update

apps/ca-gencert-engine.sh

@@ -1,70 +0,0 @@
-#!/bin/bash
-
-PIN=123456
-PUK=654321
-P11LIB=/usr/local/lib/opensc-pkcs11.so
-REQFILE=req.pem
-USERNAME="John Doe"
-
-echo " *** Erase card ***"
-pkcs15-init --erase-card --verbose
-
-echo " *** Initialization ***"
-pkcs15-init				\
-	--create-pkcs15			\
-	--profile pkcs15+onepin 	\
-	--pin $PIN 			\
-	--puk $PUK			\
-	--label "Personal Crypto Token"	\
-	--verbose
-
-echo " *** Generate Key Pair ***"
-pkcs11-tool 				\
-	--keypairgen			\
-	--module $P11LIB		\
-	--login --pin $PIN		\
-	--key-type rsa:2048		\
-	--usage-sign			\
-	--subject $USERNAME		\
-	--label "Private Key"
-
-KEYID=`pkcs11-tool --module $P11LIB --list-objects | grep "ID"  | awk '{ print $2}'`
-
-
-echo " *** Generate Certificate Request ***"
-openssl req				\
-	-new				\
-	-engine pkcs11 			\
-	-config openssl.conf		\
-	-keyform engine			\
-	-key 1:$KEYID			\
-	-subj "/C=CN/ST=Beijing/L=Beijing/O=PKU/OU=Infosec/CN=$1/emailAddress=$1@pku.edu.cn"	\
-	-out $REQFILE
-
-openssl req -in $REQFILE -text
-
-CERTFILE=user.pem
-CERTDER=user.der
-
-echo " *** Sign Certificate ***"
-openssl ca -batch -out $CERTFILE -notext -outdir . -infiles $REQFILE
-openssl x509 -in $CERTFILE -outform DER -out $CERTDER
-
-echo " *** Import Certificate to Token ***"
-pkcs11-tool --write-object $CERTDER	\
-	--module $P11LIB		\
-	--login --pin $PIN		\
-	--label Certificate		\
-	--type cert			
-
-echo " *** Show Token Info ***"
-pkcs11-tool --list-token-slots		\
-	--module $P11LIB
-
-pkcs11-tool --list-objects		\
-	--module $P11LIB		\
-	--login --pin $PIN	
-
-openssl x509 -in $CERTFILE -text -noout
-
-

apps/ca-gencert.sh

@@ -1,17 +0,0 @@
-#!/bin/bash -x
-
-CURVE=secp192k1
-KEY_FILE=user.key
-REQ_FILE=user.req
-CERT_FILE=user.pem
-
-#openssl ecparam -genkey -name $CURVE -text -out $KEY_FILE
-openssl genrsa 1024 -text > $KEY_FILE
-openssl req -new -key $KEY_FILE -out $REQ_FILE
-openssl ca -out $CERT_FILE  -outdir . -infiles $REQ_FILE
-openssl pkcs12 -export -out user.pfx -in $CERT_FILE -inkey $KEY_FILE -certfile .demoCA/cacert.pem
-
-#rm -f $KEY_FILE
-#rm -f $REQ_FILE
-#rm -f $CERT_FILE
-

apps/ca-setup.sh

@@ -1,22 +0,0 @@
-#!/bin/bash
-
-CURVE=prime256v1
-DIR=demoCA
-
-rm -fr $DIR
-mkdir $DIR
-mkdir $DIR/certs
-mkdir $DIR/crl
-mkdir $DIR/newcerts
-mkdir $DIR/private/
-touch $DIR/index.txt
-touch $DIR/crlnumber
-touch $DIR/private/.rand
-echo 01 > $DIR/serial
-
-#openssl ecparam -genkey -name $CURVE -text -out $DIR/private/cakey.pem
-
-openssl genrsa 2048 -text > $DIR/private/cakey.pem
-openssl req -new -x509 -days 3650 -key $DIR/private/cakey.pem -out $DIR/cacert.pem
-openssl x509 -text -noout -in $DIR/cacert.pem
-

apps/ca-show-token-info.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-
-PIN=123456
-PUK=654321
-P11LIB=/usr/local/lib/opensc-pkcs11.so
-
-pkcs11-tool --list-token-slots --module $P11LIB
-pkcs11-tool --list-objects		\
-	--module $P11LIB		\
-	--login --pin $PIN
-

apps/sm2-cert.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAqqgAwIBAgIJAJw7UiX5bNh5MAkGByqGSM49BAEwcTELMAkGA1UEBhMC
-Q04xDzANBgNVBAgMBlBla2luZzEQMA4GA1UEBwwHSGFpZGlhbjEaMBgGA1UECgwR
-UGVraW5nIFVuaXZlcnNpdHkxEDAOBgNVBAsMB0luZm9zZWMxETAPBgNVBAMMCEd1
-YW4gWmhpMB4XDTE0MTEyOTE0MDYzMloXDTE1MTEyOTE0MDYzMlowcTELMAkGA1UE
-BhMCQ04xDzANBgNVBAgMBlBla2luZzEQMA4GA1UEBwwHSGFpZGlhbjEaMBgGA1UE
-CgwRUGVraW5nIFVuaXZlcnNpdHkxEDAOBgNVBAsMB0luZm9zZWMxETAPBgNVBAMM
-CEd1YW4gWmhpMIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA////
-/v////////////////////8AAAAA//////////8wRAQg/////v//////////////
-//////8AAAAA//////////wEICjp+p6dn140TVqeS89lCafzl4n1FauPkt28vUFN
-lA6TBEEEMsSuLB8ZgRlfmQRGajnJlI/jC7/yZgvhcVpFiTNMdMe8Nzai9PZ3nFm9
-zuNraSFT0KmHfMYqR0AC3zLlITnwoAIhAP////7///////////////9yA99rIcYF
-K1O79Ak51UEjAgEBA0IABPxvh+kOx3UlRALhNUv+4k2ieZTUpMyk8aGjEIKmMqWz
-rcgxV77gZ7V8HHIYJHd+5gwqUnpZbF7ZiztD6LpG8JajUDBOMB0GA1UdDgQWBBTP
-knf5z9+3Jlr6AWqSt0GyC94QVjAfBgNVHSMEGDAWgBTPknf5z9+3Jlr6AWqSt0Gy
-C94QVjAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDSAAwRQIgEtQ98ncm48JHSnAn
-UgE8FqL/aCH1hNFTu6eUTGy/pFsCIQDbx65Yi5VepUzSBfPAqgaFzN/Wp/i/gl0k
-HTUjg11OEQ==
------END CERTIFICATE-----

apps/sm2-gencert.sh

@@ -0,0 +1,11 @@
+#!/bin/bash -x
+
+KEY_FILE=user.key
+REQ_FILE=user.req
+CERT_FILE=user.pem
+
+gmssl ecparam -genkey -name sm2p256v1 -text -out $KEY_FILE
+gmssl req -new -key $KEY_FILE -out $REQ_FILE
+gmssl ca -out $CERT_FILE  -outdir . -infiles $REQ_FILE
+gmssl pkcs12 -export -out user.pfx -in $CERT_FILE -inkey $KEY_FILE -certfile .demoCA/cacert.pem
+

apps/sm2-initca.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+DIR=demoCA
+
+rm -fr $DIR
+mkdir $DIR
+mkdir $DIR/certs
+mkdir $DIR/crl
+mkdir $DIR/newcerts
+mkdir $DIR/private/
+touch $DIR/index.txt
+touch $DIR/crlnumber
+touch $DIR/private/.rand
+echo 01 > $DIR/serial
+
+gmssl ecparam -genkey -name sm2p256v1 -text -out $DIR/private/cakey.pem
+gmssl req -new -x509 -days 3650 -key $DIR/private/cakey.pem -out $DIR/cacert.pem
+gmssl x509 -text -noout -in $DIR/cacert.pem
+

apps/sm2-key.pem

@@ -1,17 +0,0 @@
------BEGIN EC PARAMETERS-----
-MIHgAgEBMCwGByqGSM49AQECIQD////+/////////////////////wAAAAD/////
-/////zBEBCD////+/////////////////////wAAAAD//////////AQgKOn6np2f
-XjRNWp5Lz2UJp/OXifUVq4+S3by9QU2UDpMEQQQyxK4sHxmBGV+ZBEZqOcmUj+ML
-v/JmC+FxWkWJM0x0x7w3NqL09necWb3O42tpIVPQqYd8xipHQALfMuUhOfCgAiEA
-/////v///////////////3ID32shxgUrU7v0CTnVQSMCAQE=
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MIIBUQIBAQQgkd0ULnCTm/ckQ0TxZvNh8O3U/C1Od/ACbi8zFeEOmHyggeMwgeAC
-AQEwLAYHKoZIzj0BAQIhAP////7/////////////////////AAAAAP//////////
-MEQEIP////7/////////////////////AAAAAP/////////8BCAo6fqenZ9eNE1a
-nkvPZQmn85eJ9RWrj5LdvL1BTZQOkwRBBDLEriwfGYEZX5kERmo5yZSP4wu/8mYL
-4XFaRYkzTHTHvDc2ovT2d5xZvc7ja2khU9Cph3zGKkdAAt8y5SE58KACIQD////+
-////////////////cgPfayHGBStTu/QJOdVBIwIBAaFEA0IABPxvh+kOx3UlRALh
-NUv+4k2ieZTUpMyk8aGjEIKmMqWzrcgxV77gZ7V8HHIYJHd+5gwqUnpZbF7ZiztD
-6LpG8JY=
------END EC PRIVATE KEY-----