1## This file contains a record of how some of the test data was 2## generated. The final build products are committed to the repository 3## as well to make sure that the test data is identical. You do not 4## need to use this makefile unless you're extending mbed TLS's tests. 5 6## Many data files were generated prior to the existence of this 7## makefile, so the method of their generation was not recorded. 8 9## Note that in addition to depending on the version of the data 10## generation tool, many of the build outputs are randomized, so 11## running this makefile twice would not produce the same results. 12 13## Tools 14OPENSSL ?= openssl 15FAKETIME ?= faketime 16 17TOP_DIR = ../.. 18MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write 19MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req 20 21## Build the generated test data. Note that since the final outputs 22## are committed to the repository, this target should do nothing on a 23## fresh checkout. Furthermore, since the generation is randomized, 24## re-running the same targets may result in differing files. The goal 25## of this makefile is primarily to serve as a record of how the 26## targets were generated in the first place. 27default: all_final 28 29all_intermediate := # temporary files 30all_final := # files used by tests 31 32 33 34################################################################ 35#### Generate certificates from existing keys 36################################################################ 37 38test_ca_crt = test-ca.crt 39test_ca_key_file_rsa = test-ca.key 40test_ca_pwd_rsa = PolarSSLTest 41test_ca_config_file = test-ca.opensslconf 42 43test-ca.req.sha256: $(test_ca_key_file_rsa) 44 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 45all_intermediate += test-ca.req.sha256 46 47test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 48 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 49all_final += test-ca.crt 50 51test-ca.crt.der: test-ca.crt 52 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 53all_final += test-ca.crt.der 54 55test-ca.key.der: $(test_ca_key_file_rsa) 56 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" 57all_final += test-ca.key.der 58 59test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 60 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@ 61all_final += test-ca-sha1.crt 62 63test-ca-sha1.crt.der: test-ca-sha1.crt 64 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 65all_final += test-ca-sha1.crt.der 66 67test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 68 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ 69all_final += test-ca-sha256.crt 70 71test-ca-sha256.crt.der: test-ca-sha256.crt 72 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 73all_final += test-ca-sha256.crt.der 74 75test-ca_utf8.crt: $(test_ca_key_file_rsa) 76 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 77all_final += test-ca_utf8.crt 78 79test-ca_printable.crt: $(test_ca_key_file_rsa) 80 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 81all_final += test-ca_printable.crt 82 83test-ca_uppercase.crt: $(test_ca_key_file_rsa) 84 $(OPENSSL) req -x509 -new -nodes -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 3 -config $(test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 85all_final += test-ca_uppercase.crt 86 87test_ca_key_file_rsa_alt = test-ca-alt.key 88 89$(test_ca_key_file_rsa_alt): 90 $(OPENSSL) genrsa -out $@ 2048 91test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) 92 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@ 93all_intermediate += test-ca-alt.csr 94test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr 95 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@ 96all_final += test-ca-alt.crt 97test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt 98 cat test-ca-alt.crt test-ca-sha256.crt > $@ 99all_final += test-ca-alt-good.crt 100test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt 101 cat test-ca-sha256.crt test-ca-alt.crt > $@ 102all_final += test-ca-good-alt.crt 103 104test_ca_crt_file_ec = test-ca2.crt 105test_ca_key_file_ec = test-ca2.key 106 107test-ca2.crt.der: $(test_ca_crt_file_ec) 108 $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER 109all_final += test-ca2.crt.der 110 111 test-ca2.key.der: $(test_ca_key_file_ec) 112 $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER 113all_final += test-ca2.key.der 114 115test_ca_crt_cat12 = test-ca_cat12.crt 116$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) 117 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ 118all_final += $(test_ca_crt_cat12) 119 120test_ca_crt_cat21 = test-ca_cat21.crt 121$(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec) 122 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@ 123all_final += $(test_ca_crt_cat21) 124 125test-int-ca.csr: test-int-ca.key $(test_ca_config_file) 126 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ 127all_intermediate += test-int-ca.csr 128test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr 129 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ 130all_final += test-int-ca-exp.crt 131 132enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem 133 $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 134 135crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 136 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@ 137all_final += crl-idp.pem 138crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 139 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@ 140all_final += crl-idpnc.pem 141 142cli_crt_key_file_rsa = cli-rsa.key 143cli_crt_extensions_file = cli.opensslconf 144 145cli-rsa.csr: $(cli_crt_key_file_rsa) 146 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1 147all_intermediate += cli-rsa.csr 148 149cli-rsa-sha1.crt: cli-rsa.csr 150 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 151 152cli-rsa-sha256.crt: cli-rsa.csr 153 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 154all_final += cli-rsa-sha256.crt 155 156cli-rsa-sha256.crt.der: cli-rsa-sha256.crt 157 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 158all_final += cli-rsa-sha256.crt.der 159 160cli-rsa-sha256-badalg.crt.der: cli-rsa-sha256.crt.der 161 hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D01010B0500/06092A864886F70D01010B0900/2" | xxd -r -p > $@ 162all_final += cli-rsa-sha256-badalg.crt.der 163 164cli-rsa.key.der: $(cli_crt_key_file_rsa) 165 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 166all_final += cli-rsa.key.der 167 168test_ca_int_rsa1 = test-int-ca.crt 169 170server7.csr: server7.key 171 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ 172all_intermediate += server7.csr 173server7-expired.crt: server7.csr $(test_ca_int_rsa1) 174 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 175all_final += server7-expired.crt 176server7-future.crt: server7.csr $(test_ca_int_rsa1) 177 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ 178all_final += server7-future.crt 179server7-badsign.crt: server7.crt $(test_ca_int_rsa1) 180 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ 181all_final += server7-badsign.crt 182server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt 183 cat server7.crt test-int-ca-exp.crt > $@ 184all_final += server7_int-ca-exp.crt 185 186cli2.crt.der: cli2.crt 187 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 188all_final += cli2.crt.der 189 190 cli2.key.der: cli2.key 191 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 192all_final += cli2.key.der 193 194 server5.crt.der: server5.crt 195 $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER 196all_final += server5.crt.der 197 198 server5.key.der: server5.key 199 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 200all_final += server5.key.der 201 202server5-ss-expired.crt: server5.key 203 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ 204all_final += server5-ss-expired.crt 205 206# try to forge a copy of test-int-ca3 with different key 207server5-ss-forgeca.crt: server5.key 208 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ 209all_final += server5-ss-forgeca.crt 210 211server5-tricky-ip-san.crt: server5.key 212 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@ 213all_final += server5-tricky-ip-san.crt 214 215server10-badsign.crt: server10.crt 216 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 217all_final += server10-badsign.crt 218server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt 219 cat server10-badsign.crt test-int-ca3.crt > $@ 220all_final += server10-bs_int3.pem 221test-int-ca3-badsign.crt: test-int-ca3.crt 222 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ 223all_final += test-int-ca3-badsign.crt 224server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt 225 cat server10.crt test-int-ca3-badsign.crt > $@ 226all_final += server10_int3-bs.pem 227 228rsa_pkcs1_2048_public.pem: server8.key 229 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ 230all_final += rsa_pkcs1_2048_public.pem 231 232rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem 233 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@ 234all_final += rsa_pkcs1_2048_public.der 235 236rsa_pkcs8_2048_public.pem: server8.key 237 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@ 238all_final += rsa_pkcs8_2048_public.pem 239 240rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem 241 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ 242all_final += rsa_pkcs8_2048_public.der 243 244################################################################ 245#### Generate various RSA keys 246################################################################ 247 248### Password used for PKCS1-encoded encrypted RSA keys 249keys_rsa_basic_pwd = testkey 250 251### Password used for PKCS8-encoded encrypted RSA keys 252keys_rsa_pkcs8_pwd = PolarSSLTest 253 254### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which 255### all other encrypted RSA keys are derived. 256rsa_pkcs1_1024_clear.pem: 257 $(OPENSSL) genrsa -out $@ 1024 258all_final += rsa_pkcs1_1024_clear.pem 259rsa_pkcs1_2048_clear.pem: 260 $(OPENSSL) genrsa -out $@ 2048 261all_final += rsa_pkcs1_2048_clear.pem 262rsa_pkcs1_4096_clear.pem: 263 $(OPENSSL) genrsa -out $@ 4096 264all_final += rsa_pkcs1_4096_clear.pem 265 266### 267### PKCS1-encoded, encrypted RSA keys 268### 269 270### 1024-bit 271rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem 272 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 273all_final += rsa_pkcs1_1024_des.pem 274rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 275 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 276all_final += rsa_pkcs1_1024_3des.pem 277rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem 278 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 279all_final += rsa_pkcs1_1024_aes128.pem 280rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem 281 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 282all_final += rsa_pkcs1_1024_aes192.pem 283rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem 284 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 285all_final += rsa_pkcs1_1024_aes256.pem 286keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem 287 288# 2048-bit 289rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem 290 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 291all_final += rsa_pkcs1_2048_des.pem 292rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 293 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 294all_final += rsa_pkcs1_2048_3des.pem 295rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem 296 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 297all_final += rsa_pkcs1_2048_aes128.pem 298rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem 299 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 300all_final += rsa_pkcs1_2048_aes192.pem 301rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem 302 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 303all_final += rsa_pkcs1_2048_aes256.pem 304keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem 305 306# 4096-bit 307rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem 308 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 309all_final += rsa_pkcs1_4096_des.pem 310rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 311 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 312all_final += rsa_pkcs1_4096_3des.pem 313rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem 314 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 315all_final += rsa_pkcs1_4096_aes128.pem 316rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem 317 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 318all_final += rsa_pkcs1_4096_aes192.pem 319rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem 320 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" 321all_final += rsa_pkcs1_4096_aes256.pem 322keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem 323 324### 325### PKCS8-v1 encoded, encrypted RSA keys 326### 327 328### 1024-bit 329rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem 330 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 331all_final += rsa_pkcs8_pbe_sha1_1024_3des.der 332rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem 333 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 334all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem 335keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der 336 337rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem 338 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 339all_final += rsa_pkcs8_pbe_sha1_1024_2des.der 340rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem 341 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 342all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem 343keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der 344 345rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem 346 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 347all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der 348rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem 349 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 350all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem 351keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der 352 353keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 354 355### 2048-bit 356rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem 357 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 358all_final += rsa_pkcs8_pbe_sha1_2048_3des.der 359rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem 360 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 361all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem 362keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der 363 364rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem 365 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 366all_final += rsa_pkcs8_pbe_sha1_2048_2des.der 367rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem 368 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 369all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem 370keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der 371 372rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem 373 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 374all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der 375rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem 376 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 377all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem 378keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der 379 380keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 381 382### 4096-bit 383rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem 384 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 385all_final += rsa_pkcs8_pbe_sha1_4096_3des.der 386rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem 387 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES 388all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem 389keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der 390 391rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem 392 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 393all_final += rsa_pkcs8_pbe_sha1_4096_2des.der 394rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem 395 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES 396all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem 397keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der 398 399rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem 400 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 401all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der 402rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem 403 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 404all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem 405keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der 406 407keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 408 409### 410### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) 411### 412 413### 1024-bit 414rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem 415 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 416all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der 417rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem 418 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 419all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 420keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem 421 422rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem 423 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 424all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der 425rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem 426 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 427all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 428keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem 429 430keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des 431 432### 2048-bit 433rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem 434 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 435all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der 436rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem 437 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 438all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 439keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem 440 441rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem 442 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 443all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der 444rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem 445 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 446all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 447keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem 448 449keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des 450 451### 4096-bit 452rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem 453 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 454all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der 455rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem 456 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 457all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 458keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem 459 460rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem 461 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 462all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der 463rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem 464 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 465all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 466keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem 467 468keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des 469 470### 471### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224 472### 473 474### 1024-bit 475rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem 476 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 477all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der 478rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem 479 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 480all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 481keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem 482 483rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem 484 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 485all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der 486rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem 487 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 488all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 489keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem 490 491keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224 492 493### 2048-bit 494rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem 495 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 496all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der 497rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem 498 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 499all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 500keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem 501 502rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem 503 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 504all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der 505rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem 506 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 507all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 508keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem 509 510keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224 511 512### 4096-bit 513rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem 514 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 515all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der 516rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem 517 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 518all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 519keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem 520 521rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem 522 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 523all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der 524rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem 525 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 526all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 527keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem 528 529keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224 530 531### 532### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256 533### 534 535### 1024-bit 536rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem 537 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 538all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der 539rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem 540 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 541all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 542keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem 543 544rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem 545 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 546all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der 547rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem 548 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 549all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 550keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem 551 552keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256 553 554### 2048-bit 555rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem 556 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 557all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der 558rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem 559 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 560all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 561keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem 562 563rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem 564 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 565all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der 566rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem 567 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 568all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 569keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem 570 571keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256 572 573### 4096-bit 574rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem 575 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 576all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der 577rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem 578 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 579all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 580keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem 581 582rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem 583 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 584all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der 585rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem 586 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 587all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 588keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem 589 590keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256 591 592### 593### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384 594### 595 596### 1024-bit 597rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem 598 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 599all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der 600rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem 601 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 602all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 603keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem 604 605rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem 606 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 607all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der 608rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem 609 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 610all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 611keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem 612 613keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384 614 615### 2048-bit 616rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem 617 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 618all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der 619rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem 620 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 621all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 622keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem 623 624rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem 625 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 626all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der 627rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem 628 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 629all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 630keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem 631 632keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384 633 634### 4096-bit 635rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem 636 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 637all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der 638rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem 639 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 640all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 641keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem 642 643rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem 644 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 645all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der 646rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem 647 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 648all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 649keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem 650 651keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384 652 653### 654### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512 655### 656 657### 1024-bit 658rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem 659 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 660all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der 661rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem 662 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 663all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 664keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem 665 666rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem 667 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 668all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der 669rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem 670 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 671all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 672keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem 673 674keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512 675 676### 2048-bit 677rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem 678 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 679all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der 680rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem 681 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 682all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 683keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem 684 685rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem 686 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 687all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der 688rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem 689 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 690all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 691keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem 692 693keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512 694 695### 4096-bit 696rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem 697 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 698all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der 699rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem 700 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 701all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 702keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem 703 704rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem 705 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 706all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der 707rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem 708 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" 709all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 710keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem 711 712keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512 713 714### 715### Rules to generate all RSA keys from a particular class 716### 717 718### Generate basic unencrypted RSA keys 719keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem 720 721### Generate PKCS1-encoded encrypted RSA keys 722keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 723 724### Generate PKCS8-v1 encrypted RSA keys 725keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 726 727### Generate PKCS8-v2 encrypted RSA keys 728keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 729 730### Generate all RSA keys 731keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 732 733################################################################ 734#### Generate various EC keys 735################################################################ 736 737### 738### PKCS8 encoded 739### 740 741ec_prv.pk8.der: 742 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER 743all_final += ec_prv.pk8.der 744 745# ### Instructions for creating `ec_prv.pk8nopub.der`, 746# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from 747# ### `ec_prv.pk8.der`. 748# 749# These instructions assume you are familiar with ASN.1 DER encoding and can 750# use a hex editor to manipulate DER. 751# 752# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: 753# 754# PrivateKeyInfo ::= SEQUENCE { 755# version Version, 756# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 757# privateKey PrivateKey, 758# attributes [0] IMPLICIT Attributes OPTIONAL 759# } 760# 761# AlgorithmIdentifier ::= SEQUENCE { 762# algorithm OBJECT IDENTIFIER, 763# parameters ANY DEFINED BY algorithm OPTIONAL 764# } 765# 766# ECParameters ::= CHOICE { 767# namedCurve OBJECT IDENTIFIER 768# -- implicitCurve NULL 769# -- specifiedCurve SpecifiedECDomain 770# } 771# 772# ECPrivateKey ::= SEQUENCE { 773# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), 774# privateKey OCTET STRING, 775# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, 776# publicKey [1] BIT STRING OPTIONAL 777# } 778# 779# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following 780# fields: 781# 782# * privateKeyAlgorithm namedCurve 783# * privateKey.parameters NOT PRESENT 784# * privateKey.publicKey PRESENT 785# * attributes NOT PRESENT 786# 787# # ec_prv.pk8nopub.der 788# 789# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`. 790# 791# # ec_prv.pk8nopubparam.der 792# 793# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as 794# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 795# 796# # ec_prv.pk8param.der 797# 798# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as 799# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag. 800 801ec_prv.pk8.pem: ec_prv.pk8.der 802 $(OPENSSL) pkey -in $< -inform DER -out $@ 803all_final += ec_prv.pk8.pem 804ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der 805 $(OPENSSL) pkey -in $< -inform DER -out $@ 806all_final += ec_prv.pk8nopub.pem 807ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der 808 $(OPENSSL) pkey -in $< -inform DER -out $@ 809all_final += ec_prv.pk8nopubparam.pem 810ec_prv.pk8param.pem: ec_prv.pk8param.der 811 $(OPENSSL) pkey -in $< -inform DER -out $@ 812all_final += ec_prv.pk8param.pem 813 814# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' 815 816### 817### A generic SECP521R1 private key 818### 819 820secp521r1_prv.der: 821 $(OPENSSL) ecparam -genkey -name secp521r1 -noout -out secp521r1_prv.der 822all_final += secp521r1_prv.der 823 824################################################################ 825### Generate CSRs for X.509 write test suite 826################################################################ 827 828server1.req.cert_type: server1.key 829 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 830all_final += server1.req.cert_type 831 832server1.req.key_usage: server1.key 833 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 834all_final += server1.req.key_usage 835 836server1.req.ku-ct: server1.key 837 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 838all_final += server1.req.ku-ct 839 840server1.req.key_usage_empty: server1.key 841 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1 842all_final += server1.req.key_usage_empty 843 844server1.req.cert_type_empty: server1.key 845 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 846all_final += server1.req.cert_type_empty 847 848################################################################ 849### Generate CSRs for X.509 write test suite 850################################################################ 851 852server1.req.sha1: server1.key 853 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 854all_final += server1.req.sha1 855 856server1.req.md4: server1.key 857 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4 858all_final += server1.req.md4 859 860server1.req.md5: server1.key 861 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 862all_final += server1.req.md5 863 864server1.req.sha224: server1.key 865 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224 866all_final += server1.req.sha224 867 868server1.req.sha256: server1.key 869 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256 870all_final += server1.req.sha256 871 872server1.req.sha384: server1.key 873 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384 874all_final += server1.req.sha384 875 876server1.req.sha512: server1.key 877 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512 878all_final += server1.req.sha512 879 880# server2* 881 882server2.req.sha256: server2.key 883 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 884all_intermediate += server2.req.sha256 885 886server2.crt.der: server2.crt 887 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 888all_final += server2.crt.der 889 890server2-sha256.crt.der: server2-sha256.crt 891 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 892all_final += server2-sha256.crt.der 893 894server2.key.der: server2.key 895 $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER 896all_final += server2.key.der 897 898# server5* 899 900# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' 901server5.req.ku.sha1: server5.key 902 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 903all_final += server5.req.ku.sha1 904 905################################################################ 906### Generate certificates for CRT write check tests 907################################################################ 908 909### The test files use the Mbed TLS generated certificates server1*.crt, 910### but for comparison with OpenSSL also rules for OpenSSL-generated 911### certificates server1*.crt.openssl are offered. 912### 913### Known differences: 914### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension 915### as unused bits, while Mbed TLS doesn't. 916 917test_ca_server1_db = test-ca.server1.db 918test_ca_server1_serial = test-ca.server1.serial 919test_ca_server1_config_file = test-ca.server1.opensslconf 920 921# server1* 922 923server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 924 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 925server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 926 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ 927 928server1.crt.der: server1.crt 929 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 930all_final += server1.crt server1.noauthid.crt server1.crt.der 931 932server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 933 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ 934server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 935 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ 936server1.key_usage.der: server1.key_usage.crt 937 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 938all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der 939 940server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 941 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ 942server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 943 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ 944server1.cert_type.der: server1.cert_type.crt 945 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 946all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der 947 948server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) 949 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=1 output_file=$@ 950server1.v1.der: server1.v1.crt 951 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 952all_final += server1.v1.crt server1.v1.der 953 954server1_ca.crt: server1.crt $(test_ca_crt) 955 cat server1.crt $(test_ca_crt) > $@ 956all_final += server1_ca.crt 957 958cert_sha1.crt: server1.key 959 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial=7 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 960all_final += cert_sha1.crt 961 962cert_sha224.crt: server1.key 963 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial=8 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA224 version=3 output_file=$@ 964all_final += cert_sha224.crt 965 966cert_sha256.crt: server1.key 967 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 968all_final += cert_sha256.crt 969 970cert_sha384.crt: server1.key 971 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial=10 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA384 version=3 output_file=$@ 972all_final += cert_sha384.crt 973 974cert_sha512.crt: server1.key 975 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial=11 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA512 version=3 output_file=$@ 976all_final += cert_sha512.crt 977 978cert_example_wildcard.crt: server1.key 979 $(MBEDTLS_CERT_WRITE) subject_key=server1.key subject_name="C=NL, O=PolarSSL, CN=*.example.com" serial=12 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 980all_final += cert_example_wildcard.crt 981 982# OpenSSL-generated certificates for comparison 983# Also provide certificates in DER format to allow 984# direct binary comparison using e.g. dumpasn1 985server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 986 echo "01" > $(test_ca_server1_serial) 987 rm -f $(test_ca_server1_db) 988 touch $(test_ca_server1_db) 989 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@ 990server1.der.openssl: server1.crt.openssl 991 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 992server1.key_usage.der.openssl: server1.key_usage.crt.openssl 993 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 994server1.cert_type.der.openssl: server1.cert_type.crt.openssl 995 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 996 997server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) 998 echo "01" > $(test_ca_server1_serial) 999 rm -f $(test_ca_server1_db) 1000 touch $(test_ca_server1_db) 1001 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@ 1002server1.v1.der.openssl: server1.v1.crt.openssl 1003 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ 1004 1005# To revoke certificate in the openssl database: 1006# 1007# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt 1008 1009crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) 1010 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ 1011 1012crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf 1013 $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@ 1014 1015server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl 1016 1017# server2* 1018 1019server2.crt: server2.req.sha256 1020 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ 1021all_final += server2.crt 1022 1023server2-sha256.crt: server2.req.sha256 1024 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ 1025all_final += server2-sha256.crt 1026 1027# MD2, MD4, MD5 test certificates 1028 1029cert_md_test_key = $(cli_crt_key_file_rsa) 1030 1031cert_md2.csr: $(cert_md_test_key) 1032 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD2" md=MD2 1033all_intermediate += cert_md2.csr 1034 1035cert_md2.crt: cert_md2.csr 1036 $(MBEDTLS_CERT_WRITE) request_file=$< serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD2 version=3 output_file=$@ 1037all_final += cert_md2.crt 1038 1039cert_md4.csr: $(cert_md_test_key) 1040 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD4" md=MD4 1041all_intermediate += cert_md4.csr 1042 1043cert_md4.crt: cert_md4.csr 1044 $(MBEDTLS_CERT_WRITE) request_file=$< serial=5 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD4 version=3 output_file=$@ 1045all_final += cert_md4.crt 1046 1047cert_md5.csr: $(cert_md_test_key) 1048 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 1049all_intermediate += cert_md5.csr 1050 1051cert_md5.crt: cert_md5.csr 1052 $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=MD5 version=3 output_file=$@ 1053all_final += cert_md5.crt 1054 1055################################################################ 1056#### Meta targets 1057################################################################ 1058 1059all_final: $(all_final) 1060all: $(all_intermediate) $(all_final) 1061 1062.PHONY: default all_final all 1063.PHONY: keys_rsa_all 1064.PHONY: keys_rsa_unenc keys_rsa_enc_basic 1065.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 1066.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 1067.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 1068.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 1069.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 1070.PHONY: server1_all 1071 1072# These files should not be committed to the repository. 1073list_intermediate: 1074 @printf '%s\n' $(all_intermediate) | sort 1075# These files should be committed to the repository so that the test data is 1076# available upon checkout without running a randomized process depending on 1077# third-party tools. 1078list_final: 1079 @printf '%s\n' $(all_final) | sort 1080.PHONY: list_intermediate list_final 1081 1082## Remove intermediate files 1083clean: 1084 rm -f $(all_intermediate) 1085## Remove all build products, even the ones that are committed 1086neat: clean 1087 rm -f $(all_final) 1088.PHONY: clean neat 1089