1#!/bin/sh 2# 3# Copied from ima-evm-utils. 4# 5# This program is free software; you can redistribute it and/or 6# modify it under the terms of the GNU General Public License 7# version 2 as published by the Free Software Foundation. 8# 9# This program is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with this program. If not, see <http://www.gnu.org/licenses/>. 16 17GENKEY=ima.genkey 18CA=${1:-ima-local-ca.pem} 19CAKEY=${2:-ima-local-ca.priv} 20 21cat << __EOF__ >$GENKEY 22[ req ] 23distinguished_name = req_distinguished_name 24prompt = no 25string_mask = utf8only 26x509_extensions = v3_usr 27 28[ req_distinguished_name ] 29O = example.com 30CN = meta-intel-iot-security example signing key 31emailAddress = john.doe@example.com 32 33[ v3_usr ] 34basicConstraints=critical,CA:FALSE 35#basicConstraints=CA:FALSE 36keyUsage=digitalSignature 37#keyUsage = nonRepudiation, digitalSignature, keyEncipherment 38extendedKeyUsage=critical,codeSigning 39subjectKeyIdentifier=hash 40authorityKeyIdentifier=keyid 41#authorityKeyIdentifier=keyid,issuer 42__EOF__ 43 44openssl req -new -nodes -utf8 -sha256 -days 36500 -batch -config $GENKEY \ 45 -out csr_ima.pem -keyout privkey_ima.pem \ 46 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 47openssl x509 -req -in csr_ima.pem -days 36500 -extfile $GENKEY -extensions v3_usr \ 48 -CA $CA -CAkey $CAKEY -CAcreateserial \ 49 -outform DER -out x509_ima.der 50