mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-04-28 06:33:36 +02:00
14bce8a97c
Add example scripts for EC key and certificate creation and reference them from the README and Makefile.am. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
29 lines
681 B
Bash
Executable File
29 lines
681 B
Bash
Executable File
#!/bin/sh
|
|
|
|
GENKEY=ima-local-ca.genkey
|
|
|
|
cat << __EOF__ >$GENKEY
|
|
[ req ]
|
|
distinguished_name = req_distinguished_name
|
|
prompt = no
|
|
string_mask = utf8only
|
|
x509_extensions = v3_ca
|
|
|
|
[ req_distinguished_name ]
|
|
O = IMA-CA
|
|
CN = IMA/EVM certificate signing key
|
|
emailAddress = ca@ima-ca
|
|
|
|
[ v3_ca ]
|
|
basicConstraints=CA:TRUE
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer
|
|
keyUsage = cRLSign, keyCertSign
|
|
__EOF__
|
|
|
|
openssl req -new -x509 -utf8 -sha256 -days 3650 -batch -config $GENKEY \
|
|
-outform DER -out ima-local-ca.x509 -keyout ima-local-ca.priv \
|
|
-newkey ec -pkeyopt ec_paramgen_curve:prime256v1
|
|
|
|
openssl x509 -inform DER -in ima-local-ca.x509 -out ima-local-ca.pem
|