文章目录
-
- openssl3.2/test/certs - 023 - EC cert with explicit curve
- 概述
- 笔记
- END
openssl3.2/test/certs - 023 - EC cert with explicit curve
概述
openssl3.2 - 官方demo学习 - test - certs
并没有看到指定了椭圆曲线的参数, 还是rsa证书.
可能后面的脚本会生成指定了椭圆曲线的证书.
笔记
// file my_openssl_linux_log_doc_023.txt // ote openssl3.2/test/certs - 023 - EC cert with explicit curve // -------------------------------------------------------------------------------- // 官方脚本 // -------------------------------------------------------------------------------- // openssl3.2/test/certs - 023 - EC cert with explicit curve ./mkcert.sh genca "CA" ca-key-ec-explicit ca-cert-ec-explicit root-key root-cert // -------------------------------------------------------------------------------- // openssl parse // -------------------------------------------------------------------------------- // cmd1: openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ca-key-ec-explicit.pem // cmd2: // config file = cfg_exp023_cmd2.txt string_mask=utf8only [req] prompt = no distinguished_name = dn [dn] CN = CA openssl req -new -sha256 -key ca-key-ec-explicit.pem -config cfg_exp023_cmd2.txt -out ca-key-ec-explicit-req.pem // cmd3: // config file = cfg_exp023_cmd3.txt basicConstraints = critical,CA:true keyUsage = keyCertSign,cRLSign subjectKeyIdentifier = hash authorityKeyIdentifier = keyid openssl x509 -req -sha256 -out ca-cert-ec-explicit.pem -extfile cfg_exp023_cmd3.txt -CA root-cert.pem -CAkey root-key.pem -set_serial 2 -days 36525 -in ca-key-ec-explicit-req.pem // -------------------------------------------------------------------------------- // openssl log // -------------------------------------------------------------------------------- openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out ca-key-ec-explicit.pem openssl req -new -sha256 -key ca-key-ec-explicit.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt string_mask=utf8only [req] prompt = no distinguished_name = dn [dn] CN = CA openssl x509 -req -sha256 -out ca-cert-ec-explicit.pem -extfile /dev/fd/63 -CA root-cert.pem -CAkey root-key.pem -set_serial 2 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txt basicConstraints = critical,CA:true keyUsage = keyCertSign,cRLSign subjectKeyIdentifier = hash authorityKeyIdentifier = keyid