-
Notifications
You must be signed in to change notification settings - Fork 71
/
oqsprovider-cmssign.sh
executable file
·33 lines (26 loc) · 1.21 KB
/
oqsprovider-cmssign.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/bin/bash
# Use newly built oqsprovider to generate CMS signed files for alg $1
# Assumes .local to contain openssl(3) and oqsprovider to be in _build folder
# Assumed oqsprovider-certgen.sh to have run before for same algorithm
# uncomment to see what's happening:
# set -x
if [ $# -ne 1 ]; then
echo "Usage: $0 <algorithmname>. Exiting."
exit 1
fi
# Assumes certgen has been run before: Quick check
if [ -f tmp/$1_CA.crt ]; then
echo "Sometext to sign" > tmp/inputfile
else
echo "File tmp/$1_CA.crt not found. Did certgen run before? Exiting."
exit -1
fi
export OPENSSL_MODULES=_build/oqsprov
export LD_LIBRARY_PATH=.local/lib64
.local/bin/openssl x509 -provider oqsprovider -provider default -in tmp/$1_srv.crt -pubkey -noout > tmp/$1_srv.pubkey && .local/bin/openssl cms -in tmp/inputfile -sign -signer tmp/$1_srv.crt -inkey tmp/$1_srv.key -nodetach -outform pem -binary -out tmp/signedfile.cms -md sha512 -provider oqsprovider -provider default
if [ $? -eq 0 ]; then
# run internal test:
.local/bin/openssl cms -verify -CAfile tmp/$1_CA.crt -inform pem -in tmp/signedfile.cms -crlfeol -out tmp/signeddatafile -provider oqsprovider -provider default && diff tmp/signeddatafile tmp/inputfile
else
exit -1
fi