blob: 6210b42ab49c80dd71e6220ed7b63985ab553d74 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
#!/bin/sh
#############################################################################
##
## Copyright (C) 2016 The Qt Company Ltd.
## Contact: https://www.qt.io/licensing/
##
## This file is the build configuration utility of the Qt Toolkit.
##
## $QT_BEGIN_LICENSE:GPL-EXCEPT$
## Commercial License Usage
## Licensees holding valid commercial Qt licenses may use this file in
## accordance with the commercial license agreement provided with the
## Software or, alternatively, in accordance with the terms contained in
## a written agreement between you and The Qt Company. For licensing terms
## and conditions see https://www.qt.io/terms-conditions. For further
## information use the contact form at https://www.qt.io/contact-us.
##
## GNU General Public License Usage
## Alternatively, this file may be used under the terms of the GNU
## General Public License version 3 as published by the Free Software
## Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT
## included in the packaging of this file. Please review the following
## information to ensure the GNU General Public License requirements will
## be met: https://www.gnu.org/licenses/gpl-3.0.html.
##
## $QT_END_LICENSE$
##
#############################################################################
# This script generates cryptographic keys of different types.
#--- RSA ---------------------------------------------------------------------------
# Note: RSA doesn't require the key size to be divisible by any particular number
for size in 40 511 512 999 1023 1024 2048
do
echo -e "\ngenerating RSA private key to PEM file ..."
openssl genrsa -out rsa-pri-$size.pem $size
echo -e "\ngenerating RSA private key to DER file ..."
openssl rsa -in rsa-pri-$size.pem -out rsa-pri-$size.der -outform DER
echo -e "\ngenerating RSA public key to PEM file ..."
openssl rsa -in rsa-pri-$size.pem -pubout -out rsa-pub-$size.pem
echo -e "\ngenerating RSA public key to DER file ..."
openssl rsa -in rsa-pri-$size.pem -pubout -out rsa-pub-$size.der -outform DER
done
#--- DSA ----------------------------------------------------------------------------
# Note: DSA requires the key size to be in interval [512, 1024] and be divisible by 64
for size in 512 576 960 1024
do
echo -e "\ngenerating DSA parameters to PEM file ..."
openssl dsaparam -out dsapar-$size.pem $size
echo -e "\ngenerating DSA private key to PEM file ..."
openssl gendsa dsapar-$size.pem -out dsa-pri-$size.pem
/bin/rm dsapar-$size.pem
echo -e "\ngenerating DSA private key to DER file ..."
openssl dsa -in dsa-pri-$size.pem -out dsa-pri-$size.der -outform DER
echo -e "\ngenerating DSA public key to PEM file ..."
openssl dsa -in dsa-pri-$size.pem -pubout -out dsa-pub-$size.pem
echo -e "\ngenerating DSA public key to DER file ..."
openssl dsa -in dsa-pri-$size.pem -pubout -out dsa-pub-$size.der -outform DER
done
#--- EC ----------------------------------------------------------------------------
# Note: EC will be generated with pre-defined curves. You can check supported curves
# with openssl ecparam -list_curves.
for curve in secp224r1 prime256v1 secp384r1 brainpoolP256r1 brainpoolP384r1 brainpoolP512r1
do
size=`tr -cd 0-9 <<< $curve`
size=${size::-1} # remove last number of curve name as we need bit size only
echo -e "\ngenerating EC private key to PEM file ..."
openssl ecparam -name $curve -genkey -noout -out ec-pri-$size-$curve.pem
echo -e "\ngenerating EC private key to DER file ..."
openssl ec -in ec-pri-$size-$curve.pem -out ec-pri-$size-$curve.der -outform DER
echo -e "\ngenerating EC public key to PEM file ..."
openssl ec -in ec-pri-$size-$curve.pem -pubout -out ec-pub-$size-$curve.pem
echo -e "\ngenerating EC public key to DER file ..."
openssl ec -in ec-pri-$size-$curve.pem -pubout -out ec-pub-$size-$curve.der -outform DER
done
#--- PKCS#8 ------------------------------------------------------------------------
# Note: We'll just grab some of the keys generated earlier and convert those
# https://www.openssl.org/docs/manmaster/man1/pkcs8.html#PKCS-5-v1.5-and-PKCS-12-algorithms
echo -e "\ngenerating unencrypted PKCS#8-format RSA PEM file ..."
openssl pkcs8 -topk8 -nocrypt -in rsa-pri-512.pem -out rsa-pri-512-pkcs8.pem
echo -e "\ngenerating unencrypted PKCS#8-format RSA DER file ..."
openssl pkcs8 -topk8 -nocrypt -in rsa-pri-512.pem -outform DER -out rsa-pri-512-pkcs8.der
echo -e "\ngenerating unencrypted PKCS#8-format DSA PEM file ..."
openssl pkcs8 -topk8 -nocrypt -in dsa-pri-512.pem -out dsa-pri-512-pkcs8.pem
echo -e "\ngenerating unencrypted PKCS#8-format DSA DER file ..."
openssl pkcs8 -topk8 -nocrypt -in dsa-pri-512.pem -outform DER -out dsa-pri-512-pkcs8.der
echo -e "\ngenerating unencrypted PKCS#8-format EC PEM file ..."
openssl pkcs8 -topk8 -nocrypt -in ec-pri-224-secp224r1.pem -out ec-pri-224-secp224r1-pkcs8.pem
echo -e "\ngenerating unencrypted PKCS#8-format EC DER file ..."
openssl pkcs8 -topk8 -nocrypt -in ec-pri-224-secp224r1.pem -outform DER -out ec-pri-224-secp224r1-pkcs8.der
for pkey in rsa-pri-512 dsa-pri-512 ec-pri-224-secp224r1
do
pkeystem=`echo "$pkey" | cut -d- -f 1`
# List: https://www.openssl.org/docs/manmaster/man1/pkcs8.html#PKCS-5-v1.5-and-PKCS-12-algorithms
# These are technically supported, but fail to generate. Probably because MD2 is deprecated/removed
# PBE-MD2-DES PBE-MD2-RC2-64
for algorithm in PBE-MD5-DES PBE-SHA1-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES
do
echo -e "\ngenerating encrypted PKCS#8-format (v1) PEM-encoded $pkeystem key using $algorithm ..."
openssl pkcs8 -topk8 -in $pkey.pem -v1 $algorithm -out $pkey-pkcs8-$algorithm.pem -passout pass:1234
echo -e "\ngenerating encrypted PKCS#8-format (v1) DER-encoded $pkeystem key using $algorithm ..."
openssl pkcs8 -topk8 -in $pkey.pem -v1 $algorithm -outform DER -out $pkey-pkcs8-$algorithm.der -passout pass:1234
done
for algorithm in PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40
do
echo -e "\ngenerating encrypted PKCS#8-format (v1 PKCS#12) PEM-encoded $pkeystem key using $algorithm ..."
openssl pkcs8 -topk8 -in $pkey.pem -v1 $algorithm -out $pkey-pkcs8-pkcs12-$algorithm.pem -passout pass:1234
echo -e "\ngenerating encrypted PKCS#8-format (v1 PKCS#12) DER-encoded $pkeystem key using $algorithm ..."
openssl pkcs8 -topk8 -in $pkey.pem -v1 $algorithm -outform DER -out $pkey-pkcs8-pkcs12-$algorithm.der -passout pass:1234
done
for algorithm in des3 aes128 aes256 rc2
do
for prf in hmacWithSHA1 hmacWithSHA256
do
echo -e "\ngenerating encrypted PKCS#8-format (v2) PEM-encoded $pkeystem key using $algorithm and $prf ..."
openssl pkcs8 -topk8 -in $pkey.pem -v2 $algorithm -v2prf $prf -out $pkey-pkcs8-$algorithm-$prf.pem -passout pass:1234
echo -e "\ngenerating encrypted PKCS#8-format (v2) DER-encoded $pkeystem key using $algorithm and $prf ..."
openssl pkcs8 -topk8 -in $pkey.pem -v2 $algorithm -v2prf $prf -outform DER -out $pkey-pkcs8-$algorithm-$prf.der -passout pass:1234
done
done
done
|
