Browse code
Add an elliptic curve testing cert chain to the sample keys
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1398293018-8581-3-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8601
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Steffan Karger authored on 2014/04/24 07:43:38Showing 7 changed files
- sample/sample-keys/README
- sample/sample-keys/ec-ca.crt
- sample/sample-keys/ec-ca.key
- sample/sample-keys/ec-client.crt
- sample/sample-keys/ec-client.key
- sample/sample-keys/ec-server.crt
- sample/sample-keys/ec-server.key
| ... | ... |
@@ -1,7 +1,6 @@ |
| 1 |
-Sample RSA keys. |
|
| 1 |
+Sample RSA and EC keys. |
|
| 2 | 2 |
|
| 3 |
-See the examples section of the man page |
|
| 4 |
-for usage examples. |
|
| 3 |
+See the examples section of the man page for usage examples. |
|
| 5 | 4 |
|
| 6 | 5 |
NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY. |
| 7 | 6 |
DON'T USE THEM FOR ANY REAL WORK BECAUSE |
| ... | ... |
@@ -12,3 +11,4 @@ client.{crt,key} -- sample client key/cert
|
| 12 | 12 |
server.{crt,key} -- sample server key/cert (nsCertType=server)
|
| 13 | 13 |
pass.{crt,key} -- sample client key/cert with password-encrypted key
|
| 14 | 14 |
password = "password" |
| 15 |
+ec-*.{crt,key} -- sample elliptic curve variants of the above
|
| 15 | 16 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,13 @@ |
| 0 |
+-----BEGIN CERTIFICATE----- |
|
| 1 |
+MIIB4jCCAWmgAwIBAgIJALGEGB2g6cAXMAoGCCqGSM49BAMCMBUxEzARBgNVBAMT |
|
| 2 |
+CkVDLVRlc3QgQ0EwHhcNMTQwMTE4MTYwMTUzWhcNMjQwMTE2MTYwMTUzWjAVMRMw |
|
| 3 |
+EQYDVQQDEwpFQy1UZXN0IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE2S4AZT7j |
|
| 4 |
+ZlPG/CXpT12CzCNSySyKmJt+fWyW/wzbRulVJpGHXRHpZZj2VNOUE72kqGUeshh6 |
|
| 5 |
+Um1o7lHGDSAkHOJpeW5FtryiKhwFc+4dsOCLTNLVFXQsEtY3gY14Uquio4GEMIGB |
|
| 6 |
+MB0GA1UdDgQWBBS0mkFcuCZ8SLWZRAD/8LpBQcgGPDBFBgNVHSMEPjA8gBS0mkFc |
|
| 7 |
+uCZ8SLWZRAD/8LpBQcgGPKEZpBcwFTETMBEGA1UEAxMKRUMtVGVzdCBDQYIJALGE |
|
| 8 |
+GB2g6cAXMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA2cA |
|
| 9 |
+MGQCMHWlVTi0xNZstR8ZNH+7z0WlyIXyZe23ne3EXkO0thZLdv86kpxFMPW/llB+ |
|
| 10 |
+RMRKuQIweN97n7FQy5DTenr91U98KDFJ5Av4mDFRL1mkXiu3W1//4XD8yEYDQTRz |
|
| 11 |
+/GARuOLL |
|
| 12 |
+-----END CERTIFICATE----- |
| 0 | 13 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,6 @@ |
| 0 |
+-----BEGIN PRIVATE KEY----- |
|
| 1 |
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDASU6X/mh2m2PayviL3 |
|
| 2 |
+teoml5soyIUcZfwZpVn6oNtnrLcAbIRsAJbM4xyGVp77G/6hZANiAATZLgBlPuNm |
|
| 3 |
+U8b8JelPXYLMI1LJLIqYm359bJb/DNtG6VUmkYddEellmPZU05QTvaSoZR6yGHpS |
|
| 4 |
+bWjuUcYNICQc4ml5bkW2vKIqHAVz7h2w4ItM0tUVdCwS1jeBjXhSq6I= |
|
| 5 |
+-----END PRIVATE KEY----- |
| 0 | 6 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,61 @@ |
| 0 |
+Certificate: |
|
| 1 |
+ Data: |
|
| 2 |
+ Version: 3 (0x2) |
|
| 3 |
+ Serial Number: 2 (0x2) |
|
| 4 |
+ Signature Algorithm: ecdsa-with-SHA256 |
|
| 5 |
+ Issuer: CN=EC-Test CA |
|
| 6 |
+ Validity |
|
| 7 |
+ Not Before: Jan 18 16:02:37 2014 GMT |
|
| 8 |
+ Not After : Jan 16 16:02:37 2024 GMT |
|
| 9 |
+ Subject: CN=ec-client |
|
| 10 |
+ Subject Public Key Info: |
|
| 11 |
+ Public Key Algorithm: id-ecPublicKey |
|
| 12 |
+ Public-Key: (384 bit) |
|
| 13 |
+ pub: |
|
| 14 |
+ 04:40:d9:b9:a2:44:1b:01:39:2c:14:ee:aa:70:6b: |
|
| 15 |
+ 31:98:28:44:c9:61:bc:b7:0b:b5:53:49:c2:c0:0a: |
|
| 16 |
+ 43:b0:08:50:cd:80:2f:5d:a4:89:f1:ff:7d:11:78: |
|
| 17 |
+ f5:0c:b2:86:e2:59:f8:17:76:1b:22:f2:23:67:e7: |
|
| 18 |
+ 55:90:ea:ce:0a:aa:da:05:f4:85:19:c9:ed:ae:6d: |
|
| 19 |
+ a3:ad:56:7a:f6:33:c6:cf:bb:c7:39:fa:e4:d3:67: |
|
| 20 |
+ df:f0:b8:4a:88:57:98 |
|
| 21 |
+ ASN1 OID: secp384r1 |
|
| 22 |
+ X509v3 extensions: |
|
| 23 |
+ X509v3 Basic Constraints: |
|
| 24 |
+ CA:FALSE |
|
| 25 |
+ X509v3 Subject Key Identifier: |
|
| 26 |
+ D8:E2:35:7B:CA:66:71:6B:D8:5B:F5:12:13:82:2D:ED:CD:E5:ED:7F |
|
| 27 |
+ X509v3 Authority Key Identifier: |
|
| 28 |
+ keyid:B4:9A:41:5C:B8:26:7C:48:B5:99:44:00:FF:F0:BA:41:41:C8:06:3C |
|
| 29 |
+ DirName:/CN=EC-Test CA |
|
| 30 |
+ serial:B1:84:18:1D:A0:E9:C0:17 |
|
| 31 |
+ |
|
| 32 |
+ X509v3 Extended Key Usage: |
|
| 33 |
+ TLS Web Client Authentication |
|
| 34 |
+ X509v3 Key Usage: |
|
| 35 |
+ Digital Signature |
|
| 36 |
+ Netscape Comment: |
|
| 37 |
+ Easy-RSA Generated Certificate |
|
| 38 |
+ Netscape Cert Type: |
|
| 39 |
+ SSL Client |
|
| 40 |
+ Signature Algorithm: ecdsa-with-SHA256 |
|
| 41 |
+ 30:64:02:30:41:8b:1a:fd:97:a8:bb:7c:d0:eb:1c:a2:ba:c0: |
|
| 42 |
+ ac:2f:6d:80:07:5b:5c:ef:55:59:1a:92:56:66:94:ce:49:6a: |
|
| 43 |
+ a9:57:49:b2:41:73:64:7e:01:ac:31:3a:7c:2a:bf:a5:02:30: |
|
| 44 |
+ 2b:c4:a6:b1:0c:03:82:e3:e4:03:39:fb:19:d7:76:21:1b:7e: |
|
| 45 |
+ 7f:aa:22:5d:90:a4:e1:2e:cd:ca:92:0f:b6:3f:80:dc:26:d2: |
|
| 46 |
+ 09:34:8c:d1:61:bb:9d:ac:6d:8f:68:f0 |
|
| 47 |
+-----BEGIN CERTIFICATE----- |
|
| 48 |
+MIICLTCCAbSgAwIBAgIBAjAKBggqhkjOPQQDAjAVMRMwEQYDVQQDEwpFQy1UZXN0 |
|
| 49 |
+IENBMB4XDTE0MDExODE2MDIzN1oXDTI0MDExNjE2MDIzN1owFDESMBAGA1UEAxMJ |
|
| 50 |
+ZWMtY2xpZW50MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEQNm5okQbATksFO6qcGsx |
|
| 51 |
+mChEyWG8twu1U0nCwApDsAhQzYAvXaSJ8f99EXj1DLKG4ln4F3YbIvIjZ+dVkOrO |
|
| 52 |
+CqraBfSFGcntrm2jrVZ69jPGz7vHOfrk02ff8LhKiFeYo4HYMIHVMAkGA1UdEwQC |
|
| 53 |
+MAAwHQYDVR0OBBYEFNjiNXvKZnFr2Fv1EhOCLe3N5e1/MEUGA1UdIwQ+MDyAFLSa |
|
| 54 |
+QVy4JnxItZlEAP/wukFByAY8oRmkFzAVMRMwEQYDVQQDEwpFQy1UZXN0IENBggkA |
|
| 55 |
+sYQYHaDpwBcwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMC0GCWCG |
|
| 56 |
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwEQYJYIZI |
|
| 57 |
+AYb4QgEBBAQDAgeAMAoGCCqGSM49BAMCA2cAMGQCMEGLGv2XqLt80OscorrArC9t |
|
| 58 |
+gAdbXO9VWRqSVmaUzklqqVdJskFzZH4BrDE6fCq/pQIwK8SmsQwDguPkAzn7Gdd2 |
|
| 59 |
+IRt+f6oiXZCk4S7NypIPtj+A3CbSCTSM0WG7naxtj2jw |
|
| 60 |
+-----END CERTIFICATE----- |
| 0 | 61 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,6 @@ |
| 0 |
+-----BEGIN PRIVATE KEY----- |
|
| 1 |
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDD9Agj8nr/8sIr0XHky |
|
| 2 |
+mcn1oMb3vqOh2axFBaIvmOHYmqs11SIH1tKYelkNYy9zHTChZANiAARA2bmiRBsB |
|
| 3 |
+OSwU7qpwazGYKETJYby3C7VTScLACkOwCFDNgC9dpInx/30RePUMsobiWfgXdhsi |
|
| 4 |
+8iNn51WQ6s4KqtoF9IUZye2ubaOtVnr2M8bPu8c5+uTTZ9/wuEqIV5g= |
|
| 5 |
+-----END PRIVATE KEY----- |
| 0 | 6 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,61 @@ |
| 0 |
+Certificate: |
|
| 1 |
+ Data: |
|
| 2 |
+ Version: 3 (0x2) |
|
| 3 |
+ Serial Number: 1 (0x1) |
|
| 4 |
+ Signature Algorithm: ecdsa-with-SHA256 |
|
| 5 |
+ Issuer: CN=EC-Test CA |
|
| 6 |
+ Validity |
|
| 7 |
+ Not Before: Jan 18 16:02:31 2014 GMT |
|
| 8 |
+ Not After : Jan 16 16:02:31 2024 GMT |
|
| 9 |
+ Subject: CN=ec-server |
|
| 10 |
+ Subject Public Key Info: |
|
| 11 |
+ Public Key Algorithm: id-ecPublicKey |
|
| 12 |
+ Public-Key: (384 bit) |
|
| 13 |
+ pub: |
|
| 14 |
+ 04:bd:8c:3a:af:2e:2f:2e:de:cf:d2:39:8d:b9:a6: |
|
| 15 |
+ 13:96:80:6d:b5:b2:ee:97:62:3b:a2:32:38:77:1e: |
|
| 16 |
+ fb:2a:ef:86:4b:d0:9e:4b:55:e0:9b:07:f9:64:2f: |
|
| 17 |
+ 6b:a7:17:fd:65:dd:50:3f:1c:fa:fa:2f:39:2e:97: |
|
| 18 |
+ d4:86:e5:4e:5a:d2:50:0b:f4:d7:08:62:67:53:44: |
|
| 19 |
+ 62:e3:25:f2:fa:36:84:87:1d:03:e3:e9:9d:d9:66: |
|
| 20 |
+ 51:dd:b4:c4:db:0b:05 |
|
| 21 |
+ ASN1 OID: secp384r1 |
|
| 22 |
+ X509v3 extensions: |
|
| 23 |
+ X509v3 Basic Constraints: |
|
| 24 |
+ CA:FALSE |
|
| 25 |
+ X509v3 Subject Key Identifier: |
|
| 26 |
+ EA:DF:7E:A3:D4:61:73:D7:01:AF:6E:0A:38:8D:33:D0:BD:24:4B:E1 |
|
| 27 |
+ X509v3 Authority Key Identifier: |
|
| 28 |
+ keyid:B4:9A:41:5C:B8:26:7C:48:B5:99:44:00:FF:F0:BA:41:41:C8:06:3C |
|
| 29 |
+ DirName:/CN=EC-Test CA |
|
| 30 |
+ serial:B1:84:18:1D:A0:E9:C0:17 |
|
| 31 |
+ |
|
| 32 |
+ X509v3 Extended Key Usage: |
|
| 33 |
+ TLS Web Server Authentication |
|
| 34 |
+ X509v3 Key Usage: |
|
| 35 |
+ Digital Signature, Key Encipherment |
|
| 36 |
+ Netscape Comment: |
|
| 37 |
+ Easy-RSA Generated Certificate |
|
| 38 |
+ Netscape Cert Type: |
|
| 39 |
+ SSL Server |
|
| 40 |
+ Signature Algorithm: ecdsa-with-SHA256 |
|
| 41 |
+ 30:64:02:30:20:39:12:92:cc:a2:ca:45:b9:1a:8f:e0:c1:e7: |
|
| 42 |
+ b7:4a:79:4d:07:07:81:72:08:b4:d4:7b:46:53:d7:72:32:d0: |
|
| 43 |
+ d7:3e:e8:88:2b:c9:ba:8b:d5:94:4f:41:6c:d0:2e:a4:02:30: |
|
| 44 |
+ 75:ff:c3:8a:c1:f5:79:1c:1a:08:16:31:c2:c1:6e:d4:33:dc: |
|
| 45 |
+ 9f:04:0f:90:94:d9:75:c1:6d:71:28:62:cc:f6:89:7c:91:86: |
|
| 46 |
+ a4:96:45:34:a0:8d:92:7e:dd:e3:da:4d |
|
| 47 |
+-----BEGIN CERTIFICATE----- |
|
| 48 |
+MIICLTCCAbSgAwIBAgIBATAKBggqhkjOPQQDAjAVMRMwEQYDVQQDEwpFQy1UZXN0 |
|
| 49 |
+IENBMB4XDTE0MDExODE2MDIzMVoXDTI0MDExNjE2MDIzMVowFDESMBAGA1UEAxMJ |
|
| 50 |
+ZWMtc2VydmVyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEvYw6ry4vLt7P0jmNuaYT |
|
| 51 |
+loBttbLul2I7ojI4dx77Ku+GS9CeS1Xgmwf5ZC9rpxf9Zd1QPxz6+i85LpfUhuVO |
|
| 52 |
+WtJQC/TXCGJnU0Ri4yXy+jaEhx0D4+md2WZR3bTE2wsFo4HYMIHVMAkGA1UdEwQC |
|
| 53 |
+MAAwHQYDVR0OBBYEFOrffqPUYXPXAa9uCjiNM9C9JEvhMEUGA1UdIwQ+MDyAFLSa |
|
| 54 |
+QVy4JnxItZlEAP/wukFByAY8oRmkFzAVMRMwEQYDVQQDEwpFQy1UZXN0IENBggkA |
|
| 55 |
+sYQYHaDpwBcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMC0GCWCG |
|
| 56 |
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwEQYJYIZI |
|
| 57 |
+AYb4QgEBBAQDAgZAMAoGCCqGSM49BAMCA2cAMGQCMCA5EpLMospFuRqP4MHnt0p5 |
|
| 58 |
+TQcHgXIItNR7RlPXcjLQ1z7oiCvJuovVlE9BbNAupAIwdf/DisH1eRwaCBYxwsFu |
|
| 59 |
+1DPcnwQPkJTZdcFtcShizPaJfJGGpJZFNKCNkn7d49pN |
|
| 60 |
+-----END CERTIFICATE----- |
| 0 | 61 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,6 @@ |
| 0 |
+-----BEGIN PRIVATE KEY----- |
|
| 1 |
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDD8bQlwrFrXHPmem0bt |
|
| 2 |
+cBcU6nYfaZQbPdIDAB7edOOyevvzYH0qMtbaW95iSZLMRVWhZANiAAS9jDqvLi8u |
|
| 3 |
+3s/SOY25phOWgG21su6XYjuiMjh3Hvsq74ZL0J5LVeCbB/lkL2unF/1l3VA/HPr6 |
|
| 4 |
+Lzkul9SG5U5a0lAL9NcIYmdTRGLjJfL6NoSHHQPj6Z3ZZlHdtMTbCwU= |
|
| 5 |
+-----END PRIVATE KEY----- |