PoliEcho/pupes-message
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
pupes-message/misc/certgen.sh
PoliEcho 3b73f82938 init
2025-05-02 13:24:10 +02:00

65 lines
2.4 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# Script to generate ML-DSA-87 certificates for wolfSSL
# Creates both root CA and entity certificates using ML-DSA-87
set -e # Exit on any error
# Create certificates directory if it doesn't exist
mkdir -p certs
echo "==== Generating ML-DSA-87 Root CA ===="
# Generate the root private key
openssl genpkey -algorithm mldsa87 -out certs/mldsa87_root_key.pem
echo "Root private key generated."
# Generate self-signed root certificate
openssl req -new -x509 -key certs/mldsa87_root_key.pem -out certs/mldsa87_root_cert.pem \
-days 3650 -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com" \
-addext "basicConstraints=critical,CA:true" \
-addext "keyUsage=critical,keyCertSign,cRLSign"
echo "Root certificate generated."
echo "==== Generating ML-DSA-87 Entity Certificate ===="
# Generate entity private key
openssl genpkey -algorithm mldsa87 -out certs/mldsa87_entity_key.pem
echo "Entity private key generated."
# Generate certificate request
openssl req -new -key certs/mldsa87_entity_key.pem -out certs/mldsa87_entity.csr \
-subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com"
echo "Entity certificate request generated."
# Create an extension file for the certificate
cat > certs/mldsa87_entity_extfile.cnf << EOF
basicConstraints=CA:FALSE
keyUsage=digitalSignature,keyEncipherment
extendedKeyUsage=serverAuth,clientAuth
EOF
# Sign the certificate with the root CA
openssl x509 -req -in certs/mldsa87_entity.csr -out certs/mldsa87_entity_cert.pem \
-CA certs/mldsa87_root_cert.pem -CAkey certs/mldsa87_root_key.pem \
-CAcreateserial -days 3650 \
-extfile certs/mldsa87_entity_extfile.cnf
echo "Entity certificate generated."
# Clean up temporary files
rm -f certs/mldsa87_entity.csr certs/mldsa87_entity_extfile.cnf certs/mldsa87_root_cert.srl
echo "==== Certificate Verification ===="
# Verify entity certificate against root
openssl verify -CAfile certs/mldsa87_root_cert.pem certs/mldsa87_entity_cert.pem
echo "Verification completed."
echo "==== Certificate Generation Complete ===="
echo "Files generated:"
ls -la certs/
echo "==== Instructions for Use with wolfSSL ===="
echo "In your wolfSSL code, use the following file paths:"
echo " Root CA: certs/mldsa87_root_cert.pem"
echo " Entity Certificate: certs/mldsa87_entity_cert.pem"
echo " Entity Private Key: certs/mldsa87_entity_key.pem"
Reference in New Issue View Git Blame Copy Permalink