WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity
wolfssl-examples/x509_acert/README.md

105 lines
2.3 KiB
Markdown
Raw Blame History

# Description
Simple example of ACERT (Attribute Certificate) support with wolfSSL compat layer,
and OpenSSL.
Supports:
- printing
- signing (openssl only)
- verifying
Based on this example:
- https://github.com/philljj/acert-test
## Prerequisites
Building wolfSSL: Build wolfSSL with
```sh
./configure --enable-acert --enable-opensslextra --enable-rsapss
make
make install
```
Building OpenSSL: At the time of writing this README, attribute cert support
requires openssl master. Clone and build openssl with:
```sh
git clone https://github.com/openssl/openssl.git --depth=1 || exit 1
cd openssl || exit 1
./Configure || exit 1
make || exit 1
sudo make install
```
## Building the examples
Build the wolfssl example with:
```sh
make wolfssl_acert
```
Build the openssl example with:
```sh
make wolfssl_acert
```
Note: you may need to use this script to set your environment
```sh
$ source set_env
info: using env: /usr/local/lib64/:/usr/local/lib/
```
## Examples
### ACERT verification with pubkey
```sh
$./wolfssl_acert -f acerts/acert.pem -k acerts/acert_pubkey.pem
info: using acert file: acerts/acert.pem
info: using pubkey file: acerts/acert_pubkey.pem
info: PEM_read_bio_X509_ACERT: good
info: acert version: 1
info: PEM_read_bio_PUBKEY: good
info: X509_ACERT_verify: good
info: acert_do_test: good
success
```
### Sign and generate ACERT with RSA-PSS with OpenSSL, verify with wolfSSL
1. Use `certs/acert.pem` as input `-f`, and generate new keys and sign `-s`,
use RSA-PSS `-r`, and write to file `-w`:
```sh
$./openssl_acert -f certs/acert.pem -srw
info: using acert file: certs/acert.pem
info: using rsa_pss
info: using mdname: SHA2-256
info: using mask alg: mgf1 with SHA1
info: PEM_read_bio_X509_ACERT: good
info: acert version: 1
info: X509_ACERT_sign: good
info: wrote acert to file: acert_new.pem
info: wrote pubkey to file: pkey_new.pem
info: X509_ACERT_verify: good
info: acert_do_test: good
success
```
2. Finally, test wolfssl verify using newly generated `acert_new.pem` and
`pkey_new.pem`:
```sh
$./wolfssl_acert -f acert_new.pem -k pkey_new.pem
info: using acert file: acert_new.pem
info: using pubkey file: pkey_new.pem
info: PEM_read_bio_X509_ACERT: good
info: acert version: 1
info: PEM_read_bio_PUBKEY: good
info: X509_ACERT_verify: good
info: acert_do_test: good
success
```
Reference in New Issue View Git Blame Copy Permalink