tests/init.sh - pub/scm/linux/kernel/git/jejb/openssl-pkcs11-export - Git at Google

 cat > ${OPENSSL_PKCS11_CONF} <<EOF
 # test token config
 manufacturer id = test-token
 model = key
 library description = set of tokens used for testing pkcs11 openssl

 EOF
 # generate two keys, one with a password and one without and create
 # a config file for them
 openssl genrsa 2048 > key-nopass.key || exit 1
 openssl rsa -in key-nopass.key -pubout -out key-nopass.pub || exit 1
 openssl genrsa -aes128 -passout pass:Passw0rd 2048 > key-pass.key || exit 1
 openssl rsa -in key-pass.key -passin pass:Passw0rd -pubout -out key-pass.pub || exit 1
 ##
 # create engine key equivalents by changing the guards
 ##
 openssl pkcs8 -topk8 -in key-nopass.key -passout pass:Eng1ne -out tmp.key || exit 1
 sed 's/ENCRYPTED PRIVATE KEY/TEST ENGINE PRIVATE KEY/' < tmp.key > key-engine.key
 ##
 # EC KEY
 ##
 # named curve
 openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -aes-128-cbc -pass pass:Passw0rd -out key-p256.key || exit 1
 openssl pkey -in key-p256.key -passin pass:Passw0rd -pubout -out key-p256.pub || exit 1
 # parametrised curve
 openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:secp384r1 -pkeyopt ec_param_enc:explicit -aes-256-cfb -pass pass:Passw0rd -out key-bp.key || exit 1
 openssl pkey -in key-bp.key -passin pass:Passw0rd -pubout -out key-bp.pub || exit 1
 ##
 # Certificate (self signed)
 ##
 openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Test Key/" -keyout key-cert.key -out key-cert.crt -days 3650 -nodes -sha256 || exit 1
 ##
 # now create a config file naming the keys
 ##
 cat >> ${OPENSSL_PKCS11_CONF} <<EOF
 [key-pass]
 id = key1
 public key = ${srcdir}/key-pass.pub
 private key = ${srcdir}/key-pass.key

 [key-nopass]
 id = key2
 private key = ${srcdir}/key-nopass.key
 public key = ${srcdir}/key-nopass.pub

 [key-engine]
 id = key3
 model = engine-key
 manufacturer id = engine
 engine = testengine
 public key = ${srcdir}/key-pass.pub
 private key = ${srcdir}/key-engine.key

 [key-p256]
 id = key-p256
 public key = ${srcdir}/key-p256.pub
 private key = ${srcdir}/key-p256.key

 [key-bp]
 id = key-bp
 public key = ${srcdir}/key-bp.pub
 private key = ${srcdir}/key-bp.key

 [cert]
 certificate = ${srcdir}/key-cert.crt
 private key = ${srcdir}/key-cert.key

 EOF
	cat > ${OPENSSL_PKCS11_CONF} <<EOF
	# test token config
	manufacturer id = test-token
	model = key
	library description = set of tokens used for testing pkcs11 openssl

	EOF
	# generate two keys, one with a password and one without and create
	# a config file for them
	openssl genrsa 2048 > key-nopass.key \|\| exit 1
	openssl rsa -in key-nopass.key -pubout -out key-nopass.pub \|\| exit 1
	openssl genrsa -aes128 -passout pass:Passw0rd 2048 > key-pass.key \|\| exit 1
	openssl rsa -in key-pass.key -passin pass:Passw0rd -pubout -out key-pass.pub \|\| exit 1
	##
	# create engine key equivalents by changing the guards
	##
	openssl pkcs8 -topk8 -in key-nopass.key -passout pass:Eng1ne -out tmp.key \|\| exit 1
	sed 's/ENCRYPTED PRIVATE KEY/TEST ENGINE PRIVATE KEY/' < tmp.key > key-engine.key
	##
	# EC KEY
	##
	# named curve
	openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -aes-128-cbc -pass pass:Passw0rd -out key-p256.key \|\| exit 1
	openssl pkey -in key-p256.key -passin pass:Passw0rd -pubout -out key-p256.pub \|\| exit 1
	# parametrised curve
	openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:secp384r1 -pkeyopt ec_param_enc:explicit -aes-256-cfb -pass pass:Passw0rd -out key-bp.key \|\| exit 1
	openssl pkey -in key-bp.key -passin pass:Passw0rd -pubout -out key-bp.pub \|\| exit 1
	##
	# Certificate (self signed)
	##
	openssl req -new -x509 -newkey rsa:2048 -subj "/CN=Test Key/" -keyout key-cert.key -out key-cert.crt -days 3650 -nodes -sha256 \|\| exit 1
	##
	# now create a config file naming the keys
	##
	cat >> ${OPENSSL_PKCS11_CONF} <<EOF
	[key-pass]
	id = key1
	public key = ${srcdir}/key-pass.pub
	private key = ${srcdir}/key-pass.key

	[key-nopass]
	id = key2
	private key = ${srcdir}/key-nopass.key
	public key = ${srcdir}/key-nopass.pub

	[key-engine]
	id = key3
	model = engine-key
	manufacturer id = engine
	engine = testengine
	public key = ${srcdir}/key-pass.pub
	private key = ${srcdir}/key-engine.key

	[key-p256]
	id = key-p256
	public key = ${srcdir}/key-p256.pub
	private key = ${srcdir}/key-p256.key

	[key-bp]
	id = key-bp
	public key = ${srcdir}/key-bp.pub
	private key = ${srcdir}/key-bp.key

	[cert]
	certificate = ${srcdir}/key-cert.crt
	private key = ${srcdir}/key-cert.key

	EOF