| Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | # |
| 3 | # Copied from ima-evm-utils. |
| 4 | # |
| 5 | # This program is free software; you can redistribute it and/or |
| 6 | # modify it under the terms of the GNU General Public License |
| 7 | # version 2 as published by the Free Software Foundation. |
| 8 | # |
| 9 | # This program is distributed in the hope that it will be useful, |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | # GNU General Public License for more details. |
| 13 | # |
| 14 | # You should have received a copy of the GNU General Public License |
| 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | |
| 17 | GENKEY=ima.genkey |
| 18 | CA=${1:-ima-local-ca.pem} |
| 19 | CAKEY=${2:-ima-local-ca.priv} |
| 20 | |
| 21 | cat << __EOF__ >$GENKEY |
| 22 | [ req ] |
| 23 | default_bits = 1024 |
| 24 | distinguished_name = req_distinguished_name |
| 25 | prompt = no |
| 26 | string_mask = utf8only |
| 27 | x509_extensions = v3_usr |
| 28 | |
| 29 | [ req_distinguished_name ] |
| 30 | O = example.com |
| 31 | CN = meta-intel-iot-security example signing key |
| 32 | emailAddress = john.doe@example.com |
| 33 | |
| 34 | [ v3_usr ] |
| 35 | basicConstraints=critical,CA:FALSE |
| 36 | #basicConstraints=CA:FALSE |
| 37 | keyUsage=digitalSignature |
| 38 | #keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
| 39 | subjectKeyIdentifier=hash |
| 40 | authorityKeyIdentifier=keyid |
| 41 | #authorityKeyIdentifier=keyid,issuer |
| 42 | __EOF__ |
| 43 | |
| 44 | openssl req -new -nodes -utf8 -sha1 -days 365 -batch -config $GENKEY \ |
| 45 | -out csr_ima.pem -keyout privkey_ima.pem |
| 46 | openssl x509 -req -in csr_ima.pem -days 365 -extfile $GENKEY -extensions v3_usr \ |
| 47 | -CA $CA -CAkey $CAKEY -CAcreateserial \ |
| 48 | -outform DER -out x509_ima.der |