add cert/privkey scripts
This commit is contained in:
Conor Patrick
parent
e68e6c9466
commit
eb1d3f6267
13
tools/ca_sign.sh
Normal file
13
tools/ca_sign.sh
Normal file
@ -0,0 +1,13 @@
|
||||
|
||||
[[ "$#" != 4 ]] && echo "usage: $0 <private-key> <CA-cert> <signing-key> <output-cert>" && exit 1
|
||||
|
||||
# generate a "signing request"
|
||||
echo "generate request"
|
||||
openssl req -new -key "$1" -out "$1".csr
|
||||
|
||||
# CA sign the request
|
||||
echo "sign request with CA key"
|
||||
openssl x509 -days 18250 -req -in "$1".csr -CA "$2" -CAkey "$3" -out "$4" -set_serial 0
|
||||
|
||||
echo "output as der"
|
||||
openssl x509 -in "$4" -outform der -out "$4".der
|
||||
42
tools/cbytes.py
Normal file
42
tools/cbytes.py
Normal file
@ -0,0 +1,42 @@
|
||||
#!/usr/bin/env python
|
||||
from __future__ import print_function
|
||||
"""
|
||||
cbytes.py
|
||||
|
||||
Output a c file with the DER certificate.
|
||||
Read der file as input
|
||||
"""
|
||||
import sys,fileinput,binascii
|
||||
|
||||
if len(sys.argv) not in [2,3]:
|
||||
print('usage: %s <certificate.der|hex-input> [-s]' % sys.argv[0])
|
||||
print(' -s: just output c string (for general use)')
|
||||
sys.exit(1)
|
||||
|
||||
buf = None
|
||||
try:
|
||||
buf = bytearray(open(sys.argv[1], 'rb').read())
|
||||
except:
|
||||
n = sys.argv[1].replace('\n','')
|
||||
n = sys.argv[1].replace('\r','')
|
||||
buf = bytearray(binascii.unhexlify(n))
|
||||
|
||||
c_str = ''
|
||||
size = len(buf)
|
||||
|
||||
a = ''.join(map(lambda c:'\\x%02x'%c, buf))
|
||||
|
||||
for i in range(0,len(a), 80):
|
||||
c_str += ("\""+a[i:i+80]+"\"\n")
|
||||
|
||||
if '-s' in sys.argv:
|
||||
print(c_str)
|
||||
sys.exit(0)
|
||||
|
||||
print('// generated')
|
||||
print('#include <stdint.h>')
|
||||
print()
|
||||
print('code uint8_t __attest[] = \n%s;' % c_str)
|
||||
print('const uint16_t __attest_size = sizeof(__attest)-1;')
|
||||
|
||||
|
||||
21
tools/dump_pem.py
Normal file
21
tools/dump_pem.py
Normal file
@ -0,0 +1,21 @@
|
||||
#!/usr/bin/env python
|
||||
from __future__ import print_function
|
||||
import sys,fileinput,binascii
|
||||
try:
|
||||
import ecdsa
|
||||
except:
|
||||
print('python ecdsa module is required')
|
||||
print('try running: ')
|
||||
print(' pip install ecdsa')
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
if len(sys.argv) not in [2]:
|
||||
print('usage: %s <key.pem>' % sys.argv[0])
|
||||
sys.exit(1)
|
||||
|
||||
pemkey = sys.argv[1]
|
||||
attestkey = ecdsa.SigningKey.from_pem(open(pemkey).read())
|
||||
|
||||
print(binascii.hexlify(attestkey.to_string()))
|
||||
print(repr(attestkey.to_string()))
|
||||
17
tools/genca.sh
Normal file
17
tools/genca.sh
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
|
||||
keyname=key.pem
|
||||
certname=cert.pem
|
||||
smallcertname=cert.der
|
||||
curve=prime256v1
|
||||
|
||||
# generate EC private key
|
||||
openssl ecparam -genkey -name "$curve" -out "$keyname"
|
||||
# generate a "signing request"
|
||||
openssl req -new -key "$keyname" -out "$keyname".csr
|
||||
# self sign the request
|
||||
openssl x509 -req -days 18250 -in "$keyname".csr -signkey "$keyname" -out "$certname"
|
||||
|
||||
# convert to smaller size format DER
|
||||
openssl x509 -in $certname -outform der -out $smallcertname
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user