Blame examples/ima-genkey.sh
|
Packit |
c6d22b |
#!/bin/sh
|
|
Packit |
c6d22b |
|
|
Packit |
c6d22b |
GENKEY=ima.genkey
|
|
Packit |
c6d22b |
|
|
Packit |
c6d22b |
cat << __EOF__ >$GENKEY
|
|
Packit |
c6d22b |
[ req ]
|
|
Packit |
c6d22b |
default_bits = 1024
|
|
Packit |
c6d22b |
distinguished_name = req_distinguished_name
|
|
Packit |
c6d22b |
prompt = no
|
|
Packit |
c6d22b |
string_mask = utf8only
|
|
Packit |
c6d22b |
x509_extensions = v3_usr
|
|
Packit |
c6d22b |
|
|
Packit |
c6d22b |
[ req_distinguished_name ]
|
|
Packit |
c6d22b |
O = `hostname`
|
|
Packit |
c6d22b |
CN = `whoami` signing key
|
|
Packit |
c6d22b |
emailAddress = `whoami`@`hostname`
|
|
Packit |
c6d22b |
|
|
Packit |
c6d22b |
[ v3_usr ]
|
|
Packit |
c6d22b |
basicConstraints=critical,CA:FALSE
|
|
Packit |
c6d22b |
#basicConstraints=CA:FALSE
|
|
Packit |
c6d22b |
keyUsage=digitalSignature
|
|
Packit |
c6d22b |
#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
Packit |
c6d22b |
subjectKeyIdentifier=hash
|
|
Packit |
c6d22b |
authorityKeyIdentifier=keyid
|
|
Packit |
c6d22b |
#authorityKeyIdentifier=keyid,issuer
|
|
Packit |
c6d22b |
__EOF__
|
|
Packit |
c6d22b |
|
|
Packit |
c6d22b |
openssl req -new -nodes -utf8 -sha1 -days 365 -batch -config $GENKEY \
|
|
Packit |
c6d22b |
-out csr_ima.pem -keyout privkey_ima.pem
|
|
Packit |
c6d22b |
openssl x509 -req -in csr_ima.pem -days 365 -extfile $GENKEY -extensions v3_usr \
|
|
Packit |
c6d22b |
-CA ima-local-ca.pem -CAkey ima-local-ca.priv -CAcreateserial \
|
|
Packit |
c6d22b |
-outform DER -out x509_ima.der
|
|
Packit |
c6d22b |
|