summaryrefslogtreecommitdiff
path: root/tests/keys/README
diff options
context:
space:
mode:
Diffstat (limited to 'tests/keys/README')
-rw-r--r--tests/keys/README31
1 files changed, 20 insertions, 11 deletions
diff --git a/tests/keys/README b/tests/keys/README
index 7a5a5684..6b4bbecc 100644
--- a/tests/keys/README
+++ b/tests/keys/README
@@ -81,12 +81,13 @@ README
G. Generate ECDSA key with second level CA
> openssl ecparam -list_curves
- > openssl ecparam -name secp256k1 -genkey -noout -out ecdsa-secp256k1-key.pem
- > openssl req -config ./openssl.cnf -new -key ecdsa-secp256k1-key.pem -out ecdsa-secp256k1-req.pem
+ > openssl ecparam -name secp256r1 -genkey -noout -out ecdsa-secp256r1-key.pem
+ Here use 'ECDSA secp256r1 Key' for Common Name:
+ > openssl req -config ./openssl.cnf -new -key ecdsa-secp256r1-key.pem -out ecdsa-secp256r1-req.pem
> openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
- -out ecdsa-secp256k1-cert.pem -infiles ecdsa-secp256k1-req.pem
- > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem ecdsa-secp256k1-cert.pem
- > rm ecdsa-secp256k1-req.pem
+ -out ecdsa-secp256r1-cert.pem -infiles ecdsa-secp256r1-req.pem
+ > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem ecdsa-secp256r1-cert.pem
+ > rm ecdsa-secp256r1-req.pem
3. Converting key and certs between PEM and DER formats
@@ -101,7 +102,7 @@ README
> openssl dsa -inform PEM -outform DER -in dsa3072key.pem -out dsa3072key.der
ECDSA keys:
- > openssl ec -inform PEM -outform DER -in ecdsa-secp256k1-key.pem -out ecdsa-secp256k1-key.der
+ > openssl ec -inform PEM -outform DER -in ecdsa-secp256r1-key.pem -out ecdsa-secp256r1-key.der
- Convert PEM cert file to DER file
> openssl x509 -outform DER -in cacert.pem -out cacert.der
@@ -112,7 +113,7 @@ README
> openssl x509 -outform DER -in rsacert.pem -out rsacert.der
> openssl x509 -outform DER -in largersacert.pem -out largersacert.der
> openssl x509 -outform DER -in expiredcert.pem -out expiredcert.der
- > openssl x509 -outform DER -in ecdsa-secp256k1-cert.pem -out ecdsa-secp256k1-cert.der
+ > openssl x509 -outform DER -in ecdsa-secp256r1-cert.pem -out ecdsa-secp256r1-cert.der
- (optional) Convert PEM public key file to DER file
RSA key:
@@ -141,7 +142,7 @@ README
-outform pem -topk8
> openssl pkcs8 -in largersakey.der -inform der -out largersakey.p8-der \
-outform der -topk8
- > openssl pkcs8 -in ecdsa-secp256k1-key.der -inform der -out ecdsa-secp256k1-key.p8-der \
+ > openssl pkcs8 -in ecdsa-secp256r1-key.der -inform der -out ecdsa-secp256r1-key.p8-der \
-outform der -topk8
5. NSS is unfriendly towards standalone private keys.
@@ -167,9 +168,9 @@ README
> openssl pkcs12 -export -in allexpired.pem -name TestExpiredRsaKey \
-out expiredkey.p12
- > cat ecdsa-secp256k1-key.pem ecdsa-secp256k1-cert.pem ca2cert.pem cacert.pem > all-ecdsa-secp256k1.pem
- > openssl pkcs12 -export -in all-ecdsa-secp256k1.pem -name TestEcdsaSecp256k1Key -out ecdsa-secp256k1-key.p12
- > rm all-ecdsa-secp256k1.pem
+ > cat ecdsa-secp256r1-key.pem ecdsa-secp256r1-cert.pem ca2cert.pem cacert.pem > all-ecdsa-secp256r1.pem
+ > openssl pkcs12 -export -in all-ecdsa-secp256r1.pem -name TestEcdsaSecp256k1Key -out ecdsa-secp256r1-key.p12
+ > rm all-ecdsa-secp256r1.pem
5a.
Input: DSA/RSA private key in PEM or DER format
@@ -247,3 +248,11 @@ Worse, the CSP is different for XP and older versions
> openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-winxp.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
> openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+ > cat dsa2048key.pem dsa2048cert.pem ca2cert.pem cacert.pem > alldsa2048.pem
+ > openssl pkcs12 -export -in alldsa2048.pem -name TestDsa2048Key -out dsa2048key-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+
+ > cat dsa3072key.pem dsa3072cert.pem ca2cert.pem cacert.pem > alldsa3072.pem
+ > openssl pkcs12 -export -in alldsa3072.pem -name TestDsa3072Key -out dsa3072key-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+
+
+