当前位置: 首页 > news >正文

openssl3.2/test/certs - 074 - CT entry

news 2025/6/27 21:00:58

文章目录

    • openssl3.2/test/certs - 074 - CT entry
    • 概述
    • 笔记
    • setup074.sh
    • setup074_sc1.sh
    • setup074_sc2.sh
    • setup074_sc3.sh
    • END

openssl3.2/test/certs - 074 - CT entry

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

setup074.sh

#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc1
openssl -v
./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key# sc2
openssl -v
OPENSSL_SIGALG= OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" root-ed448-key root-ed448-cert# sc3
openssl -v
OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert

官方脚本报错, 分为3个小脚本做实验

setup074_sc1.sh

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\074\my_openssl_linux_doc_074_sc1.txt
* \note 
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc1
openssl -v
./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
// cfg_exp074_sc1_cmd1.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.exampleopenssl req -new -sha256 -key embeddedSCTs1-key.pem -config cfg_exp074_sc1_cmd1.txt -out req_exp074_sc1_cmd1.pem// cmd 2
// cfg_exp074_sc1_cmd2.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.3 = critical,ASN1:NULL
subjectAltName = @alts
[alts]
DNS=server.example// ok
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile cfg_exp074_sc1_cmd2.txt -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -in req_exp074_sc1_cmd1.pem// cmd 3
// cfg_exp074_sc1_cmd3.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.2 = ASN1:FORMAT:HEX,OCT:00780076subjectAltName = @alts
DNS=server.example
[alts]// err
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile cfg_exp074_sc1_cmd3.txt -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -in req_exp074_sc1_cmd1.pem报错如下:
Error checking extension section default
88140400:error:07800066:common libcrypto routines:hexstr2buf_sep:illegal hex digit:crypto\o_str.c:158:
88140400:error:068000B2:asn1 encoding routines:asn1_str2type:illegal hex:crypto\asn1\asn1_gen.c:696:string=00780076subjectAltName = @alts
88140400:error:11000074:X509 V3 routines:v3_generic_extension:extension value error:crypto\x509\v3_conf.c:260:value=FORMAT:HEX,OCT:00780076subjectAltName = @alts原因 [alts]节中是空的, 没写内容// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------openssl -v 
openssl req -new -sha256 -key embeddedSCTs1-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.example
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile /dev/fd/63 -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtsubjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.3 = critical,ASN1:NULL
subjectAltName = @alts
[alts]
DNS=server.example
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile /dev/fd/63 -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtsubjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.2 = ASN1:FORMAT:HEX,OCT:00780076subjectAltName = @alts
DNS=server.example
[alts]

setup074_sc2.sh

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\074\my_openssl_linux_doc_074_sc2.txt
* \note 
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc2
openssl -v
OPENSSL_SIGALG= OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" root-ed448-key root-ed448-cert// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm ed448 -out root-ed448-key.pem // cmd 2
// cfg_exp074_sc2_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root Ed448openssl req -new -sha256 -key root-ed448-key.pem -config cfg_exp074_sc2_cmd2.txt -out req_exp074_sc2_cmd2.pem// cmd 3
// cfg_exp074_sc2_cmd3.txt
basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyidopenssl x509 -req -sha256 -out root-ed448-cert.pem -extfile cfg_exp074_sc2_cmd3.txt -signkey root-ed448-key.pem -set_serial 1 -days 36525 -in req_exp074_sc2_cmd2.pem// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------
openssl genpkey -algorithm ed448 -out root-ed448-key.pem 
openssl req -new -sha256 -key root-ed448-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root Ed448
openssl x509 -req -sha256 -out root-ed448-cert.pem -extfile /dev/fd/63 -signkey root-ed448-key.pem -set_serial 1 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtbasicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

setup074_sc3.sh

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\074\my_openssl_linux_doc_074_sc3.txt
* \note 
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc3
openssl -v
OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm ed448 -out server-ed448-key.pem // cmd 2
// cfg_exp074_sc3_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = ed448// 这里只生成了一个证书请求, 这是干啥?
openssl req -new -ED448 -key server-ed448-key.pem -config cfg_exp074_sc3_cmd2.txt// 报错 : req: Unknown option or message digest: ED448
// 官方脚本单独运行, 是看不到任何报错信息的.// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------
openssl genpkey -algorithm ed448 -out server-ed448-key.pem 
openssl req -new -ED448 -key server-ed448-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = ed448

END

http://www.lryc.cn/news/289027.html

相关文章:

  • Angular组件(一) 分割面板ShrinkSplitter
  • 抖音详情API:视频内容获取与解析技巧
  • SpringBoot中实现阿里云OSS对象存储
  • 大型语言模型 (LLM)全解读
  • Unity - gamma space下还原linear space效果
  • Rabbitmq调用FeignClient接口失败
  • 专业120+总分400+海南大学838信号与系统考研高分经验海大电子信息与通信
  • 如何区分 html 和 html5?
  • Ps:将文件载入堆栈
  • 【格密码基础】:补充LWE问题
  • 【C++入门到精通】特殊类的设计 |只能在堆 ( 栈 ) 上创建对象的类 |禁止拷贝和继承的类 [ C++入门 ]
  • VMware虚拟机部署Linux Ubuntu系统
  • RFID标签:数字时代的智能身份
  • 《动手学深度学习(PyTorch版)》笔记3.2
  • elasticsearch8.x版本docker部署说明
  • 使用scyllaDb 或者cassandra存储聊天记录
  • Visual Studio如何修改成英文版
  • gin中使用swagger生成接口文档
  • 最新AI创作系统ChatGPT网站系统源码,Midjourney绘画V6 ALPHA绘画模型,ChatFile文档对话总结+DALL-E3文生图
  • 解析dapp:从底层区块链看DApp的脆弱性和挑战
  • 机器学习整理
  • RISC-V常用汇编指令
  • 第二篇:数据结构与算法-链表
  • 低代码配置-小程序配置
  • 第十八讲_HarmonyOS应用开发实战(实现电商首页)
  • OJAC近屿智能张立赛博士揭秘GPT Store:技术创新、商业模式与未来趋势
  • Java接收curl发出的中文请求无法解析
  • Java设计模式-外观模式(11)
  • HCS-华为云Stack-FusionSphere
  • C++类模板实现顺序表SeqList