Головна сторінка Огляд Довідка
Реєстрація Увійти
hebinlong
/
ShengDa
1
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: 5b274b729f
Гілки Теги
ShengDa
/
GmSSL
/
demos
/
scripts
/
tlcp_server.sh

tlcp_server.sh 2.3 KB
Історія Запис

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 
  1. #!/bin/bash -x
    2. 

  2. 

  3. 

  4. gmssl sm2keygen -pass 1234 -out rootcakey.pem
    5. 

  5. gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
    6. 

  6. gmssl certparse -in rootcacert.pem
    7. 

  7. 

  8. gmssl sm2keygen -pass 1234 -out cakey.pem
    9. 

  9. gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
    10. 

  10. gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem -ca
    11. 

  11. gmssl certparse -in cacert.pem
    12. 

  12. 

  13. gmssl sm2keygen -pass 1234 -out signkey.pem
    14. 

  14. gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
    15. 

  15. gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
    16. 

  16. gmssl certparse -in signcert.pem
    17. 

  17. 

  18. gmssl sm2keygen -pass 1234 -out enckey.pem
    19. 

  19. gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
    20. 

  20. gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
    21. 

  21. gmssl certparse -in enccert.pem
    22. 

  22. 

  23. cat signcert.pem > double_certs.pem
    24. 

  24. cat enccert.pem >> double_certs.pem
    25. 

  25. cat cacert.pem >> double_certs.pem
    26. 

  26. 

  27. sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem  1>/dev/null  2>/dev/null &
    28. 

  28. #sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234  1>/dev/null  2>/dev/null &
    29. 

  29. sleep 3
    30. 

  30. 

  31. gmssl sm2keygen -pass 1234 -out clientkey.pem
    32. 

  32. gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
    33. 

  33. gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
    34. 

  34. gmssl certparse -in clientcert.pem
    35. 

  35. 

  36. # build and install BabaSSL 8.3.2
    37. 

  37. # Download
    38. 

  38. # ./config enable-ntls; make; sudo make install
    39. 

  39. 

  40. # current /demos/scripts
    41. 

  41. #  /build/bin
    42. 

  42. 

  43. openssl version
    44. 

  44. 

  45. ../../build/bin/demo_sm2_key_export clientkey.pem 1234 > clientpkey.pem
    46. 

  46. 

  47. #openssl s_client -enable_ntls -ntls -connect localhost:443 -no_ticket -CAfile rootcacert.pem -sign_cert clientcert.pem -sign_key clientpkey.pem -pass pass:1234
    48. 

  48. 

  49.