6xH/IxPF/QsKNp0CfHVPgdFwLzjM2
oFD3analGblxp9CMiDbiKTOdFPL8XcguufqpWra2jtUbe07HQaeU2NcM2TeB2KsU
PhgBwgdNxW69K55iHReaZtuLw0GhD+KBrm7gSteVniiYLzLKzxmMycGGtoNwpbGi
MMJBE+BYZylG
-----END ENCRYPTED PRIVATE KEY-----

30
certs/server-keyPkcs8Enc2.pem 100644
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxaI9IblN3acCAggA
MBQGCCqGSIb3DQMHBAi7kwdRvCrqMgSCBMjkSOSVfmu42O0q2GzFrJVr3cam9ZKe
InQsxqtgADdBxMgJJVnr360tUNPQyyvfCH//Duhz+aJIC0MQZkWR3ZSy5pfHX+vr
C3wd741VOlI44uEdzRktlPc11saMDyKS04/K9aaYIDqspOiobt9WZLQildXl1n8j
N+7Laj7A/vxJ5GUJ4hdPwQOIeuJXTDDzn+Ld12XXGH+Iw1M5Cx3tBw1TNizSnmXQ
vf/MsfsWsZbHBppCXZbF27jJA+6Bg7dGT0OZM0pI+ZQvyHr+qjog0hollY9KjwTG
h+hsM7umWFJdeRMrmkTrX/R9HY/c5I4ExNSp1AtMmFeeU8h2VTJtYcoykUU1q2pF
KHfjPghwmYromQGR4nPA9sqa9s+VMq9OaqoJDoBwNobdFr7sEtMLT08vTa0+rMX7
bmjAF44/dVBYpBxXjTQ0pXVeb24Q00Sn6NOI4fTsBnkR+WTtuwz/L0qaGnJlh10y
sQ3+95cUtZc3SZS67yYUx5auswqT3V4JCmhJcHNi+/jHyrj9D8nVWibQ2TBmgUf+
0NzvdKb7sraEx7PSgFWDMLoQrd2+cqsJArpY9TbLSLhBDrOVc8v/lXYuK6QI0gMd
HIwAZARUZMoI3WS6icTLYyLdQPMsFzI6U0arkbrdhjNNd3kVqeFEJ+oF0rkuAcJJ
K8eUcsby1AIBS/9tuW1gSYubmuXsZX8xbYbJnHUqGOTAVa7jo8eVUTiyUfPXa+0N
s1tTpZXtOOlqncZ08mPHppshdKF2cpuh0JNjiR6fHvXytGWFGMsKtxdwKs/14UCg
qoTW0EQU4ONfBxR2PtX8PlNV4bOt704HP8Vc0H9JV2uWpJaLRzY2bBiPgKcrO9Eh
83zFrPu/0obBQTxnP3mMihxvCndflHQqeJ0V1YYw9n4+XbgBqULXDQs7OetRohnY
gYyc//NdC2I8mbdabFYvUTWSH6oMA6lqkwTjTTwtn5E8BJkRi1sIq4jNFUekpm2T
5AwP7xWn//PM+B12CPoIgYtYT6Yhbf8arXuGU28y1Ahhi/hKcpR9HRPQeyaR62vi
skjjycfn38wcj0WrIVnOceGgPa3EBrkkTaPUHvMQ5G/xzMZ82o3CnmwdnH+lp3eg
TLcLm8Yp9InkMJNVOrGLxFvmTljl3h9x2JVuE0wtuWt91QVmfCZo0k3Cx46ad7xB
eK20veTy+PySy2U3W1twGfsXXXRwaQiXXRrgPciK0LcGXZneShZuebk04U31sq4F
rYaMAzIDDmvwbjh+UpNcl1VdBDGGePxzzOD3HHYPbm240HVMPuS85P2kFjak3PdJ
GqsRUS1SRp1e451aFGjzggPLXFjAfDMaxrgjSWapRzu78i+xvcvf69979oX0KO9Y
KMSC14RnmnT1+UdKxX+p9r1AwfH/vJxM34AOSva1uLiSJckRGYGOzuaYsTT9ZAx/
q3CNALF4qFUMWmJnvQDYmCUnw6lJl3CazbtV5RI2ILQX6ZHR6YAHT5hYY43k+AnZ
mFW6BGKoX/f4iVqYtjQWiGWAJAf6C9+548O2t9MiVcgQf4Nvj6lFLM00pzFn7jW4
DsDFUBmmrSF8wfR7SRpOc/ViVZBRleYPLsMu0tmD29fowqqBY0MEkxqSahFAGTgk
sao=
-----END ENCRYPTED PRIVATE KEY-----

173
certs/taoCert.txt 100644
View File

@ -0,0 +1,173 @@
***** Create a self signed cert ************
1) openssl genrsa 1024 > client-key.pem
2) openssl req -new -x509 -nodes -sha1 -days 1000 -key client-key.pem > client-cert.pem
3) note md5 would be -md5
-- adding metadata to beginning
3) openssl x509 -in client-cert.pem -text > tmp.pem
4) mv tmp.pem client-cert.pem
***** Create a CA, signing authority **********
same as self signed, use ca prefix instead of client
***** Create a cert signed by CA **************
1) openssl req -newkey rsa:1024 -sha1 -days 1000 -nodes -keyout server-key.pem > server-req.pem
* note if using exisitng key do: -new -key keyName
2) copy ca-key.pem ca-cert.srl (why ????)
3) openssl x509 -req -in server-req.pem -days 1000 -sha1 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
***** Adding Subject Key ID and Authentication Key ID extensions to a cert *****
Create a config file for OpenSSL with the example contents:
[skidakid]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
Add to the openssl command for creating a cert signed by a CA step 3 the
following options:
-extfile <file.cnf> -extensions skidakid
anywhere before the redirect. This will add the cert's public key hash as the
Subject Key Identifier, and the signer's SKID as the Authentication Key ID.
***** To create a dsa cert ********************
1) openssl dsaparam 512 > dsa512.param # creates group params
2) openssl gendsa dsa512.param > dsa512.pem # creates private key
3) openssl req -new -x509 -nodes -days 1000 -key dsa512.pem > dsa-cert.pem
***** To convert from PEM to DER **************
a) openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
to convert rsa private PEM to DER :
b) openssl rsa -in key.pem -outform DER -out key.der
**** To encrypt rsa key already in pem **********
a) openssl rsa <server-key.pem.bak -des >server-keyEnc.pem
note location of des, pass = yassl123
*** To make a public key from a private key ******
openssl rsa -in 1024rsa.priv -pubout -out 1024rsa.pub
**** To convert to pkcs8 *******
openssl pkcs8 -nocrypt -topk8 -in server-key.pem -out server-keyPkcs8.pem
**** To convert to pkcs8 encrypted *******
openssl pkcs8 -topk8 -in server-key.pem -out server-keyPkcs8Enc.pem
passwd: yassl123
to use PKCS#5 v2 instead of v1.5 which is default add
-v2 des3 # file Pkcs8Enc2
to use PKCS#12 instead use -v1 witch a 12 algo like
-v1 PBE-SHA1-RC4-128 # file Pkcs8Enc12 , see man pkcs8 for more info
**** To convert from pkcs8 to traditional ****
openssl pkcs8 -nocrypt -in server-keyPkcs8.pem -out server-key.pem
*** DH paramters ***
openssl dhparam 2048 > dh2048.param
to add metadata
openssl dhparam -in dh2048.param -text > dh2048.pem
**** ECC ******
1) make a key
to see types available do
openssl ecparam -list_curves
make a new key
openssl ecparam -genkey -text -name secp256r1 -out ecc-key.pem
*** CRL ***
1) create a crl
a) openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
Error No ./CA root/index.txt so:
b) touch ./CA root/index.txt
a) again
Error No ./CA root/crlnumber so:
c) touch ./CA root/crlnumber
a) again
Error unable to load CRL number
d) add '01' to crlnumber file
a) again
2) view crl file
openssl crl -in crl.pem -text
3) revoke
openssl ca -revoke server-cert.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
Then regenerate crl with a)
4) verify
openssl verify -CAfile ./ca-cert.pem ./server-cert.pem
OK
Make file with both ca and crl
cat ca-cert.pem crl.pem > ca-crl.pem
openssl verify -CAfile ./ca-crl.pem -crl_check ./ca-cert.pem
revoked

3
certs/test/catalog.txt 100644
View File

@ -0,0 +1,3 @@
crit-cert.pem:
Simple self-signed certificate with critical Basic Constraints and Key Usage
extensions.

18
certs/test/crit-cert.pem 100644
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC7DCCApagAwIBAgIJAKBIQJVDXWL5MA0GCSqGSIb3DQEBBAUAMIHHMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEm
MCQGA1UECgwdSm9obidzIFNvZnR3YXJlIFBsdW1iaW5nLCBMTEMxFDASBgNVBAsM
C0VuZ2luZWVyaW5nMSkwJwYDVQQDDCBlbmdpbmVlcmluZy5zb2Z0d2FyZXBsdW1i
aW5nLmJpejEoMCYGCSqGSIb3DQEJARYZam9obkBzb2Z0d2FyZXBsdW1iaW5nLmJp
ejAeFw0xNDAzMTMxNjUyMzRaFw0xNjEyMDcxNjUyMzRaMIHHMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEmMCQGA1UE
CgwdSm9obidzIFNvZnR3YXJlIFBsdW1iaW5nLCBMTEMxFDASBgNVBAsMC0VuZ2lu
ZWVyaW5nMSkwJwYDVQQDDCBlbmdpbmVlcmluZy5zb2Z0d2FyZXBsdW1iaW5nLmJp
ejEoMCYGCSqGSIb3DQEJARYZam9obkBzb2Z0d2FyZXBsdW1iaW5nLmJpejBcMA0G
CSqGSIb3DQEBAQUAA0sAMEgCQQDicEBO1u+ysy7iakWAewKMYPKwzY6Oaq+FUopr
SIjgrX8JIV5gnnvT0HrV/Ju2t4sBy41rZc50cqOdOj9yZctRAgMBAAGjYzBhMB0G
A1UdDgQWBBQYkZqEi8LDLWrQZjw5usbSedJdAzAfBgNVHSMEGDAWgBQYkZqEi8LD
LWrQZjw5usbSedJdAzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIF4DAN
BgkqhkiG9w0BAQQFAANBAEU0nmhsV0h59xJIHESZPqGj7LYEoSnyZ8/vs+KBJmhm
A8XaCALu1m2CWCrW5wjqSGbbqQfy9vFqsnNX+Qt9KiU=
-----END CERTIFICATE-----

9
certs/test/crit-key.pem 100644
View File

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOQIBAAJBAOJwQE7W77KzLuJqRYB7Aoxg8rDNjo5qr4VSimtIiOCtfwkhXmCe
e9PQetX8m7a3iwHLjWtlznRyo506P3Jly1ECAwEAAQJAG21BPMtn6Rsu+JmqpW9A
1cQAYU3kkHd3nwxqW6hDfAMNY8qZCkGsrBxSAgvIItQwytV7zn+F8FPDwViVz1xQ
gQIhAPWkmZGz7sRIuZB4JQiXzVJvUprsfgpg6ODfpWl+cabJAiEA6/xdEuMqbiY+
g7xG1MMOe2zstDB+vvxT5pEQxGklXEkCIBo9qC4Zc6NCRZh6TTJ6zPNGcyObqec/
7QDAw3HekROJAiBm+N7QIAniuJNsvloV+us11kjPM54KzmX55PDxE4R26QIgU5DH
iIm5DKbAJqgaXOXo35v/PUqYZmJUc2bPF158+vg=
-----END RSA PRIVATE KEY-----

56
certs/test/expired-ca.pem 100644
View File

@ -0,0 +1,56 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8a:37:22:65:73:f5:aa:e8
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jun 30 18:47:10 2010 GMT
Not After : Mar 26 18:47:10 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
aa:56:23:03:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
X509v3 Authority Key Identifier:
keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
serial:8A:37:22:65:73:F5:AA:E8
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
f4:b0:34:6d:d1:d5:a4:64:24:f8
-----BEGIN CERTIFICATE-----
MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
u07s6lX6pOMAYfSwNG3R1aRkJPg=
-----END CERTIFICATE-----

39
certs/test/expired-cert.pem 100644
View File

@ -0,0 +1,39 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Validity
Not Before: Jun 30 18:52:17 2010 GMT
Not After : Mar 26 18:52:17 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
7e:16:77:e2:a7
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
9b:0b:e0:74:58:11:c5:01:7b:4d
-----BEGIN CERTIFICATE-----
MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
4HRYEcUBe00=
-----END CERTIFICATE-----

9
certs/test/expired-key.pem 100644
View File

@ -0,0 +1,9 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
-----END RSA PRIVATE KEY-----