Blame examples/ima-genkey.sh

Packit Service 087331
#!/bin/sh
Packit Service 087331
Packit Service 087331
GENKEY=ima.genkey
Packit Service 087331
Packit Service 087331
cat << __EOF__ >$GENKEY
Packit Service 087331
[ req ]
Packit Service 087331
default_bits = 1024
Packit Service 087331
distinguished_name = req_distinguished_name
Packit Service 087331
prompt = no
Packit Service 087331
string_mask = utf8only
Packit Service 087331
x509_extensions = v3_usr
Packit Service 087331
Packit Service 087331
[ req_distinguished_name ]
Packit Service 087331
O = `hostname`
Packit Service 087331
CN = `whoami` signing key
Packit Service 087331
emailAddress = `whoami`@`hostname`
Packit Service 087331
Packit Service 087331
[ v3_usr ]
Packit Service 087331
basicConstraints=critical,CA:FALSE
Packit Service 087331
#basicConstraints=CA:FALSE
Packit Service 087331
keyUsage=digitalSignature
Packit Service 087331
#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
Packit Service 087331
subjectKeyIdentifier=hash
Packit Service 087331
authorityKeyIdentifier=keyid
Packit Service 087331
#authorityKeyIdentifier=keyid,issuer
Packit Service 087331
__EOF__
Packit Service 087331
Packit Service 087331
openssl req -new -nodes -utf8 -sha1 -days 365 -batch -config $GENKEY \
Packit Service 087331
		-out csr_ima.pem -keyout privkey_ima.pem
Packit Service 087331
openssl x509 -req -in csr_ima.pem -days 365 -extfile $GENKEY -extensions v3_usr \
Packit Service 087331
		-CA ima-local-ca.pem -CAkey ima-local-ca.priv -CAcreateserial \
Packit Service 087331
		-outform DER -out x509_ima.der
Packit Service 087331