init
This commit is contained in:
@@ -0,0 +1,64 @@
|
||||
#!/bin/bash
|
||||
# Script to generate ML-DSA-87 certificates for wolfSSL
|
||||
# Creates both root CA and entity certificates using ML-DSA-87
|
||||
|
||||
set -e # Exit on any error
|
||||
|
||||
# Create certificates directory if it doesn't exist
|
||||
mkdir -p certs
|
||||
|
||||
echo "==== Generating ML-DSA-87 Root CA ===="
|
||||
|
||||
# Generate the root private key
|
||||
openssl genpkey -algorithm mldsa87 -out certs/mldsa87_root_key.pem
|
||||
echo "Root private key generated."
|
||||
|
||||
# Generate self-signed root certificate
|
||||
openssl req -new -x509 -key certs/mldsa87_root_key.pem -out certs/mldsa87_root_cert.pem \
|
||||
-days 3650 -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com" \
|
||||
-addext "basicConstraints=critical,CA:true" \
|
||||
-addext "keyUsage=critical,keyCertSign,cRLSign"
|
||||
echo "Root certificate generated."
|
||||
|
||||
echo "==== Generating ML-DSA-87 Entity Certificate ===="
|
||||
|
||||
# Generate entity private key
|
||||
openssl genpkey -algorithm mldsa87 -out certs/mldsa87_entity_key.pem
|
||||
echo "Entity private key generated."
|
||||
|
||||
# Generate certificate request
|
||||
openssl req -new -key certs/mldsa87_entity_key.pem -out certs/mldsa87_entity.csr \
|
||||
-subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com"
|
||||
echo "Entity certificate request generated."
|
||||
|
||||
# Create an extension file for the certificate
|
||||
cat > certs/mldsa87_entity_extfile.cnf << EOF
|
||||
basicConstraints=CA:FALSE
|
||||
keyUsage=digitalSignature,keyEncipherment
|
||||
extendedKeyUsage=serverAuth,clientAuth
|
||||
EOF
|
||||
|
||||
# Sign the certificate with the root CA
|
||||
openssl x509 -req -in certs/mldsa87_entity.csr -out certs/mldsa87_entity_cert.pem \
|
||||
-CA certs/mldsa87_root_cert.pem -CAkey certs/mldsa87_root_key.pem \
|
||||
-CAcreateserial -days 3650 \
|
||||
-extfile certs/mldsa87_entity_extfile.cnf
|
||||
echo "Entity certificate generated."
|
||||
|
||||
# Clean up temporary files
|
||||
rm -f certs/mldsa87_entity.csr certs/mldsa87_entity_extfile.cnf certs/mldsa87_root_cert.srl
|
||||
|
||||
echo "==== Certificate Verification ===="
|
||||
# Verify entity certificate against root
|
||||
openssl verify -CAfile certs/mldsa87_root_cert.pem certs/mldsa87_entity_cert.pem
|
||||
echo "Verification completed."
|
||||
|
||||
echo "==== Certificate Generation Complete ===="
|
||||
echo "Files generated:"
|
||||
ls -la certs/
|
||||
|
||||
echo "==== Instructions for Use with wolfSSL ===="
|
||||
echo "In your wolfSSL code, use the following file paths:"
|
||||
echo " Root CA: certs/mldsa87_root_cert.pem"
|
||||
echo " Entity Certificate: certs/mldsa87_entity_cert.pem"
|
||||
echo " Entity Private Key: certs/mldsa87_entity_key.pem"
|
||||
Reference in New Issue
Block a user