Simple example of ACERT (Attribute Certificate) support with wolfSSL compat layer, and OpenSSL.
Supports:
- printing
- signing (openssl only)
- verifying
Based on this example:
Building wolfSSL: Build wolfSSL with
./configure --enable-acert --enable-opensslextra --enable-rsapss
make
make installBuilding OpenSSL: At the time of writing this README, attribute cert support requires openssl master. Clone and build openssl with:
git clone https://github.com/openssl/openssl.git --depth=1 || exit 1
cd openssl || exit 1
./Configure || exit 1
make || exit 1
sudo make installBuild the wolfssl example with:
make wolfssl_acertBuild the openssl example with:
make wolfssl_acertNote: you may need to use this script to set your environment
$ source set_env
info: using env: /usr/local/lib64/:/usr/local/lib/$./wolfssl_acert -f acerts/acert.pem -k acerts/acert_pubkey.pem
info: using acert file: acerts/acert.pem
info: using pubkey file: acerts/acert_pubkey.pem
info: PEM_read_bio_X509_ACERT: good
info: acert version: 1
info: PEM_read_bio_PUBKEY: good
info: X509_ACERT_verify: good
info: acert_do_test: good
success- Use
certs/acert.pemas input-f, and generate new keys and sign-s, use RSA-PSS-r, and write to file-w:
$./openssl_acert -f certs/acert.pem -srw
info: using acert file: certs/acert.pem
info: using rsa_pss
info: using mdname: SHA2-256
info: using mask alg: mgf1 with SHA1
info: PEM_read_bio_X509_ACERT: good
info: acert version: 1
info: X509_ACERT_sign: good
info: wrote acert to file: acert_new.pem
info: wrote pubkey to file: pkey_new.pem
info: X509_ACERT_verify: good
info: acert_do_test: good
success- Finally, test wolfssl verify using newly generated
acert_new.pemandpkey_new.pem:
$./wolfssl_acert -f acert_new.pem -k pkey_new.pem
info: using acert file: acert_new.pem
info: using pubkey file: pkey_new.pem
info: PEM_read_bio_X509_ACERT: good
info: acert version: 1
info: PEM_read_bio_PUBKEY: good
info: X509_ACERT_verify: good
info: acert_do_test: good
success