Domů Procházet Nápověda
Registrovat se Přihlásit se
hebinlong
/
ShengDa
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: 46aa38459a
Větve Značky
ShengDa
/
GmSSL-3.1.0
/
demos
/
scripts
/
tlcpdemo.sh

tlcpdemo.sh 2.2 KB
Historie Surový

12345678910111213141516171819202122232425262728293031323334353637383940414243 
  1. #!/bin/bash -x
    2. 

  2. 

  3. #set -e # which sudo will cause failure on windows
    4. 

  4. 

  5. gmssl sm2keygen -pass 1234 -out rootcakey.pem
    6. 

  6. gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
    7. 

  7. gmssl certparse -in rootcacert.pem
    8. 

  8. 

  9. gmssl sm2keygen -pass 1234 -out cakey.pem
    10. 

  10. gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
    11. 

  11. gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
    12. 

  12. gmssl certparse -in cacert.pem
    13. 

  13. 

  14. gmssl sm2keygen -pass 1234 -out signkey.pem
    15. 

  15. gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
    16. 

  16. gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
    17. 

  17. gmssl certparse -in signcert.pem
    18. 

  18. 

  19. gmssl sm2keygen -pass 1234 -out enckey.pem
    20. 

  20. gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
    21. 

  21. gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
    22. 

  22. gmssl certparse -in enccert.pem
    23. 

  23. 

  24. cat signcert.pem > double_certs.pem
    25. 

  25. cat enccert.pem >> double_certs.pem
    26. 

  26. cat cacert.pem >> double_certs.pem
    27. 

  27. 

  28. # If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
    29. 

  29. # TODO: check if `gmssl` is failed
    30. 

  30. which sudo
    31. 

  31. if [ $? -eq 0 ]; then
    32. 

  32. 	SUDO=sudo
    33. 

  33. fi
    34. 

  34. $SUDO gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem &  1>/dev/null  2>/dev/null &
    35. 

  35. sleep 3
    36. 

  36. 

  37. gmssl sm2keygen -pass 1234 -out clientkey.pem
    38. 

  38. gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
    39. 

  39. gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
    40. 

  40. gmssl certparse -in clientcert.pem
    41. 

  41. 

  42. gmssl tlcp_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
    43. 

  43.