add cert/privkey scripts
This commit is contained in:
Conor Patrick
parent
e68e6c9466
commit
eb1d3f6267
13
tools/ca_sign.sh
Normal file
13
tools/ca_sign.sh
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
|
||||||
|
[[ "$#" != 4 ]] && echo "usage: $0 <private-key> <CA-cert> <signing-key> <output-cert>" && exit 1
|
||||||
|
|
||||||
|
# generate a "signing request"
|
||||||
|
echo "generate request"
|
||||||
|
openssl req -new -key "$1" -out "$1".csr
|
||||||
|
|
||||||
|
# CA sign the request
|
||||||
|
echo "sign request with CA key"
|
||||||
|
openssl x509 -days 18250 -req -in "$1".csr -CA "$2" -CAkey "$3" -out "$4" -set_serial 0
|
||||||
|
|
||||||
|
echo "output as der"
|
||||||
|
openssl x509 -in "$4" -outform der -out "$4".der
|
||||||
42
tools/cbytes.py
Normal file
42
tools/cbytes.py
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
from __future__ import print_function
|
||||||
|
"""
|
||||||
|
cbytes.py
|
||||||
|
|
||||||
|
Output a c file with the DER certificate.
|
||||||
|
Read der file as input
|
||||||
|
"""
|
||||||
|
import sys,fileinput,binascii
|
||||||
|
|
||||||
|
if len(sys.argv) not in [2,3]:
|
||||||
|
print('usage: %s <certificate.der|hex-input> [-s]' % sys.argv[0])
|
||||||
|
print(' -s: just output c string (for general use)')
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
buf = None
|
||||||
|
try:
|
||||||
|
buf = bytearray(open(sys.argv[1], 'rb').read())
|
||||||
|
except:
|
||||||
|
n = sys.argv[1].replace('\n','')
|
||||||
|
n = sys.argv[1].replace('\r','')
|
||||||
|
buf = bytearray(binascii.unhexlify(n))
|
||||||
|
|
||||||
|
c_str = ''
|
||||||
|
size = len(buf)
|
||||||
|
|
||||||
|
a = ''.join(map(lambda c:'\\x%02x'%c, buf))
|
||||||
|
|
||||||
|
for i in range(0,len(a), 80):
|
||||||
|
c_str += ("\""+a[i:i+80]+"\"\n")
|
||||||
|
|
||||||
|
if '-s' in sys.argv:
|
||||||
|
print(c_str)
|
||||||
|
sys.exit(0)
|
||||||
|
|
||||||
|
print('// generated')
|
||||||
|
print('#include <stdint.h>')
|
||||||
|
print()
|
||||||
|
print('code uint8_t __attest[] = \n%s;' % c_str)
|
||||||
|
print('const uint16_t __attest_size = sizeof(__attest)-1;')
|
||||||
|
|
||||||
|
|
||||||
21
tools/dump_pem.py
Normal file
21
tools/dump_pem.py
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
#!/usr/bin/env python
|
||||||
|
from __future__ import print_function
|
||||||
|
import sys,fileinput,binascii
|
||||||
|
try:
|
||||||
|
import ecdsa
|
||||||
|
except:
|
||||||
|
print('python ecdsa module is required')
|
||||||
|
print('try running: ')
|
||||||
|
print(' pip install ecdsa')
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
||||||
|
if len(sys.argv) not in [2]:
|
||||||
|
print('usage: %s <key.pem>' % sys.argv[0])
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
pemkey = sys.argv[1]
|
||||||
|
attestkey = ecdsa.SigningKey.from_pem(open(pemkey).read())
|
||||||
|
|
||||||
|
print(binascii.hexlify(attestkey.to_string()))
|
||||||
|
print(repr(attestkey.to_string()))
|
||||||
17
tools/genca.sh
Normal file
17
tools/genca.sh
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
keyname=key.pem
|
||||||
|
certname=cert.pem
|
||||||
|
smallcertname=cert.der
|
||||||
|
curve=prime256v1
|
||||||
|
|
||||||
|
# generate EC private key
|
||||||
|
openssl ecparam -genkey -name "$curve" -out "$keyname"
|
||||||
|
# generate a "signing request"
|
||||||
|
openssl req -new -key "$keyname" -out "$keyname".csr
|
||||||
|
# self sign the request
|
||||||
|
openssl x509 -req -days 18250 -in "$keyname".csr -signkey "$keyname" -out "$certname"
|
||||||
|
|
||||||
|
# convert to smaller size format DER
|
||||||
|
openssl x509 -in $certname -outform der -out $smallcertname
|
||||||
|
|
||||||
Loading…
x
Reference in New Issue
Block a user