tls-gen.sh
#!/bin/sh
etd() {
echo >&2 "$@"
}
Die() {
e=$?
trap - EXIT
rm -rf $TMPD
exit ${1:-$e}
}; trap Die INT TRAP EXIT
panic() {
etd
etd "$@"
Die 1
}
confirm() {(
etd -n "$@ [y/n] "
read -n1 REPLY
etd
case "$REPLY" in
y|Y) :
;;
*) Die 1
;;
esac
)}
panic "this is a showcase!"
Die 1
TMPD=$(umask 077; mktemp -d)
etd " creating +$TMPD"
# old government:
Rkey=$SOURCE/globalentity.key
Rcrt=$SOURCE/rootcert.crt
# new police:
key=$TARGET/police.key
pem=$TARGET/police.pem
crt=$TARGET/police.crt
if [ ! -f "$Rkey" ]; then
etd ' [no old root authority found]'
etd ' please do: (choose a long secret... this the main authority!)'
etd ' # +check the access rights.'
etd ' $ openssl genrsa-aes256 -out '"$Rkey 4096"
etd ' $ openssl req -x509 -new -nodes -key '"$Rkey -sha256\\"
etd ' -days 3652 -out '"$Rcrt -subj\\"
etd " '/CN=No Authority/C=FR/L=Nulle/O=NoOrg'"
etd
etd ' # to familiarise systems to CAs, do something like this:'
etd ' root@$ cp '"$Rkey /usr/local/share/ca-certificates"
etd ' root@$ update-ca-certificates'
fi
etd " [TLS creation]"
if [ -e $pem ]; then
confirm 'Overwrite [key|crt|pem]?' ||Die 0
fi
openssl req -new -nodes -out $TMPD/pem.proto -newkey rsa:2048\
-keyout $TMPD/key -subj '/CN=Portpolice 443/C=FR/L=Nulle/O=NoOrg'
rm -f $TMPD/pem.proto
cat >$TMPD/3ext <<%EOF #san properties
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints=CA:FALSE
keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
subjectAltName=@alt_names
issuerAltName=issuer:copy
[alt_names]
DNS.1=nighqraft.de
%EOF
openssl x509 -req -in $TMPD/pem.proto -CA $Rcrt -CAkey $Rkey -CAcreateserial\
-out $TMPD/crt -days 730 -sha256 -extfile $TMPD/3ext
A=$(openssl x509 -noout -modulus -inform PEM -in $TMPD/crt |md5sum)
B=$(openssl rsa -noout -modulus -inform PEM -in $TMPD/key.proto |md5sum)
#intermediate chain
C=$(openssl crl2pkcs7 -nocrl -certfile $TMPD/crt |openssl pkcs7 -print_certs -noout)
#dates
D=$(openssl x509 -noout -in $TMPD/crt -dates)
if ! echo "$A" | grep -q "^$B\$"; then
panic "openssl: Certificate Error (MD5'ves do not match!)"
fi
etd "$D"
etd "$C"
if ! openssl verify -CAfile $Rcrt $TMPD/crt >&2; then
panic "openssl: Certificate Error (Verification on authority failed!)"
fi
sed -i 's/\(BEGIN\|END\) PRIV/\1 RSA PRIV/' $TMPD/key.proto
cat $TMPD/key >$key
cat $TMPD/crt >$crt
cat $TMPD/key $TMPD/crt $Rcrt >$pem
etd " [police instantiated]"
etd
Die
And it seems they also forgot the private keys... what morons!
police:pem
-----BEGIN RSA PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLhusI72JBs5jQ 4Ur6+HNloVLLlKEOX18sBRjECEnyMa1isvqRwHJ8N1HRxJwCIFZn5aAUmdGeWx8p Iip17GZIC8at8EqB5KS6wWfyOogDyn2VXDPH9ThE19u5HXaBMigeZpNx9Jk69vOP KL5R9XEJYb8knhco8oT8RSCx9ausfpu2hxJ4y3tvlsau9VJAXjZjZHJ+NhEGeVTo yPE5El1/Gyxc8OwLlALlD6VGrhQQyqqyaAax549POc40GKpJMCZdVQuZHlVbchLB h19lNOEttbIkectBYNM2IvsfPtMzx+ZAn12RrpOXEMa0ix7ILamvVZJRb263bA0k Yzf2OYsXAgMBAAECggEATVsJSAscMFaflXybsAnwakdHncLu9/R9ytBhGlkAKgKB oQrfu7gGi3nHKlBs7031KWYYUtwn1OVTUaH/u3RPZ8C6EfBLkVUi2yyZYnKmsbIr yzIRKEXmzhuxEonFOdOjdfKMxfoupz+nUNkuhR4hiWxSZwuDR/ftXai0hY8XYebL ekm5/stN+5xxhdyhbDNqYQZz3ilCXsmUWbPG068xYGXXeUszPXggMPWqXnqae6RR U7fsTneYb3Gp/3vwIYfwDmHUg7WCj+XXDOOXZQzOjXM/nJTfaeLnACPXGM0jE9Ku Kge3G+Og76I75maTXd2CGpzZB2F3y7r2Zt9Ju+M6CQKBgQDvIEBhlkeKZEUP8K9a gxHasfbLKm3Aa9Wju3wJC3h8YboeucMY8ggD/RpfoSrUZuGZFZKmBIEvZM2Z6hDT jNQib1laYAkfAakcEyvpySWu5u8ELFDoQnCEwMuOraAgKhVuhU5Pf4GFBUd/o7Ku cS0OiUNt/iQL3ylD7UA57729xQKBgQDZ45Spqivq+JwkNw/n148INIS3nFRULhxJ KqsIRQ3O0z70QteHrWI2FanH9m1RLISOWWP8miledLbn/PikeXPqIUoHGxKUGNkk Cb9ngJ3Z1jMLP7diDtWoh3ZTSdVq5BBSNjxVkzOIkeXFeK77bgZpwRXllvdTSwK5 vUKULS2vKwKBgQCXBTlj6HM6NeVgEdPNSCYIhoik+yDhe7krdQb692GavGW9bfiH UqQ5UKpNZw4Tov4rnnJFo2arNfCbmjYSRUjcjpJR/4EDMhtJfdooBj9kXLjrW8ml RgCl9tUYQRN1/N4YNNymXJLCHflv5US94wBfw9TwLKc7UC9RlQ8RCBY/OQKBgQCB lstaRW2taINlPqJlH11gYev1UDMPhgUotwnV90wJELbGi+KoPUTGKgg6d6P4vWNx TlUbbYzhMsV+IIS5PcrlGztuEnnwPv8WYf3Gz0YSw0TEkfa9iVklzLthOe6GjnHu k3c65jumJC/mTKq1u3BxAXfGfw1GKrzKP3gTrPMY1QKBgFOs7dG2FS6Y7DpPQqRR RNGdYnYBSv2Dy/0HyK8UtRt4PXCSitIANHo0+o6bAgVYn5UTAlGr/xTJM4B+Xl8E /WjtaCmg2ysdSzE9kdA4Hj0cWkS/ICfNCDQz72bB6jRy5a3NalD/yaB6lWC5+LXf fxDZY++4V3z6RslKNLYyVsrc -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEljCCAn6gAwIBAgIUZG0Nb8542v0TiPyFwYto0RLSM8swDQYJKoZIhvcNAQEL BQAwRDEVMBMGA1UEAwwMTm8gQXV0aG9yaXR5MQswCQYDVQQGEwJGUjEOMAwGA1UE BwwFTnVsbGUxDjAMBgNVBAoMBU5vT3JnMB4XDTIzMTIwNjIwMTM1MVoXDTI1MTIw NTIwMTM1MVowRjEXMBUGA1UEAwwOUG9ydHBvbGljZSA0NDMxCzAJBgNVBAYTAkZS MQ4wDAYDVQQHDAVOdWxsZTEOMAwGA1UECgwFTm9PcmcwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDLhusI72JBs5jQ4Ur6+HNloVLLlKEOX18sBRjECEny Ma1isvqRwHJ8N1HRxJwCIFZn5aAUmdGeWx8pIip17GZIC8at8EqB5KS6wWfyOogD yn2VXDPH9ThE19u5HXaBMigeZpNx9Jk69vOPKL5R9XEJYb8knhco8oT8RSCx9aus fpu2hxJ4y3tvlsau9VJAXjZjZHJ+NhEGeVToyPE5El1/Gyxc8OwLlALlD6VGrhQQ yqqyaAax549POc40GKpJMCZdVQuZHlVbchLBh19lNOEttbIkectBYNM2IvsfPtMz x+ZAn12RrpOXEMa0ix7ILamvVZJRb263bA0kYzf2OYsXAgMBAAGjfjB8MB0GA1Ud DgQWBBSnWYb/FqoFl8jtEOj2l4o2xbXtlzAfBgNVHSMEGDAWgBQ1B+9sEZkY8vY9 lMeDV29ry7x/GzAJBgNVHRMEAjAAMAsGA1UdDwQEAwID+DAXBgNVHREEEDAOggxu aWdocXJhZnQuZGUwCQYDVR0SBAIwADANBgkqhkiG9w0BAQsFAAOCAgEAGyyo+L34 xosi91s+eMEyDM46oXO3iuRXyR+OVg8XC4X7dbxOg5PVBxfPob7x16ekIO+03+lZ DTT/Lxp6+Rd24GjNtHLE1npKaTVLjnuHKA1oUrVL0tRyqO1GHuF287KInDrq0A8A xAWdZ9tZL+f4qTBgv8eVvx1ecj89z1TBJpHQI/VCNP/lAuuNegypEI9tLcC31wFO f30Tj87MqdbFskrR8w8Oi1XGyXKNA5OXumRMam/J8vl7kNsICUM5KxNJVnkW9Agp Kk3BkziCPtLnpZ9EPT+gU5Y+OCymu42jvL7kGM3UhWtkCeV5fJa3T/3ofZp8CQIM Y/JgDY2wY2/fqplcIhhAWjaZ3X6Yq69TmP8beVg0qNWmKg9fETmksa9keaXxsQhC 5NG35RGcFoZ5JwZg6ilVykofnEc5HLyNiM5Nr/eiR3u5A5dpx3L7so22GjRfN9MK n8/qS9/5sBPoFMRbOzBmxCZfmhuQfIh+U1CtQ6obdVBXK6dcl7dXdadrzYhHLnQT nGeHMi7bBudHXtxFkl4zi0aD9T0wPTO61prr2MzkTtTvc6M2LFBGgk2AOfYl6lya l8hLFXGD5uLdh16xQCTzLYwID+8rlmkgtl6azuDou08x41tJxWdBxXdJKH8Chvk4 iMdowqnstOJgzbHjSKcAgESrymXZ3l2z6WM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFaTCCA1GgAwIBAgIUAT+TEsMuUCyaVmfUUPH8qfFwPsowDQYJKoZIhvcNAQEL BQAwRDEVMBMGA1UEAwwMTm8gQXV0aG9yaXR5MQswCQYDVQQGEwJGUjEOMAwGA1UE BwwFTnVsbGUxDjAMBgNVBAoMBU5vT3JnMB4XDTIzMTIwNjE4MTkyNloXDTMzMTIw NTE4MTkyNlowRDEVMBMGA1UEAwwMTm8gQXV0aG9yaXR5MQswCQYDVQQGEwJGUjEO MAwGA1UEBwwFTnVsbGUxDjAMBgNVBAoMBU5vT3JnMIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEAsyOMLV3OPFj5EA9L4fkE7UoM/FCIf77vl9J3s2FJ0hoe cDqHiaI7ede32wQ2qchxLa7F4Ug94JAUwfWRhZGWBuSzBdWmMMkoO2rjg3GffGY9 EUOCZoudYWXDnC3lTJ6ZMk7ArvtZ/ZVP/QzjOnFnXybBQkWSgJlki1IxMuUjYogS jJL9rzJak6mcHglPCJdcLxYDGF4UJUtWmnwbZ3c7v8qURT0QA3F3GFhzEP7kT291 /GDZ8Ndh0rM9eUcaUPyqIINUo0sd2b+MeRlBd1hQrEUtOLplqNINnEUJ2R9sbS0U RzVqg6KMGAVKlWVFtFXMdWpsKnTvbTGxtJj/Hg2bwFk/WlqYTurmXQWxdbn2pu+x bfRlkxDXQB2yczlxkV//ZU6b+2eV4eRVDV0v3YL7MMugsHql3F/VizcZoFjtXCke ZO4f3i2vv8vjG5Y/vboDj43gYcQQnf//2c8CgV9LcVczGml0LNph7i5sAWuSRHG4 SuF93eZapFeERegZo5P1nDQe1EGZ9wzYInabDf2D60Z4e+Hp6t+QggX5QGoa8+EF m5PRAkjGDW3599bOCaZXchdIpBtktdtAUIQXP7qGUy51S/ibEPtPxo9k0wKnyfnn jzUQ2HpTNEfFGm1wVfAYP7nLnSTBnG8cna/nKVv5aNLdweaVpmdDPjIbMXumV2kC AwEAAaNTMFEwHQYDVR0OBBYEFDUH72wRmRjy9j2Ux4NXb2vLvH8bMB8GA1UdIwQY MBaAFDUH72wRmRjy9j2Ux4NXb2vLvH8bMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI hvcNAQELBQADggIBABxNKAeW0XoVg3fF14P9p1Pgx8XagiK3zmheXGqltUuID778 1w0IaR3YOJ/lJTy5f8pClC5L4L38Xzk2PlPyMzGjqzw3xkodIV/Kxq8kRbGq0EI9 c1GkKuYzUtlMr8CzaBd90ulBxKPPCoSUPqBE85zW4YyDbduuDhcDuOuxEmfH6W7v Fz0tEynHsmMakz2He5cHiD7B6s1Qx4ZCmARJOVUP6lwf4C8NzB/HuCJufgqyKhVo DNiKxkP49YWVT0JyGFtbXWeNHBirMlRy3GvQfeEdzrlZHboBphowj7QnxJgqDf0m UuBD2NgdyC7LUwwC76j8Jw6VJdc2B91K8zvRtHReRCB36BD+z04umS/pir3eEab4 YlJ0K4UjrtGl2fHF3SIycsufmZGKCKZaFpFnYrrH2HzSQ7cR/7xrfO9vxBA7OMP2 bnkYdwEpKdaZpPR5+D03RCVmOQY/7Kh0+obMLruKszKrJ62F85sGNs9eKP3LzNWc JOCeJ00mArHpgVElR8GcpHDl8PCCDjhsU3rhXTOirrFC4TATSF9tmTz5u83gerTk Nu3y5nkwzv37kwNnsRVAPAxn1hoYbri0OOiR4IcRtqdAVTdLON8719lkb5Xl8ayx FAoeenbTGRYNCMdaOM5azdK6JuYwgnB0lDFPIZLyGB39MK2jXDFnPtCn6+Rg -----END CERTIFICATE-----
authority:global key
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,5E75AD367AEAE3E643716C3AC4ABCAA4 gU91CoIwD7uFffV1aCGc0BWLxUAHPHmkIs/gV+ZRbMB+4ASbbeGa0Hqlk3ealIGS WabaL4hthkeQNZ7/L+4jCOCmuV0VBBdG+RlkiC65opzhqrIgm5sffuoebwxRyu5P hvcIWlwu1+eRGz4FsUGOZt/+mdGrkaFvI+pQR6p3zjwhAPJTANSYftSENrbE//iL FM1j2PJtD/y4Ya3PG56Is/RgGz9ZOKb0qq/t8KArYKELi95g9peflxTe6zNpOyU9 CPPEl5soTNFjUI3UCfelPzBLh9IzriUelpV4lEvV7OeRREKERTmazAF0jQc3GMhR XpmgCuwQPYEBCTDxlHmDUkQWvq+jHzP935RYnGHXDiNF2xfWo/uHu+c1dFFNtVkh Cs1hWKbuh3/7dpk6Dxl42Ges9TbApVTWN7ddKr0NX66mN0Nj/t7sRVK2DO6bDbpe 3+ehhFglXiGDvDHDcDstoS/hOcYsS6UN6KQZtbKUHOUZ6wlDrOl4e6sq/WisYWZk 9ZV8O4E16/NAEzAK+U81pq08HFAHC0I9G4S3tXOtMwqU/dMF/yVAebnk770FQuxi VtxtQFald94aTEvHlR9hhodocb/CcdvikFGyrNJayzXNxN5P946oY/3lvPHji0EY Zt1xvHJ+7OH9/m+SQ463nN02a6wz9h/oeGS95pVspUipGBnZv3sKLXWRHZIQ891F CYjTr9I7S5NONzB1t2sfiw0MmJHVXBH5OGuP4d6JmgjIZ7mDfU/YdjBUhG6BNYzj rcZ/uLgHgxsOfbz2qUPo0w8aMhfUsUS2bVqxQuONsFSIpjVmzRsgUqoSkHe9LIAX Wm7JuRsgZa+qG0cI+a37qsw+U5dBNTxEHMnBpXvgKJ+hT4AgjId4J4zqFqcxHaCO 9xvwg1MT0xQ7DtVbO6BM97oQtiYJg2fX0Y2oQCWWqudfie5BcpaWsiV2rvSo+dQx 5xCYAHGb3H7jB7MFjo8zUmfNHVjY4WhlSpzufbZIssdLX+S410agcI+KoXfZeeq1 TSCXF9HjylpZJ+mFaf2435f1wB4lZ9z8EnyWr0zuZndBmBGPUmWReqb5QXPZ7iGP NxAEf22fJQw4xn51xRUu8OeNviLZALZQaNFQmjppNmkKM+huV1VPwkMQ7Whp7V30 Kn/ZWqBJbdS+rpz7VYDYsb3iRY44UFwZReJSOg7EQZTHxcE+lj7Oc3roaMxIP2oa MVC0VP+KUxXTnH/6weIl1o8psIFu2Ofnh8Hmh6SwiNKIi6TR1M4+YqRIfqYBqWDK wdgi77Nh/lwfPHSQAvfbFzm67u3tqo3PqY2s3IetOHW00g2JqzbAazpLNjZddD2i 3M06wHCxamRO4UNj15wJrFoJ3VqM87rLqYd81gcrNIhuXnDQuS+aG/xssLYpnJRz enSQbOWv0hxmJOSrYT8cw1EH8/ZgSUszOOFOmWoApuJOxh377M6vjZyM0CmbD64d n4ExxWbOwyK3/sRCtfh/QuQ2jQrWesizegmNUft1apQ2flylKMsyz40izauorABQ AYmcUGV0gWGtmIrFnlX0E80Egx8uGYs7eotglCVFUUeff53V7vnfQGJKYcAy5qNQ K6jAju/pXUdobbbbu/pQatgbPqHS3iB8BcBsVTQJXPvzR462xPmyozCcBgcFGBkZ jZ+uKGkFww2MkJUpYw/VHjhryh3/ZHJDm5w7d/Jw4HkqgP2Z27l4mxWYIrCS4O/M 9F0hH1e1Y7oX4Fuo8dM/Mx1gu6sWRUNz2cNFbKFF2auVbwfM60MkGNz6ax//WmGR /SdcPY9TLuFzK1Xd/opBjMUTA2+WQ1ipZKNKKBg17rgUj89Xkau4Cv7cc65YiGTd BpSPLy+yx8ve9RUBu1tr1zcJXRYXa19xnLrWJPJmvJJ8MLsOPW73jyFptM27Cy8e LgEn0PviSFN8Cm8jWZ8kgAOfsdA891i2Y7t50HOe743gcwgONY8RTQ1RwoHOuOWG RHlSFk3F6FSJnYGVfTs1vBEfm66Y6D8nV4rt9A873ptcIJZo9cywFnDedx2q5zEb Bxj+vNEaW2WI13qQ7+krMIlDlbqJ6jSogRv+M5ezY7kAWicBq15qug52TclF0oHv 5+xQobcZ+f7mpJ+uM4j0sGFY9/ydh58Q+rCYIzqVKmXHI7rHrgY3I6LOrdc0P3ce HmA+hm5hpNswLfUYsI+Zhu56fj92xMnGkCBMQKO5VlbRU4gKBcRJbfaMDCMiJ1YD 8SK5kmIsXmj8LhMFfWUSqtrL4OdjLRmo8D6dy7GUrSIaFI9G9kJXit1diNyIx8Gm 68M6nZSgWxtvF8YVVi1boRHIUaLH/UI231R/iHrI4hY+dsPvqZfKs4agE3fWhGw3 0edrduAmWeuqqP5zlQNOceZaNj0ekCMxdVunbHj/cKEG06LHaQIi0i9FGLrocdtm szY9NGOE78xIOAeH04QXArmZlxyWT/sXDF42ou2KKqM5UZ78PKIudCKuxH52EUyl N04Fb3g1s3YTf7h/5J6n+3O0kZjETwQo/WGkIIA4ARHPU81jkjezMyY1FTzMukb/ 5DXRc/7bvneyDkVn0LMzVmnN9V0gwkYe3RY0b8ut1xsIF8HC04tocfVu+B+ERjC8 LNAcPcrFwfqIJKDV/WPXOxhsguka+ZLtvxqPSNjRZcOaXP+Xus/BF1ENNOKVfoTy PM+AuLDtR4+dgDylguTDOy+tJ1WHoynJEi0jPnmleaqfEkDj2TrG+4NERM0lfD9d kw6Xljv6nAWya0s9VS1rM1DT5x9rhEfFj21Zneqvas1TDQ6zMAQWphuPcLdo3i82 Fc3FC0LCnQPfRi6efEg6axJMsJo3OS/Klz3mEgxcBssyxkmgVr0TuNC8BZoJ4HXs WBT32Ci26CGLPccuRwYcWsUSCVxFHElE8M782v957j6WIGFUL83dLtdt81NNLI2b /5rnoCURqWV5KXJ120PsevdVTMU0SAZqz/tlJcHxN11bFkvoyUdZ5u9SYNrDD5HK WkuIYSh9snHtOZWI74IPmQd1BbXf284XzIG0STHsoYuTuJ6Nwx2Z5viTkfQw02+U Y5Oyb81QTY1VCOZzwBR7XfZ5c3eFqsryVwzAxLRtpv3vnIEzvTx08B1y86QLDksO -----END RSA PRIVATE KEY----- -PASSWORD:specht77tok
of course... they also noted a password in the very same file... What was this police force, that they had to be so incompetent!? That's what I call sloppy work, mea Alpha-Squadron boys wouldn't have made such a mistake...