1#!/bin/sh 2# 3# Copied from ima-evm-utils. 4# 5# This program is free software; you can redistribute it and/or 6# modify it under the terms of the GNU General Public License 7# version 2 as published by the Free Software Foundation. 8# 9# This program is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with this program. If not, see <http://www.gnu.org/licenses/>. 16 17GENKEY=ima.genkey 18CA=${1:-ima-local-ca.pem} 19CAKEY=${2:-ima-local-ca.priv} 20 21cat << __EOF__ >$GENKEY 22[ req ] 23default_bits = 1024 24distinguished_name = req_distinguished_name 25prompt = no 26string_mask = utf8only 27x509_extensions = v3_usr 28 29[ req_distinguished_name ] 30O = example.com 31CN = meta-intel-iot-security example signing key 32emailAddress = john.doe@example.com 33 34[ v3_usr ] 35basicConstraints=critical,CA:FALSE 36#basicConstraints=CA:FALSE 37keyUsage=digitalSignature 38#keyUsage = nonRepudiation, digitalSignature, keyEncipherment 39subjectKeyIdentifier=hash 40authorityKeyIdentifier=keyid 41#authorityKeyIdentifier=keyid,issuer 42__EOF__ 43 44openssl req -new -nodes -utf8 -sha1 -days 365 -batch -config $GENKEY \ 45 -out csr_ima.pem -keyout privkey_ima.pem 46openssl x509 -req -in csr_ima.pem -days 365 -extfile $GENKEY -extensions v3_usr \ 47 -CA $CA -CAkey $CAKEY -CAcreateserial \ 48 -outform DER -out x509_ima.der 49