115ae2509SBrad Bishop#!/bin/sh 215ae2509SBrad Bishop# 315ae2509SBrad Bishop# Copied from ima-evm-utils. 415ae2509SBrad Bishop# 515ae2509SBrad Bishop# This program is free software; you can redistribute it and/or 615ae2509SBrad Bishop# modify it under the terms of the GNU General Public License 715ae2509SBrad Bishop# version 2 as published by the Free Software Foundation. 815ae2509SBrad Bishop# 915ae2509SBrad Bishop# This program is distributed in the hope that it will be useful, 1015ae2509SBrad Bishop# but WITHOUT ANY WARRANTY; without even the implied warranty of 1115ae2509SBrad Bishop# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1215ae2509SBrad Bishop# GNU General Public License for more details. 1315ae2509SBrad Bishop# 1415ae2509SBrad Bishop# You should have received a copy of the GNU General Public License 1515ae2509SBrad Bishop# along with this program. If not, see <http://www.gnu.org/licenses/>. 1615ae2509SBrad Bishop 1715ae2509SBrad BishopGENKEY=ima.genkey 1815ae2509SBrad BishopCA=${1:-ima-local-ca.pem} 1915ae2509SBrad BishopCAKEY=${2:-ima-local-ca.priv} 2015ae2509SBrad Bishop 2115ae2509SBrad Bishopcat << __EOF__ >$GENKEY 2215ae2509SBrad Bishop[ req ] 2315ae2509SBrad Bishopdistinguished_name = req_distinguished_name 2415ae2509SBrad Bishopprompt = no 2515ae2509SBrad Bishopstring_mask = utf8only 2615ae2509SBrad Bishopx509_extensions = v3_usr 2715ae2509SBrad Bishop 2815ae2509SBrad Bishop[ req_distinguished_name ] 2915ae2509SBrad BishopO = example.com 3015ae2509SBrad BishopCN = meta-intel-iot-security example signing key 3115ae2509SBrad BishopemailAddress = john.doe@example.com 3215ae2509SBrad Bishop 3315ae2509SBrad Bishop[ v3_usr ] 3415ae2509SBrad BishopbasicConstraints=critical,CA:FALSE 3515ae2509SBrad Bishop#basicConstraints=CA:FALSE 3615ae2509SBrad BishopkeyUsage=digitalSignature 3715ae2509SBrad Bishop#keyUsage = nonRepudiation, digitalSignature, keyEncipherment 38*dc9d6147SAndrew GeisslerextendedKeyUsage=critical,codeSigning 3915ae2509SBrad BishopsubjectKeyIdentifier=hash 4015ae2509SBrad BishopauthorityKeyIdentifier=keyid 4115ae2509SBrad Bishop#authorityKeyIdentifier=keyid,issuer 4215ae2509SBrad Bishop__EOF__ 4315ae2509SBrad Bishop 44*dc9d6147SAndrew Geissleropenssl req -new -nodes -utf8 -sha256 -days 36500 -batch -config $GENKEY \ 45*dc9d6147SAndrew Geissler -out csr_ima.pem -keyout privkey_ima.pem \ 46*dc9d6147SAndrew Geissler -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 47*dc9d6147SAndrew Geissleropenssl x509 -req -in csr_ima.pem -days 36500 -extfile $GENKEY -extensions v3_usr \ 4815ae2509SBrad Bishop -CA $CA -CAkey $CAKEY -CAcreateserial \ 4915ae2509SBrad Bishop -outform DER -out x509_ima.der 50