mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-23 00:36:28 +08:00
Remove demos
This commit is contained in:
Zhi Guan
@@ -1,44 +0,0 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
set -e
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out rootcakey.pem
|
||||
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
|
||||
gmssl certparse -in rootcacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out cakey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
|
||||
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
|
||||
gmssl certparse -in cacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out signkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
|
||||
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
|
||||
gmssl certparse -in signcert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out enckey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
|
||||
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
|
||||
gmssl certparse -in enccert.pem
|
||||
|
||||
rm -fr revoked_certs.der
|
||||
gmssl certrevoke -in signcert.pem -reason keyCompromise -out revoked_certs.der
|
||||
gmssl certrevoke -in enccert.pem -reason keyCompromise -out revoked_certs.der
|
||||
gmssl crlgen -in revoked_certs.der -cacert cacert.pem -key cakey.pem -pass 1234 -next_update 20240101000000Z -gen_authority_key_id -crl_num 1 -out crl.der
|
||||
gmssl crlparse -in crl.der
|
||||
|
||||
rm -fr rootcakey.pem
|
||||
rm -fr rootcacert.pem
|
||||
rm -fr cakey.pem
|
||||
rm -fr careq.pem
|
||||
rm -fr cacert.pem
|
||||
rm -fr signkey.pem
|
||||
rm -fr signreq.pem
|
||||
rm -fr signcert.pem
|
||||
rm -fr enckey.pem
|
||||
rm -fr encreq.pem
|
||||
rm -fr enccert.pem
|
||||
rm -fr revoked_certs.der
|
||||
rm -fr crl.der
|
||||
|
||||
echo "all ok"
|
||||
@@ -1,43 +0,0 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
set -e
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out rootcakey.pem
|
||||
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 \
|
||||
-key rootcakey.pem -pass 1234 \
|
||||
-out rootcacert.pem \
|
||||
-ca -path_len_constraint 6 \
|
||||
-key_usage keyCertSign -key_usage cRLSign \
|
||||
-crl_http_uri http://pku.edu.cn/ca.crl -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn
|
||||
|
||||
gmssl certparse -in rootcacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out cakey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
|
||||
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem \
|
||||
-crl_http_uri http://pku.edu.cn/ca.crl -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn
|
||||
gmssl certparse -in cacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out signkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
|
||||
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem \
|
||||
-crl_http_uri http://github.com/guanzhi/GmSSL/raw/master/demos/certs/SubCA-1.crl
|
||||
gmssl certparse -in signcert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out enckey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
|
||||
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem \
|
||||
-crl_http_uri http://github.com/guanzhi/GmSSL/raw/master/demos/certs/SubCA-1.crl
|
||||
gmssl certparse -in enccert.pem
|
||||
|
||||
cat signcert.pem > certs.pem
|
||||
cat cacert.pem >> certs.pem
|
||||
gmssl certverify -in certs.pem -cacert rootcacert.pem #-check_crl
|
||||
|
||||
cat signcert.pem > dbl_certs.pem
|
||||
cat enccert.pem >> dbl_certs.pem
|
||||
cat cacert.pem >> dbl_certs.pem
|
||||
gmssl certverify -double_certs -in dbl_certs.pem -cacert rootcacert.pem #-check_crl
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -1,27 +0,0 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
set -e
|
||||
|
||||
cd ../certs
|
||||
|
||||
gmssl certparse -in "rootca/Civil Servant ROOT.pem"
|
||||
gmssl certverify -in "rootca/Civil Servant ROOT.pem" -cacert "rootca/Civil Servant ROOT.pem"
|
||||
gmssl crlparse -in "crl/Civil Servant ROOT.crl"
|
||||
gmssl crlverify -in "crl/Civil Servant ROOT.crl" -cacert "rootca/Civil Servant ROOT.pem"
|
||||
|
||||
gmssl certparse -in "rootca/Device ROOT.pem"
|
||||
gmssl certverify -in "rootca/Device ROOT.pem" -cacert "rootca/Device ROOT.pem"
|
||||
gmssl crlparse -in "crl/Device ROOT.crl"
|
||||
gmssl crlverify -in "crl/Device ROOT.crl" -cacert "rootca/Device ROOT.pem"
|
||||
|
||||
gmssl certparse -in "rootca/ROOTCA.pem"
|
||||
gmssl certverify -in "rootca/ROOTCA.pem" -cacert "rootca/ROOTCA.pem"
|
||||
gmssl crlparse -in "crl/ROOTCA.crl"
|
||||
gmssl crlverify -in "crl/ROOTCA.crl" -cacert "rootca/ROOTCA.pem" # now > next_update
|
||||
|
||||
# The CRL URI of ROOTCA.pem is in Base64 format, not DER
|
||||
gmssl certverify -in "ca/TJCA.pem" -cacert "rootca/Civil Servant ROOT.pem" #-check_crl
|
||||
gmssl certverify -in "ca/Taier CA.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
|
||||
gmssl certverify -in "ca/Ant Financial Certification Authority S1.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
|
||||
|
||||
echo ok
|
||||
@@ -1,129 +0,0 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
set -e
|
||||
|
||||
signcert=ebssec.boc.cn-sign.pem
|
||||
enccert=ebssec.boc.cn-enc.pem
|
||||
crl=CFCA_SM2_OCA1.crl
|
||||
cacert=CFCA_SM2_OCA1.pem
|
||||
rootcacert=CFCA_CS_SM2_CA.pem
|
||||
|
||||
|
||||
cat << EOF > $signcert
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICzzCCAnKgAwIBAgIFEzY5M3AwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD
|
||||
TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2
|
||||
MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD
|
||||
VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF
|
||||
rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN
|
||||
ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPsNUnoZQM9C
|
||||
SnvC57TbvdfyOTCuPOSlZmPAyxBKFj+Y1QH/xlubHdVf5XqHrO1jCDRi7aN5IKGX
|
||||
QF1492c803OjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB
|
||||
ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF
|
||||
BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f
|
||||
BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j
|
||||
cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCBsAwHQYD
|
||||
VR0OBBYEFJ6oFo/OrKgDhHFORpaq04kX7T1KMB0GA1UdJQQWMBQGCCsGAQUFBwMC
|
||||
BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0kAMEYCIQCvhSvbv5h6ERl1YcCLg+fz
|
||||
9UleQbaPfBYwUjUD2dAHVQIhAMRC4k9S/mSC0UpUvCqh/DQC2Ui8Tccd5G2IgYSs
|
||||
cnUN
|
||||
-----END CERTIFICATE-----
|
||||
EOF
|
||||
|
||||
cat << EOF > $enccert
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICzjCCAnKgAwIBAgIFEzY5M3EwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD
|
||||
TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2
|
||||
MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD
|
||||
VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF
|
||||
rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN
|
||||
ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABMn1q+hbV0i1
|
||||
qnKAy7QeZ3ZfAD+gqHX4F5MqIhsarODlWsavf/dcprC0F277zc44aYBB/3ucy4PF
|
||||
qXaRHQp8PEyjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB
|
||||
ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF
|
||||
BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f
|
||||
BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j
|
||||
cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCAzgwHQYD
|
||||
VR0OBBYEFF/a1JHvzLzbpFbBljX7hNxRpj/2MB0GA1UdJQQWMBQGCCsGAQUFBwMC
|
||||
BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0gAMEUCIQDCOFi1eZcgiN6t+h6lxLwS
|
||||
grAh3Jall+ZyA2ePw6xcjwIgNyDvo761dpwJhcyWfyVCAnaTf0Vf4DLWI1K+S7po
|
||||
Ur8=
|
||||
-----END CERTIFICATE-----
|
||||
EOF
|
||||
|
||||
|
||||
cat << EOF > $cacert
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICNTCCAdmgAwIBAgIFEAAAAAgwDAYIKoEcz1UBg3UFADBYMQswCQYDVQQGEwJD
|
||||
TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y
|
||||
aXR5MRcwFQYDVQQDDA5DRkNBIENTIFNNMiBDQTAeFw0xMzAxMjQwODQ2NDBaFw0z
|
||||
MzAxMTkwODQ2NDBaMCUxCzAJBgNVBAYTAkNOMRYwFAYDVQQKDA1DRkNBIFNNMiBP
|
||||
Q0ExMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEfJqQoo0+JoyCRy0msS2Ym076
|
||||
8nV1pSLuK9utS1ij38obWDymq0oMRRwUzDMEQI19Cajo3JUoGFxOvsA+YWu3XKOB
|
||||
wDCBvTAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD
|
||||
AQH/MGAGA1UdHwRZMFcwVaBToFGkTzBNMQswCQYDVQQGEwJDTjETMBEGA1UECgwK
|
||||
Q0ZDQSBDUyBDQTEMMAoGA1UECwwDQ1JMMQwwCgYDVQQLDANTTTIxDTALBgNVBAMM
|
||||
BGNybDEwCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBRck1ggWiRzVhAbZFAQ7OmnygdB
|
||||
ETAMBggqgRzPVQGDdQUAA0gAMEUCIBVscoZJhUy4eToK4C//LjvhjKK2qpBFac/h
|
||||
Pr6yYTLzAiEAiyqrqsGUU5vGkDo5bEpmF1EbnY8xovsM9vCx98yBrVM=
|
||||
-----END CERTIFICATE-----
|
||||
EOF
|
||||
|
||||
|
||||
cat << EOF > $rootcacert
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICAzCCAaegAwIBAgIEFy9CWTAMBggqgRzPVQGDdQUAMFgxCzAJBgNVBAYTAkNO
|
||||
MTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
|
||||
dHkxFzAVBgNVBAMMDkNGQ0EgQ1MgU00yIENBMB4XDTEyMDgzMTAyMDY1OVoXDTQy
|
||||
MDgyNDAyMDY1OVowWDELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFu
|
||||
Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEXMBUGA1UEAwwOQ0ZDQSBDUyBT
|
||||
TTIgQ0EwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATuRh26wmtyKNMz+Pmneo3a
|
||||
Sme+BCjRon8SvAxZBgLSuIxNUewq4kNujeb1I4A0yg7xNcjuOgXglAoQv+Tc+P0V
|
||||
o10wWzAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD
|
||||
AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU5I7d1KPntg/uHSeWzXXcJSVyad0w
|
||||
DAYIKoEcz1UBg3UFAANIADBFAiBhP/rmIvles3RK1FfcmmEeS9RZdu+5lCzxF0nk
|
||||
cof2QAIhAPVRpqOuceEQHsR77FBe/DgVPqF6lOyoZs0TzTDHrN8c
|
||||
-----END CERTIFICATE-----
|
||||
EOF
|
||||
|
||||
gmssl certverify -in $signcert -cacert $cacert
|
||||
gmssl certverify -in $enccert -cacert $cacert
|
||||
gmssl certverify -in $cacert -cacert $rootcacert
|
||||
|
||||
chain=chain.pem
|
||||
cat $signcert > $chain
|
||||
cat $cacert >> $chain
|
||||
gmssl certverify -in $chain -cacert $rootcacert
|
||||
|
||||
chain_with_root=chain_with_root.pem
|
||||
cp $chain $chain_with_root
|
||||
cat $rootcacert >> $chain_with_root
|
||||
gmssl certverify -in $chain_with_root -cacert $rootcacert
|
||||
|
||||
double_certs=double_certs.pem
|
||||
cat $signcert > $double_certs
|
||||
cat $enccert >> $double_certs
|
||||
gmssl certverify -in $double_certs -cacert $cacert -double_certs
|
||||
|
||||
double_chain=double_chain.pem
|
||||
cat $double_certs > $double_chain
|
||||
cat $cacert >> $double_chain
|
||||
gmssl certverify -in $double_chain -cacert $rootcacert -double_certs
|
||||
|
||||
gmssl certparse -in $double_chain
|
||||
gmssl certverify -in $double_chain -cacert $rootcacert -double_certs -check_crl
|
||||
gmssl crlget -cert $signcert -out $crl
|
||||
gmssl crlparse -in $crl
|
||||
|
||||
rm -fr $signcert
|
||||
rm -fr $enccert
|
||||
rm -fr $crl
|
||||
rm -fr $cacert
|
||||
rm -fr $rootcacert
|
||||
rm -fr $chain
|
||||
rm -fr $chain_with_root
|
||||
rm -fr $double_certs
|
||||
rm -fr $double_chain
|
||||
|
||||
echo ok
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out key.pem -pubout keypub.pem
|
||||
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key_usage dataEncipherment -days 365 -key key.pem -pass 1234 -out cert.pem
|
||||
|
||||
echo "<html>The plaintext message.</html>" > plain.txt
|
||||
|
||||
gmssl cmsencrypt -in plain.txt -rcptcert cert.pem -out enveloped_data.pem
|
||||
gmssl cmsparse -in enveloped_data.pem
|
||||
gmssl cmsdecrypt -key key.pem -pass 1234 -cert cert.pem -in enveloped_data.pem
|
||||
|
||||
gmssl cmssign -key key.pem -pass 1234 -cert cert.pem -in plain.txt -out signed_data.pem
|
||||
gmssl cmsparse -in signed_data.pem
|
||||
gmssl cmsverify -in signed_data.pem -out signed_data.txt
|
||||
cat signed_data.txt
|
||||
|
||||
@@ -1,42 +0,0 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
set -e
|
||||
|
||||
# generate self-signed CA certificate
|
||||
gmssl sm2keygen -pass 1234 -out cakey.pem -pubout pubkey.pem
|
||||
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN CA -days 365 -key cakey.pem -pass 1234 -out cacert.pem
|
||||
gmssl certparse -in cacert.pem
|
||||
|
||||
# generate a req and sign by CA certificate
|
||||
gmssl sm2keygen -pass 1234 -out signkey.pem -pubout pubkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key signkey.pem -pass 1234 -out signreq.pem
|
||||
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
|
||||
gmssl certparse -in signcert.pem
|
||||
|
||||
# sign a encryption certificate with the same DN, different KeyUsage extension
|
||||
gmssl sm2keygen -pass 1234 -out enckey.pem -pubout pubkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key enckey.pem -pass 1234 -out encreq.pem
|
||||
gmssl reqsign -in encreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
|
||||
gmssl certparse -in enccert.pem
|
||||
|
||||
# 中文
|
||||
gmssl sm2keygen -pass 1234 -out alicekey.pem -pubout alicepubkey.pem
|
||||
gmssl reqgen -O "北京大学" -CN "爱丽丝" -key alicekey.pem -pass 1234 -out alicereq.pem
|
||||
gmssl reqsign -in alicereq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out alicecert.pem
|
||||
gmssl certparse -in alicecert.pem
|
||||
|
||||
|
||||
rm -fr pubkey.pem
|
||||
rm -fr cacert.pem
|
||||
rm -fr signkey.pem
|
||||
rm -fr signreq.pem
|
||||
rm -fr signcert.pem
|
||||
rm -fr enckey.pem
|
||||
rm -fr encreq.pem
|
||||
rm -fr enccert.pem
|
||||
rm -fr alicekey.pem
|
||||
rm -fr alicepubkey.pem
|
||||
rm -fr alicereq.pem
|
||||
rm -fr alicecert.pem
|
||||
|
||||
echo ok
|
||||
@@ -1,8 +0,0 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
|
||||
# https://ebssec.boc.cn
|
||||
gmssl tlcp_client -host 123.124.191.183
|
||||
|
||||
# https://zffw.jxzwfww.gov.cn
|
||||
gmssl tlcp_client -host 218.87.21.62
|
||||
@@ -1,49 +0,0 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out rootcakey.pem
|
||||
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
|
||||
gmssl certparse -in rootcacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out cakey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
|
||||
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem -ca
|
||||
gmssl certparse -in cacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out signkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
|
||||
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
|
||||
gmssl certparse -in signcert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out enckey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
|
||||
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
|
||||
gmssl certparse -in enccert.pem
|
||||
|
||||
cat signcert.pem > double_certs.pem
|
||||
cat enccert.pem >> double_certs.pem
|
||||
cat cacert.pem >> double_certs.pem
|
||||
|
||||
sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem 1>/dev/null 2>/dev/null &
|
||||
#sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 1>/dev/null 2>/dev/null &
|
||||
sleep 3
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out clientkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
|
||||
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
|
||||
gmssl certparse -in clientcert.pem
|
||||
|
||||
# build and install BabaSSL 8.3.2
|
||||
# Download
|
||||
# ./config enable-ntls; make; sudo make install
|
||||
|
||||
# current /demos/scripts
|
||||
# /build/bin
|
||||
|
||||
openssl version
|
||||
|
||||
../../build/bin/demo_sm2_key_export clientkey.pem 1234 > clientpkey.pem
|
||||
|
||||
#openssl s_client -enable_ntls -ntls -connect localhost:443 -no_ticket -CAfile rootcacert.pem -sign_cert clientcert.pem -sign_key clientpkey.pem -pass pass:1234
|
||||
|
||||
|
||||
@@ -1,36 +0,0 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out rootcakey.pem
|
||||
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
|
||||
gmssl certparse -in rootcacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out cakey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
|
||||
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem -ca -path_len_constraint 0
|
||||
gmssl certparse -in cacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out signkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
|
||||
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
|
||||
gmssl certparse -in signcert.pem
|
||||
|
||||
cat signcert.pem > certs.pem
|
||||
cat cacert.pem >> certs.pem
|
||||
|
||||
# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
|
||||
# TODO: check if `gmssl` is failed
|
||||
which sudo
|
||||
if [ $? -eq 0 ]; then
|
||||
SUDO=sudo
|
||||
fi
|
||||
$SUDO gmssl tls12_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem & #1>/dev/null 2>/dev/null &
|
||||
sleep 3
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out clientkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
|
||||
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
|
||||
gmssl certparse -in clientcert.pem
|
||||
|
||||
gmssl tls12_client -host 127.0.0.1 -port 4430 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
|
||||
|
||||
@@ -1,36 +0,0 @@
|
||||
#!/bin/bash -x
|
||||
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out rootcakey.pem
|
||||
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
|
||||
gmssl certparse -in rootcacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out cakey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
|
||||
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
|
||||
gmssl certparse -in cacert.pem
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out signkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
|
||||
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
|
||||
gmssl certparse -in signcert.pem
|
||||
|
||||
cat signcert.pem > certs.pem
|
||||
cat cacert.pem >> certs.pem
|
||||
|
||||
# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
|
||||
# TODO: check if `gmssl` is failed
|
||||
which sudo
|
||||
if [ $? -eq 0 ]; then
|
||||
SUDO=sudo
|
||||
fi
|
||||
$SUDO gmssl tls13_server -port 4433 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem & # 1>/dev/null 2>/dev/null &
|
||||
sleep 3
|
||||
|
||||
gmssl sm2keygen -pass 1234 -out clientkey.pem
|
||||
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
|
||||
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
|
||||
gmssl certparse -in clientcert.pem
|
||||
|
||||
gmssl tls13_client -host 127.0.0.1 -port 4433 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
|
||||
|
||||
Reference in New Issue
Block a user