From c5d922d7085c980edad3764687e2488a1b0907d0 Mon Sep 17 00:00:00 2001 From: Jose Bollo Date: Wed, 11 Sep 2019 16:37:24 +0200 Subject: Refactor of sample keys and certificates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid installing any certificate or key. But if requested, install the certificates and the keys that are given as example. Bug-AGL: SPEC-2840 Change-Id: I26aebd63fad842bb9746c3a004956d9dbafc091f Signed-off-by: José Bollo --- certs/gen-certs.sh | 79 ------------------------------------------------------ 1 file changed, 79 deletions(-) delete mode 100755 certs/gen-certs.sh (limited to 'certs/gen-certs.sh') diff --git a/certs/gen-certs.sh b/certs/gen-certs.sh deleted file mode 100755 index b432ce6..0000000 --- a/certs/gen-certs.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh -# -# Copying and distribution of this file, with or without modification, -# are permitted in any medium without royalty provided the copyright -# notice and this notice are preserved. This file is offered as-is, -# without any warranty. - -ORG="/C=FR/ST=Brittany/L=Vannes/O=IoT.bzh" - -cat > extensions << EOC -[root] -basicConstraints=CA:TRUE -keyUsage=keyCertSign -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -[derivate] -basicConstraints=CA:TRUE -keyUsage=keyCertSign,digitalSignature -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -EOC - -keyof() { echo -n "$1.key.pem"; } -certof() { echo -n "$1.cert.pem"; } - -generate() { - -local s="$1" n="$2" cn="$3" sig="$4" -local key="$(keyof "$n")" cert="$(certof "$n")" - -if [ ! -f "$key" ] -then - echo - echo "generation of the $n key" - openssl genpkey \ - -algorithm RSA -pkeyopt rsa_keygen_bits:4096 \ - -outform PEM \ - -out "$key" -fi - -if [ ! -f "$cert" -o "$key" -nt "$cert" ] -then - echo - echo "generation of the $n certificate" - openssl req -new \ - -key "$key" \ - -subj "$ORG/CN=$cn" | - openssl x509 -req \ - -days 3653 \ - -sha256 \ - -extfile extensions \ - -trustout \ - $sig \ - -set_serial $s \ - -setalias "$cn" \ - -out "$cert" -fi - -} - - -genroot() { - local s="$1" n="$2" cn="$3" - generate "$s" "$n" "$cn" "-signkey $(keyof "$n") -extensions root" -} - -derivate() { - local s="$1" n="$2" cn="$3" i="$4" - generate "$s" "$n" "$cn" "-CA $(certof "$i") -CAkey $(keyof "$i") -extensions derivate" -} - - -genroot 1 root "Root certificate" -derivate 2 developer "Root developer" root -derivate 3 platform "Root platform" root -derivate 4 partner "Root partner" root -derivate 5 public "Root public" root - -rm extensions -- cgit 1.2.3-korg