2017-05-11 17:57:22 +02:00
## This file contains a record of how some of the test data was
## generated. The final build products are committed to the repository
## as well to make sure that the test data is identical. You do not
## need to use this makefile unless you're extending mbed TLS's tests.
2017-05-05 18:56:12 +02:00
2017-05-11 17:57:22 +02:00
## Many data files were generated prior to the existence of this
## makefile, so the method of their generation was not recorded.
2017-05-05 18:56:12 +02:00
2017-05-11 17:57:22 +02:00
## Note that in addition to depending on the version of the data
## generation tool, many of the build outputs are randomized, so
## running this makefile twice would not produce the same results.
## Tools
OPENSSL ?= openssl
2017-06-05 10:20:32 +02:00
FAKETIME ?= faketime
2017-09-14 08:51:28 +02:00
MBEDTLS_CERT_WRITE ?= $( PWD) /../../programs/x509/cert_write
2018-09-26 11:51:16 +02:00
MBEDTLS_CERT_REQ ?= $( PWD) /../../programs/x509/cert_req
2017-05-11 17:57:22 +02:00
## Build the generated test data. Note that since the final outputs
## are committed to the repository, this target should do nothing on a
## fresh checkout. Furthermore, since the generation is randomized,
## re-running the same targets may result in differing files. The goal
## of this makefile is primarily to serve as a record of how the
## targets were generated in the first place.
2017-05-05 18:56:12 +02:00
default : all_final
all_intermediate := # temporary files
2017-09-26 17:21:19 +02:00
all_final := # files used by tests
2017-05-05 18:56:12 +02:00
2017-05-11 17:57:22 +02:00
################################################################
#### Generate certificates from existing keys
################################################################
2017-09-14 08:51:28 +02:00
test_ca_crt = test-ca.crt
2017-05-11 17:57:22 +02:00
test_ca_key_file_rsa = test-ca.key
test_ca_pwd_rsa = PolarSSLTest
test_ca_config_file = test-ca.opensslconf
2017-05-05 18:56:12 +02:00
test-ca.csr : $( test_ca_key_file_rsa ) $( test_ca_config_file )
2019-04-10 17:09:54 +02:00
$( MBEDTLS_CERT_REQ) filename = $( test_ca_key_file_rsa) password = $( test_ca_pwd_rsa) subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Test CA" output_file = $@
2017-05-05 18:56:12 +02:00
all_intermediate += test-ca.csr
2019-04-10 17:09:54 +02:00
test-ca.crt : $( test_ca_key_file_rsa )
$( MBEDTLS_CERT_WRITE) is_ca = 1 serial = 3 selfsign = 1 issuer_name = "C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20190210144400 not_after = 20290210144400 md = SHA1 version = 3 output_file = $@
all_final += test-ca.crt
2017-05-05 18:56:12 +02:00
test-ca-sha1.crt : $( test_ca_key_file_rsa ) $( test_ca_config_file ) test -ca .csr
$( OPENSSL) req -x509 -config $( test_ca_config_file) -key $( test_ca_key_file_rsa) -passin " pass: $( test_ca_pwd_rsa) " -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@
all_final += test-ca-sha1.crt
test-ca-sha256.crt : $( test_ca_key_file_rsa ) $( test_ca_config_file ) test -ca .csr
$( OPENSSL) req -x509 -config $( test_ca_config_file) -key $( test_ca_key_file_rsa) -passin " pass: $( test_ca_pwd_rsa) " -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@
all_final += test-ca-sha256.crt
2019-02-12 14:03:42 +01:00
test-ca_utf8.crt : $( test_ca_key_file_rsa )
$( OPENSSL) req -x509 -new -nodes -key $( test_ca_key_file_rsa) -passin " pass: $( test_ca_pwd_rsa) " -set_serial 3 -config $( test_ca_config_file) -sha1 -days 3653 -utf8 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
all_final += test-ca_utf8.crt
test-ca_printable.crt : $( test_ca_key_file_rsa )
$( OPENSSL) req -x509 -new -nodes -key $( test_ca_key_file_rsa) -passin " pass: $( test_ca_pwd_rsa) " -set_serial 3 -config $( test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
all_final += test-ca_printable.crt
test-ca_uppercase.crt : $( test_ca_key_file_rsa )
$( OPENSSL) req -x509 -new -nodes -key $( test_ca_key_file_rsa) -passin " pass: $( test_ca_pwd_rsa) " -set_serial 3 -config $( test_ca_config_file) -sha1 -days 3653 -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
all_final += test-ca_uppercase.crt
2017-07-03 18:06:38 +02:00
test_ca_key_file_rsa_alt = test-ca-alt.key
$(test_ca_key_file_rsa_alt) :
$( OPENSSL) genrsa -out $@ 2048
test-ca-alt.csr : $( test_ca_key_file_rsa_alt ) $( test_ca_config_file )
$( OPENSSL) req -new -config $( test_ca_config_file) -key $( test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
all_intermediate += test-ca-alt.csr
test-ca-alt.crt : $( test_ca_key_file_rsa_alt ) $( test_ca_config_file ) test -ca -alt .csr
$( OPENSSL) req -x509 -config $( test_ca_config_file) -key $( test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@
all_final += test-ca-alt.crt
test-ca-alt-good.crt : test -ca -alt .crt test -ca -sha 256.crt
cat test-ca-alt.crt test-ca-sha256.crt > $@
all_final += test-ca-alt-good.crt
test-ca-good-alt.crt : test -ca -alt .crt test -ca -sha 256.crt
cat test-ca-sha256.crt test-ca-alt.crt > $@
all_final += test-ca-good-alt.crt
2017-06-27 12:51:52 +02:00
test_ca_crt_file_ec = test-ca2.crt
test_ca_key_file_ec = test-ca2.key
2019-02-12 14:03:42 +01:00
test_ca_crt_cat12 = test-ca_cat12.crt
$(test_ca_crt_cat12) : $( test_ca_crt ) $( test_ca_crt_file_ec )
cat $( test_ca_crt) $( test_ca_crt_file_ec) > $@
all_final += $( test_ca_crt_cat12)
test_ca_crt_cat21 = test-ca_cat21.crt
$(test_ca_crt_cat21) : $( test_ca_crt ) $( test_ca_crt_file_ec )
cat $( test_ca_crt_file_ec) $( test_ca_crt) > $@
all_final += $( test_ca_crt_cat21)
Fix CA encoding issue with gnutls-cli
In the 2.7 branch, test-ca.crt has all the components of its Subject name
encoded as PrintableString, because it's generated with our cert_write
program, and our code writes all components that way until Mbed TLS 2.14.
But the default RSA SHA-256 certificate, server2-sha256.crt, has the O and CN
components of its Issuer name encoded as UTF8String, because it was generated
with OpenSSL and that's what OpenSSL does, regardless of how those components
were encoded in the CA's Subject name.
This triggers some overly strict behaviour in some libraries, most notably NSS
and GnuTLS (of interest to us in ssl-opt.sh) which won't recognize the trusted
root as a possible parent for the presented certificate, see for example:
https://github.com/ARMmbed/mbedtls/issues/1033
Fortunately, we have at our disposal a version of test-ca.crt with encodings
matching the ones in server2-sha256.crt, in the file test-ca_utf8.crt. So
let's append that to gnutls-cli's list of trusted roots, so that it recognizes
certs signed by this CA but with the O and CN components as UTF8String.
Note: Since https://github.com/ARMmbed/mbedtls/pull/1641 was merged (in Mbed
TLS 2.14), we changed how we encode those components, so in the 2.16 branch,
cert_write generates test-ca.crt with encodings that matches the ones used by
openssl when generating server2-sha256.crt, so the issue of gnutls-cli
rejecting server2-sha256.crt is specific to the 2.7 branch.
2020-02-03 15:37:47 +01:00
test_ca_crt_cat12u = test-ca_cat12u.crt
$(test_ca_crt_cat12u) : $( test_ca_crt ) $( test_ca_crt_file_ec )
cat $( test_ca_crt) $( test_ca_crt_file_ec) test-ca_utf8.crt > $@
all_final += $( test_ca_crt_cat12u)
2017-06-27 12:51:52 +02:00
test-int-ca.csr : test -int -ca .key $( test_ca_config_file )
$( OPENSSL) req -new -config $( test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
all_intermediate += test-int-ca.csr
2017-08-08 18:54:13 +02:00
test-int-ca-exp.crt : $( test_ca_crt_file_ec ) $( test_ca_key_file_ec ) $( test_ca_config_file ) test -int -ca .csr
2017-06-27 12:51:52 +02:00
$( FAKETIME) -f -3653d $( OPENSSL) x509 -req -extfile $( test_ca_config_file) -extensions v3_ca -CA $( test_ca_crt_file_ec) -CAkey $( test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
all_final += test-int-ca-exp.crt
2019-02-12 14:03:42 +01:00
enco-cert-utf8str.pem : rsa_pkcs 1_ 1024_clear .pem
$( MBEDTLS_CERT_WRITE) subject_key = rsa_pkcs1_1024_clear.pem subject_name = "CN=dw.yonan.net" issuer_crt = enco-ca-prstr.pem issuer_key = rsa_pkcs1_1024_clear.pem not_before = 20190210144406 not_after = 20290210144406 md = SHA1 version = 3 output_file = $@
2018-03-13 11:53:30 +01:00
crl-idp.pem : $( test_ca_crt ) $( test_ca_key_file_rsa ) $( test_ca_config_file )
$( OPENSSL) ca -gencrl -batch -cert $( test_ca_crt) -keyfile $( test_ca_key_file_rsa) -key $( test_ca_pwd_rsa) -config $( test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
2018-03-14 12:23:56 +01:00
all_final += crl-idp.pem
crl-idpnc.pem : $( test_ca_crt ) $( test_ca_key_file_rsa ) $( test_ca_config_file )
$( OPENSSL) ca -gencrl -batch -cert $( test_ca_crt) -keyfile $( test_ca_key_file_rsa) -key $( test_ca_pwd_rsa) -config $( test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
all_final += crl-idpnc.pem
2018-03-13 11:53:30 +01:00
2017-05-11 17:57:22 +02:00
cli_crt_key_file_rsa = cli-rsa.key
cli_crt_extensions_file = cli.opensslconf
2017-05-05 18:56:12 +02:00
cli-rsa.csr : $( cli_crt_key_file_rsa )
$( OPENSSL) req -new -key $( cli_crt_key_file_rsa) -passin " pass: $( test_ca_pwd_rsa) " -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@
all_intermediate += cli-rsa.csr
cli-rsa-sha1.crt : $( cli_crt_key_file_rsa ) test -ca -sha 1.crt cli -rsa .csr
$( OPENSSL) x509 -req -extfile $( cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $( test_ca_key_file_rsa) -passin " pass: $( test_ca_pwd_rsa) " -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@
all_final += cli-rsa-sha1.crt
cli-rsa-sha256.crt : $( cli_crt_key_file_rsa ) test -ca -sha 256.crt cli -rsa .csr
$( OPENSSL) x509 -req -extfile $( cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $( test_ca_key_file_rsa) -passin " pass: $( test_ca_pwd_rsa) " -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@
all_final += cli-rsa-sha256.crt
2017-05-09 15:59:24 +02:00
server2-rsa.csr : server 2.key
$( OPENSSL) req -new -key server2.key -passin " pass: $( test_ca_pwd_rsa) " -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
all_intermediate += server2-rsa.csr
2019-02-12 14:03:42 +01:00
server2.crt : server 2-rsa .csr
2019-04-10 17:09:54 +02:00
$( MBEDTLS_CERT_WRITE) request_file = server2-rsa.csr issuer_crt = test-ca-sha256.crt issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) serial = 4 not_before = 20190410141727 not_after = 20290410141727 md = SHA1 version = 3 output_file = $@
all_final += server2.crt
2017-05-09 15:59:24 +02:00
server2-sha256.crt : server 2-rsa .csr
2020-08-21 15:52:17 +02:00
$( MBEDTLS_CERT_WRITE) request_file = server2-rsa.csr serial = 2 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20190210144406 not_after = 20290210144406 md = SHA256 version = 3 output_file = $@
2017-05-09 15:59:24 +02:00
all_final += server2-sha256.crt
2017-06-05 10:20:32 +02:00
test_ca_int_rsa1 = test-int-ca.crt
server7.csr : server 7.key
$( OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
all_intermediate += server7.csr
server7-expired.crt : server 7.csr $( test_ca_int_rsa 1)
$( FAKETIME) -f -3653d $( OPENSSL) x509 -req -extfile $( cli_crt_extensions_file) -extensions cli-rsa -CA $( test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $( test_ca_int_rsa1) > $@
all_final += server7-expired.crt
server7-future.crt : server 7.csr $( test_ca_int_rsa 1)
$( FAKETIME) -f +3653d $( OPENSSL) x509 -req -extfile $( cli_crt_extensions_file) -extensions cli-rsa -CA $( test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $( test_ca_int_rsa1) > $@
all_final += server7-future.crt
2017-06-05 11:12:13 +02:00
server7-badsign.crt : server 7.crt $( test_ca_int_rsa 1)
{ head -n-2 server7.crt; tail -n-2 server7.crt | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/' ; cat test-int-ca.crt; } > server7-badsign.crt
all_final += server7-badsign.crt
2017-06-27 12:51:52 +02:00
server7_int-ca-exp.crt : server 7.crt test -int -ca -exp .crt
cat server7.crt test-int-ca-exp.crt > $@
all_final += server7_int-ca-exp.crt
server5-ss-expired.crt : server 5.key
$( FAKETIME) -f -3653d $( OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
all_final += server5-ss-expired.crt
2017-06-29 09:48:08 +02:00
# try to forge a copy of test-int-ca3 with different key
server5-ss-forgeca.crt : server 5.key
$( FAKETIME) '2015-09-01 14:08:43' $( OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $( test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
all_final += server5-ss-forgeca.crt
2020-07-23 12:39:53 +02:00
server5-tricky-ip-san.crt : server 5.key
$( OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $( test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
all_final += server5-tricky-ip-san.crt
2017-09-05 10:23:50 +02:00
################################################################
#### Generate various RSA keys
################################################################
### Password used for PKCS1-encoded encrypted RSA keys
keys_rsa_basic_pwd = testkey
### Password used for PKCS8-encoded encrypted RSA keys
keys_rsa_pkcs8_pwd = PolarSSLTest
### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
### all other encrypted RSA keys are derived.
2017-09-29 21:05:23 +02:00
rsa_pkcs1_1024_clear.pem :
2017-09-05 10:23:50 +02:00
$( OPENSSL) genrsa -out $@ 1024
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_1024_clear.pem
rsa_pkcs1_2048_clear.pem :
2017-09-05 10:23:50 +02:00
$( OPENSSL) genrsa -out $@ 2048
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_2048_clear.pem
rsa_pkcs1_4096_clear.pem :
2017-09-05 10:23:50 +02:00
$( OPENSSL) genrsa -out $@ 4096
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_4096_clear.pem
2017-09-05 10:23:50 +02:00
###
### PKCS1-encoded, encrypted RSA keys
###
### 1024-bit
2017-09-29 21:05:23 +02:00
rsa_pkcs1_1024_des.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -des -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_1024_des.pem
rsa_pkcs1_1024_3des.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -des3 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_1024_3des.pem
rsa_pkcs1_1024_aes128.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -aes128 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_1024_aes128.pem
rsa_pkcs1_1024_aes192.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -aes192 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_1024_aes192.pem
rsa_pkcs1_1024_aes256.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -aes256 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_1024_aes256.pem
keys_rsa_enc_basic_1024 : rsa_pkcs 1_ 1024_des .pem rsa_pkcs 1_ 1024_ 3des .pem rsa_pkcs 1_ 1024_aes 128.pem rsa_pkcs 1_ 1024_aes 192.pem rsa_pkcs 1_ 1024_aes 256.pem
2017-09-05 10:23:50 +02:00
# 2048-bit
2017-09-29 21:05:23 +02:00
rsa_pkcs1_2048_des.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -des -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_2048_des.pem
rsa_pkcs1_2048_3des.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -des3 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_2048_3des.pem
rsa_pkcs1_2048_aes128.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -aes128 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_2048_aes128.pem
rsa_pkcs1_2048_aes192.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -aes192 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_2048_aes192.pem
rsa_pkcs1_2048_aes256.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -aes256 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_2048_aes256.pem
keys_rsa_enc_basic_2048 : rsa_pkcs 1_ 2048_des .pem rsa_pkcs 1_ 2048_ 3des .pem rsa_pkcs 1_ 2048_aes 128.pem rsa_pkcs 1_ 2048_aes 192.pem rsa_pkcs 1_ 2048_aes 256.pem
2017-09-05 10:23:50 +02:00
# 4096-bit
2017-09-29 21:05:23 +02:00
rsa_pkcs1_4096_des.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -des -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_4096_des.pem
rsa_pkcs1_4096_3des.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -des3 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_4096_3des.pem
rsa_pkcs1_4096_aes128.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -aes128 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_4096_aes128.pem
rsa_pkcs1_4096_aes192.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -aes192 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_4096_aes192.pem
rsa_pkcs1_4096_aes256.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) rsa -aes256 -in $< -out $@ -passout " pass: $( keys_rsa_basic_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs1_4096_aes256.pem
keys_rsa_enc_basic_4096 : rsa_pkcs 1_ 4096_des .pem rsa_pkcs 1_ 4096_ 3des .pem rsa_pkcs 1_ 4096_aes 128.pem rsa_pkcs 1_ 4096_aes 192.pem rsa_pkcs 1_ 4096_aes 256.pem
2017-09-05 10:23:50 +02:00
###
### PKCS8-v1 encoded, encrypted RSA keys
###
### 1024-bit
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbe_sha1_1024_3des.der : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-3DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
rsa_pkcs8_pbe_sha1_1024_3des.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-3DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
keys_rsa_enc_pkcs8_v1_1024_3des : rsa_pkcs 8_pbe_sha 1_ 1024_ 3des .pem rsa_pkcs 8_pbe_sha 1_ 1024_ 3des .der
2017-09-05 10:23:50 +02:00
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbe_sha1_1024_2des.der : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-2DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
rsa_pkcs8_pbe_sha1_1024_2des.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-2DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
keys_rsa_enc_pkcs8_v1_1024_2des : rsa_pkcs 8_pbe_sha 1_ 1024_ 2des .pem rsa_pkcs 8_pbe_sha 1_ 1024_ 2des .der
2017-09-05 10:23:50 +02:00
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbe_sha1_1024_rc4_128.der : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-RC4-128
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
rsa_pkcs8_pbe_sha1_1024_rc4_128.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-RC4-128
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
keys_rsa_enc_pkcs8_v1_1024_rc4_128 : rsa_pkcs 8_pbe_sha 1_ 1024_rc 4_ 128.pem rsa_pkcs 8_pbe_sha 1_ 1024_rc 4_ 128.der
2017-09-05 10:23:50 +02:00
keys_rsa_enc_pkcs8_v1_1024 : keys_rsa_enc_pkcs 8_v 1_ 1024_ 3des keys_rsa_enc_pkcs 8_v 1_ 1024_ 2des keys_rsa_enc_pkcs 8_v 1_ 1024_rc 4_ 128
### 2048-bit
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbe_sha1_2048_3des.der : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-3DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
rsa_pkcs8_pbe_sha1_2048_3des.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-3DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
keys_rsa_enc_pkcs8_v1_2048_3des : rsa_pkcs 8_pbe_sha 1_ 2048_ 3des .pem rsa_pkcs 8_pbe_sha 1_ 2048_ 3des .der
2017-09-05 10:23:50 +02:00
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbe_sha1_2048_2des.der : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-2DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
rsa_pkcs8_pbe_sha1_2048_2des.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-2DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
keys_rsa_enc_pkcs8_v1_2048_2des : rsa_pkcs 8_pbe_sha 1_ 2048_ 2des .pem rsa_pkcs 8_pbe_sha 1_ 2048_ 2des .der
2017-09-05 10:23:50 +02:00
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbe_sha1_2048_rc4_128.der : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-RC4-128
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
rsa_pkcs8_pbe_sha1_2048_rc4_128.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-RC4-128
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
keys_rsa_enc_pkcs8_v1_2048_rc4_128 : rsa_pkcs 8_pbe_sha 1_ 2048_rc 4_ 128.pem rsa_pkcs 8_pbe_sha 1_ 2048_rc 4_ 128.der
2017-09-05 10:23:50 +02:00
keys_rsa_enc_pkcs8_v1_2048 : keys_rsa_enc_pkcs 8_v 1_ 2048_ 3des keys_rsa_enc_pkcs 8_v 1_ 2048_ 2des keys_rsa_enc_pkcs 8_v 1_ 2048_rc 4_ 128
### 4096-bit
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbe_sha1_4096_3des.der : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-3DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
rsa_pkcs8_pbe_sha1_4096_3des.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-3DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
keys_rsa_enc_pkcs8_v1_4096_3des : rsa_pkcs 8_pbe_sha 1_ 4096_ 3des .pem rsa_pkcs 8_pbe_sha 1_ 4096_ 3des .der
2017-09-05 10:23:50 +02:00
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbe_sha1_4096_2des.der : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-2DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
rsa_pkcs8_pbe_sha1_4096_2des.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-2DES
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
keys_rsa_enc_pkcs8_v1_4096_2des : rsa_pkcs 8_pbe_sha 1_ 4096_ 2des .pem rsa_pkcs 8_pbe_sha 1_ 4096_ 2des .der
2017-09-05 10:23:50 +02:00
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbe_sha1_4096_rc4_128.der : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-RC4-128
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
rsa_pkcs8_pbe_sha1_4096_rc4_128.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) " -topk8 -v1 PBE-SHA1-RC4-128
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
keys_rsa_enc_pkcs8_v1_4096_rc4_128 : rsa_pkcs 8_pbe_sha 1_ 4096_rc 4_ 128.pem rsa_pkcs 8_pbe_sha 1_ 4096_rc 4_ 128.der
2017-09-05 10:23:50 +02:00
keys_rsa_enc_pkcs8_v1_4096 : keys_rsa_enc_pkcs 8_v 1_ 4096_ 3des keys_rsa_enc_pkcs 8_v 1_ 4096_ 2des keys_rsa_enc_pkcs 8_v 1_ 4096_rc 4_ 128
###
2018-02-01 06:54:13 +01:00
### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1)
2017-09-05 10:23:50 +02:00
###
### 1024-bit
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbes2_pbkdf2_1024_3des.der : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
keys_rsa_enc_pkcs8_v2_1024_3des : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des .der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des .pem
2017-09-05 10:23:50 +02:00
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbes2_pbkdf2_1024_des.der : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
rsa_pkcs8_pbes2_pbkdf2_1024_des.pem : rsa_pkcs 1_ 1024_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
keys_rsa_enc_pkcs8_v2_1024_des : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des .der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des .pem
2017-09-05 10:23:50 +02:00
keys_rsa_enc_pkcs8_v2_1024 : keys_rsa_enc_pkcs 8_v 2_ 1024_ 3des keys_rsa_enc_pkcs 8_v 2_ 1024_des
### 2048-bit
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbes2_pbkdf2_2048_3des.der : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
keys_rsa_enc_pkcs8_v2_2048_3des : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des .der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des .pem
2017-09-05 10:23:50 +02:00
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbes2_pbkdf2_2048_des.der : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
rsa_pkcs8_pbes2_pbkdf2_2048_des.pem : rsa_pkcs 1_ 2048_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
keys_rsa_enc_pkcs8_v2_2048_des : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des .der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des .pem
2017-09-05 10:23:50 +02:00
keys_rsa_enc_pkcs8_v2_2048 : keys_rsa_enc_pkcs 8_v 2_ 2048_ 3des keys_rsa_enc_pkcs 8_v 2_ 2048_des
### 4096-bit
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbes2_pbkdf2_4096_3des.der : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
keys_rsa_enc_pkcs8_v2_4096_3des : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des .der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des .pem
2017-09-05 10:23:50 +02:00
2017-09-29 21:05:23 +02:00
rsa_pkcs8_pbes2_pbkdf2_4096_des.der : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
rsa_pkcs8_pbes2_pbkdf2_4096_des.pem : rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
$( OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
2017-09-29 21:05:23 +02:00
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
keys_rsa_enc_pkcs8_v2_4096_des : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des .der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des .pem
2017-09-05 10:23:50 +02:00
keys_rsa_enc_pkcs8_v2_4096 : keys_rsa_enc_pkcs 8_v 2_ 4096_ 3des keys_rsa_enc_pkcs 8_v 2_ 4096_des
2018-02-01 06:54:13 +01:00
###
### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224
###
### 1024-bit
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
keys_rsa_enc_pkcs8_v2_1024_3des_sha224 : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des_sha 224.der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des_sha 224.pem
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
keys_rsa_enc_pkcs8_v2_1024_des_sha224 : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des_sha 224.der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des_sha 224.pem
keys_rsa_enc_pkcs8_v2_1024_sha224 : keys_rsa_enc_pkcs 8_v 2_ 1024_ 3des_sha 224 keys_rsa_enc_pkcs 8_v 2_ 1024_des_sha 224
### 2048-bit
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
keys_rsa_enc_pkcs8_v2_2048_3des_sha224 : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des_sha 224.der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des_sha 224.pem
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
keys_rsa_enc_pkcs8_v2_2048_des_sha224 : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des_sha 224.der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des_sha 224.pem
keys_rsa_enc_pkcs8_v2_2048_sha224 : keys_rsa_enc_pkcs 8_v 2_ 2048_ 3des_sha 224 keys_rsa_enc_pkcs 8_v 2_ 2048_des_sha 224
### 4096-bit
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
keys_rsa_enc_pkcs8_v2_4096_3des_sha224 : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des_sha 224.der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des_sha 224.pem
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
keys_rsa_enc_pkcs8_v2_4096_des_sha224 : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des_sha 224.der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des_sha 224.pem
keys_rsa_enc_pkcs8_v2_4096_sha224 : keys_rsa_enc_pkcs 8_v 2_ 4096_ 3des_sha 224 keys_rsa_enc_pkcs 8_v 2_ 4096_des_sha 224
###
### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256
###
### 1024-bit
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
keys_rsa_enc_pkcs8_v2_1024_3des_sha256 : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des_sha 256.der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des_sha 256.pem
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
keys_rsa_enc_pkcs8_v2_1024_des_sha256 : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des_sha 256.der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des_sha 256.pem
keys_rsa_enc_pkcs8_v2_1024_sha256 : keys_rsa_enc_pkcs 8_v 2_ 1024_ 3des_sha 256 keys_rsa_enc_pkcs 8_v 2_ 1024_des_sha 256
### 2048-bit
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
keys_rsa_enc_pkcs8_v2_2048_3des_sha256 : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des_sha 256.der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des_sha 256.pem
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
keys_rsa_enc_pkcs8_v2_2048_des_sha256 : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des_sha 256.der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des_sha 256.pem
keys_rsa_enc_pkcs8_v2_2048_sha256 : keys_rsa_enc_pkcs 8_v 2_ 2048_ 3des_sha 256 keys_rsa_enc_pkcs 8_v 2_ 2048_des_sha 256
### 4096-bit
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
keys_rsa_enc_pkcs8_v2_4096_3des_sha256 : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des_sha 256.der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des_sha 256.pem
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
keys_rsa_enc_pkcs8_v2_4096_des_sha256 : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des_sha 256.der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des_sha 256.pem
keys_rsa_enc_pkcs8_v2_4096_sha256 : keys_rsa_enc_pkcs 8_v 2_ 4096_ 3des_sha 256 keys_rsa_enc_pkcs 8_v 2_ 4096_des_sha 256
###
### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384
###
### 1024-bit
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
keys_rsa_enc_pkcs8_v2_1024_3des_sha384 : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des_sha 384.der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des_sha 384.pem
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
keys_rsa_enc_pkcs8_v2_1024_des_sha384 : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des_sha 384.der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des_sha 384.pem
keys_rsa_enc_pkcs8_v2_1024_sha384 : keys_rsa_enc_pkcs 8_v 2_ 1024_ 3des_sha 384 keys_rsa_enc_pkcs 8_v 2_ 1024_des_sha 384
### 2048-bit
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
keys_rsa_enc_pkcs8_v2_2048_3des_sha384 : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des_sha 384.der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des_sha 384.pem
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
keys_rsa_enc_pkcs8_v2_2048_des_sha384 : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des_sha 384.der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des_sha 384.pem
keys_rsa_enc_pkcs8_v2_2048_sha384 : keys_rsa_enc_pkcs 8_v 2_ 2048_ 3des_sha 384 keys_rsa_enc_pkcs 8_v 2_ 2048_des_sha 384
### 4096-bit
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
keys_rsa_enc_pkcs8_v2_4096_3des_sha384 : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des_sha 384.der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des_sha 384.pem
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
keys_rsa_enc_pkcs8_v2_4096_des_sha384 : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des_sha 384.der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des_sha 384.pem
keys_rsa_enc_pkcs8_v2_4096_sha384 : keys_rsa_enc_pkcs 8_v 2_ 4096_ 3des_sha 384 keys_rsa_enc_pkcs 8_v 2_ 4096_des_sha 384
###
### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512
###
### 1024-bit
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
keys_rsa_enc_pkcs8_v2_1024_3des_sha512 : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des_sha 512.der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_ 3des_sha 512.pem
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem : rsa_pkcs 1_ 1024_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
keys_rsa_enc_pkcs8_v2_1024_des_sha512 : rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des_sha 512.der rsa_pkcs 8_pbes 2_pbkdf 2_ 1024_des_sha 512.pem
keys_rsa_enc_pkcs8_v2_1024_sha512 : keys_rsa_enc_pkcs 8_v 2_ 1024_ 3des_sha 512 keys_rsa_enc_pkcs 8_v 2_ 1024_des_sha 512
### 2048-bit
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
keys_rsa_enc_pkcs8_v2_2048_3des_sha512 : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des_sha 512.der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_ 3des_sha 512.pem
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem : rsa_pkcs 1_ 2048_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
keys_rsa_enc_pkcs8_v2_2048_des_sha512 : rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des_sha 512.der rsa_pkcs 8_pbes 2_pbkdf 2_ 2048_des_sha 512.pem
keys_rsa_enc_pkcs8_v2_2048_sha512 : keys_rsa_enc_pkcs 8_v 2_ 2048_ 3des_sha 512 keys_rsa_enc_pkcs 8_v 2_ 2048_des_sha 512
### 4096-bit
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
keys_rsa_enc_pkcs8_v2_4096_3des_sha512 : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des_sha 512.der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_ 3des_sha 512.pem
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem : rsa_pkcs 1_ 4096_clear .pem
$( OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout " pass: $( keys_rsa_pkcs8_pwd) "
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
keys_rsa_enc_pkcs8_v2_4096_des_sha512 : rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des_sha 512.der rsa_pkcs 8_pbes 2_pbkdf 2_ 4096_des_sha 512.pem
keys_rsa_enc_pkcs8_v2_4096_sha512 : keys_rsa_enc_pkcs 8_v 2_ 4096_ 3des_sha 512 keys_rsa_enc_pkcs 8_v 2_ 4096_des_sha 512
2017-09-05 10:23:50 +02:00
###
### Rules to generate all RSA keys from a particular class
###
### Generate basic unencrypted RSA keys
2017-09-29 21:05:23 +02:00
keys_rsa_unenc : rsa_pkcs 1_ 1024_clear .pem rsa_pkcs 1_ 2048_clear .pem rsa_pkcs 1_ 4096_clear .pem
2017-09-05 10:23:50 +02:00
### Generate PKCS1-encoded encrypted RSA keys
keys_rsa_enc_basic : keys_rsa_enc_basic_ 1024 keys_rsa_enc_basic_ 2048 keys_rsa_enc_basic_ 4096
### Generate PKCS8-v1 encrypted RSA keys
keys_rsa_enc_pkcs8_v1 : keys_rsa_enc_pkcs 8_v 1_ 1024 keys_rsa_enc_pkcs 8_v 1_ 2048 keys_rsa_enc_pkcs 8_v 1_ 4096
### Generate PKCS8-v2 encrypted RSA keys
2018-02-01 06:54:13 +01:00
keys_rsa_enc_pkcs8_v2 : keys_rsa_enc_pkcs 8_v 2_ 1024 keys_rsa_enc_pkcs 8_v 2_ 2048 keys_rsa_enc_pkcs 8_v 2_ 4096 keys_rsa_enc_pkcs 8_v 2_ 1024_sha 224 keys_rsa_enc_pkcs 8_v 2_ 2048_sha 224 keys_rsa_enc_pkcs 8_v 2_ 4096_sha 224 keys_rsa_enc_pkcs 8_v 2_ 1024_sha 256 keys_rsa_enc_pkcs 8_v 2_ 2048_sha 256 keys_rsa_enc_pkcs 8_v 2_ 4096_sha 256 keys_rsa_enc_pkcs 8_v 2_ 1024_sha 384 keys_rsa_enc_pkcs 8_v 2_ 2048_sha 384 keys_rsa_enc_pkcs 8_v 2_ 4096_sha 384 keys_rsa_enc_pkcs 8_v 2_ 1024_sha 512 keys_rsa_enc_pkcs 8_v 2_ 2048_sha 512 keys_rsa_enc_pkcs 8_v 2_ 4096_sha 512
2017-09-05 10:23:50 +02:00
### Generate all RSA keys
keys_rsa_all : keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs 8_v 1 keys_rsa_enc_pkcs 8_v 2
2017-05-09 15:59:24 +02:00
Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-02-16 22:11:04 +01:00
################################################################
#### Generate various EC keys
################################################################
###
### PKCS8 encoded
###
2017-11-28 17:30:52 +01:00
Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-02-16 22:11:04 +01:00
ec_prv.pk8.der :
$( OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER
all_final += ec_prv.pk8.der
# ### Instructions for creating `ec_prv.pk8nopub.der`,
# ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from
# ### `ec_prv.pk8.der`.
#
# These instructions assume you are familiar with ASN.1 DER encoding and can
# use a hex editor to manipulate DER.
#
# The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
#
# PrivateKeyInfo ::= SEQUENCE {
# version Version,
# privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
# privateKey PrivateKey,
# attributes [0] IMPLICIT Attributes OPTIONAL
# }
#
# AlgorithmIdentifier ::= SEQUENCE {
# algorithm OBJECT IDENTIFIER,
# parameters ANY DEFINED BY algorithm OPTIONAL
# }
#
# ECParameters ::= CHOICE {
# namedCurve OBJECT IDENTIFIER
# -- implicitCurve NULL
# -- specifiedCurve SpecifiedECDomain
# }
#
# ECPrivateKey ::= SEQUENCE {
# version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
# privateKey OCTET STRING,
# parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
# publicKey [1] BIT STRING OPTIONAL
# }
#
# `ec_prv.pk8.der` as generatde above by OpenSSL should have the following
# fields:
#
# * privateKeyAlgorithm namedCurve
# * privateKey.parameters NOT PRESENT
# * privateKey.publicKey PRESENT
# * attributes NOT PRESENT
#
# # ec_prv.pk8nopub.der
#
# Take `ec_prv.pk8.der` and remove `privateKey.publicKey`.
#
# # ec_prv.pk8nopubparam.der
#
# Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as
# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
#
# # ec_prv.pk8param.der
#
# Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as
# `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
ec_prv.pk8.pem : ec_prv .pk 8.der
$( OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8.pem
ec_prv.pk8nopub.pem : ec_prv .pk 8nopub .der
$( OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8nopub.pem
ec_prv.pk8nopubparam.pem : ec_prv .pk 8nopubparam .der
$( OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8nopubparam.pem
ec_prv.pk8param.pem : ec_prv .pk 8param .der
$( OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8param.pem
2017-11-28 17:30:52 +01:00
2018-09-26 11:51:16 +02:00
# server5*
# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
server5.req.ku.sha1 : server 5.key
$( MBEDTLS_CERT_REQ) output_file = $@ filename = $< key_usage = digital_signature,non_repudiation subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1" md = SHA1
all_final += server5.req.ku.sha1
################################################################
### Generate CSRs for X.509 write test suite
################################################################
server1.req.cert_type : server 1.key
$( MBEDTLS_CERT_REQ) output_file = $@ filename = $< ns_cert_type = ssl_server subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1" md = SHA1
all_final += server1.req.cert_type
server1.req.key_usage : server 1.key
$( MBEDTLS_CERT_REQ) output_file = $@ filename = $< key_usage = digital_signature,non_repudiation,key_encipherment subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1" md = SHA1
all_final += server1.req.key_usage
server1.req.ku-ct : server 1.key
$( MBEDTLS_CERT_REQ) output_file = $@ filename = $< key_usage = digital_signature,non_repudiation,key_encipherment ns_cert_type = ssl_server subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1" md = SHA1
all_final += server1.req.ku-ct
server1.req.key_usage_empty : server 1.key
$( MBEDTLS_CERT_REQ) output_file = $@ filename = $< subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1" md = SHA1 force_key_usage = 1
all_final += server1.req.key_usage_empty
server1.req.cert_type_empty : server 1.key
$( MBEDTLS_CERT_REQ) output_file = $@ filename = $< subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1" md = SHA1 force_ns_cert_type = 1
all_final += server1.req.cert_type_empty
2019-06-04 13:14:58 +02:00
###
### A generic SECP521R1 private key
###
secp521r1_prv.der :
$( OPENSSL) ecparam -genkey -name secp521r1 -noout -out secp521r1_prv.der
all_final += secp521r1_prv.der
2017-11-28 17:30:52 +01:00
################################################################
2017-09-14 08:51:28 +02:00
### Generate certificates for CRT write check tests
2017-11-28 17:30:52 +01:00
################################################################
2017-09-14 08:51:28 +02:00
### The test files use the Mbed TLS generated certificates server1*.crt,
### but for comparison with OpenSSL also rules for OpenSSL-generated
### certificates server1*.crt.openssl are offered.
###
### Known differences:
### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
### as unused bits, while Mbed TLS doesn't.
test_ca_server1_db = test-ca.server1.db
test_ca_server1_serial = test-ca.server1.serial
test_ca_server1_config_file = test-ca.server1.opensslconf
server1.csr : server 1.key server 1_csr .opensslconf
$( OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new
all_final += server1.csr
server1.crt : server 1.key server 1.csr $( test_ca_crt ) $( test_ca_key_file_rsa )
2019-02-12 14:03:42 +01:00
$( MBEDTLS_CERT_WRITE) request_file = server1.csr issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) version = 1 not_before = 20190210144406 not_after = 20290210144406 md = SHA1 version = 3 output_file = $@
2017-09-14 08:51:28 +02:00
server1.noauthid.crt : server 1.key server 1.csr $( test_ca_crt ) $( test_ca_key_file_rsa )
2019-02-12 14:03:42 +01:00
$( MBEDTLS_CERT_WRITE) request_file = server1.csr issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20190210144406 not_after = 20290210144406 md = SHA1 authority_identifier = 0 version = 3 output_file = $@
2017-09-14 08:51:28 +02:00
server1.der : server 1.crt
$( OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.crt server1.noauthid.crt server1.der
server1.key_usage.crt : server 1.key server 1.csr $( test_ca_crt ) $( test_ca_key_file_rsa )
2019-02-12 14:03:42 +01:00
$( MBEDTLS_CERT_WRITE) request_file = server1.csr issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) version = 1 not_before = 20190210144406 not_after = 20290210144406 md = SHA1 key_usage = digital_signature,non_repudiation,key_encipherment version = 3 output_file = $@
2017-09-14 08:51:28 +02:00
server1.key_usage_noauthid.crt : server 1.key server 1.csr $( test_ca_crt ) $( test_ca_key_file_rsa )
2019-02-12 14:03:42 +01:00
$( MBEDTLS_CERT_WRITE) request_file = server1.csr issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) version = 1 not_before = 20190210144406 not_after = 20290210144406 md = SHA1 key_usage = digital_signature,non_repudiation,key_encipherment authority_identifier = 0 version = 3 output_file = $@
2017-09-14 08:51:28 +02:00
server1.key_usage.der : server 1.key_usage .crt
$( OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
server1.cert_type.crt : server 1.key server 1.csr $( test_ca_crt ) $( test_ca_key_file_rsa )
2019-02-12 14:03:42 +01:00
$( MBEDTLS_CERT_WRITE) request_file = server1.csr issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) version = 1 not_before = 20190210144406 not_after = 20290210144406 md = SHA1 ns_cert_type = ssl_server version = 3 output_file = $@
2017-09-14 08:51:28 +02:00
server1.cert_type_noauthid.crt : server 1.key server 1.csr $( test_ca_crt ) $( test_ca_key_file_rsa )
2019-02-12 14:03:42 +01:00
$( MBEDTLS_CERT_WRITE) request_file = server1.csr issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) version = 1 not_before = 20190210144406 not_after = 20290210144406 md = SHA1 ns_cert_type = ssl_server authority_identifier = 0 version = 3 output_file = $@
2017-09-14 08:51:28 +02:00
server1.cert_type.der : server 1.cert_type .crt
$( OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
server1.v1.crt : server 1.key server 1.csr $( test_ca_crt ) $( test_ca_key_file_rsa )
2019-02-12 14:03:42 +01:00
$( MBEDTLS_CERT_WRITE) request_file = server1.csr issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) version = 1 not_before = 20190210144406 not_after = 20290210144406 md = SHA1 version = 1 output_file = $@
2017-09-14 08:51:28 +02:00
server1.v1.der : server 1.v 1.crt
$( OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.v1.crt server1.v1.der
2019-02-12 14:03:42 +01:00
server1_ca.crt : server 1.crt $( test_ca_crt )
cat server1.crt $( test_ca_crt) > $@
all_final += server1_ca.crt
cert_sha1.crt : server 1.key
$( MBEDTLS_CERT_WRITE) subject_key = server1.key subject_name = "C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1" serial = 7 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20190210144406 not_after = 20290210144406 md = SHA1 version = 3 output_file = $@
all_final += cert_sha1.crt
cert_sha224.crt : server 1.key
$( MBEDTLS_CERT_WRITE) subject_key = server1.key subject_name = "C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224" serial = 8 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20190210144406 not_after = 20290210144406 md = SHA224 version = 3 output_file = $@
all_final += cert_sha224.crt
cert_sha256.crt : server 1.key
$( MBEDTLS_CERT_WRITE) subject_key = server1.key subject_name = "C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256" serial = 9 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20190210144406 not_after = 20290210144406 md = SHA256 version = 3 output_file = $@
all_final += cert_sha256.crt
cert_sha384.crt : server 1.key
$( MBEDTLS_CERT_WRITE) subject_key = server1.key subject_name = "C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384" serial = 10 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20190210144406 not_after = 20290210144406 md = SHA384 version = 3 output_file = $@
all_final += cert_sha384.crt
cert_sha512.crt : server 1.key
$( MBEDTLS_CERT_WRITE) subject_key = server1.key subject_name = "C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512" serial = 11 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20190210144406 not_after = 20290210144406 md = SHA512 version = 3 output_file = $@
all_final += cert_sha512.crt
cert_example_wildcard.crt : server 1.key
$( MBEDTLS_CERT_WRITE) subject_key = server1.key subject_name = "C=NL, O=PolarSSL, CN=*.example.com" serial = 12 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20190210144406 not_after = 20290210144406 md = SHA1 version = 3 output_file = $@
all_final += cert_example_wildcard.crt
2017-09-14 08:51:28 +02:00
# OpenSSL-generated certificates for comparison
2017-09-13 16:39:59 +02:00
# Also provide certificates in DER format to allow
2017-09-14 08:51:28 +02:00
# direct binary comparison using e.g. dumpasn1
server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl : server 1.key server 1.csr $( test_ca_crt ) $( test_ca_key_file_rsa ) $( test_ca_server 1_config_file )
echo "01" > $( test_ca_server1_serial)
rm -f $( test_ca_server1_db)
touch $( test_ca_server1_db)
$( OPENSSL) ca -batch -passin " pass: $( test_ca_pwd_rsa) " -config $( test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@ .v3_ext -out $@
server1.der.openssl : server 1.crt .openssl
$( OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
server1.key_usage.der.openssl : server 1.key_usage .crt .openssl
$( OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
server1.cert_type.der.openssl : server 1.cert_type .crt .openssl
$( OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
server1.v1.crt.openssl : server 1.key server 1.csr $( test_ca_crt ) $( test_ca_key_file_rsa ) $( test_ca_server 1_config_file )
echo "01" > $( test_ca_server1_serial)
rm -f $( test_ca_server1_db)
touch $( test_ca_server1_db)
$( OPENSSL) ca -batch -passin " pass: $( test_ca_pwd_rsa) " -config $( test_ca_server1_config_file) -in server1.csr -out $@
server1.v1.der.openssl : server 1.v 1.crt .openssl
$( OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
2019-02-06 17:48:37 +01:00
crl.pem : $( test_ca_crt ) $( test_ca_key_file_rsa ) $( test_ca_config_file )
$( OPENSSL) ca -gencrl -batch -cert $( test_ca_crt) -keyfile $( test_ca_key_file_rsa) -key $( test_ca_pwd_rsa) -config $( test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
2020-06-15 17:03:13 +02:00
crl-futureRevocationDate.pem : $( test_ca_crt ) $( test_ca_key_file_rsa ) $( test_ca_config_file ) test -ca .server 1.future -crl .db test -ca .server 1.future -crl .opensslconf
$( FAKETIME) '2028-12-31' $( OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin " pass: $( test_ca_pwd_rsa) " -out $@
server1_all : crl .pem crl -futureRevocationDate .pem server 1.csr server 1.crt server 1.noauthid .crt server 1.crt .openssl server 1.v 1.crt server 1.v 1.crt .openssl server 1.key_usage .crt server 1.key_usage_noauthid .crt server 1.key_usage .crt .openssl server 1.cert_type .crt server 1.cert_type_noauthid .crt server 1.cert_type .crt .openssl server 1.der server 1.der .openssl server 1.v 1.der server 1.v 1.der .openssl server 1.key_usage .der server 1.key_usage .der .openssl server 1.cert_type .der server 1.cert_type .der .openssl
2019-02-06 17:48:37 +01:00
# To revoke certificate in the openssl database:
#
# $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha256 -crldays 365 -revoke server1.crt
2017-05-11 17:57:22 +02:00
2019-06-03 15:14:04 +02:00
# MD2, MD4, MD5 test certificates
2017-11-28 17:30:52 +01:00
2019-06-03 15:14:04 +02:00
cert_md_test_key = $( cli_crt_key_file_rsa)
cert_md2.csr : $( cert_md_test_key )
$( MBEDTLS_CERT_REQ) output_file = $@ filename = $< subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Cert MD2" md = MD2
all_intermediate += cert_md2.csr
cert_md2.crt : cert_md 2.csr
2019-06-03 15:14:38 +02:00
$( MBEDTLS_CERT_WRITE) request_file = $< serial = 9 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20000101121212 not_after = 20300101121212 md = MD2 version = 3 output_file = $@
2019-06-03 15:14:04 +02:00
all_final += cert_md2.crt
cert_md4.csr : $( cert_md_test_key )
$( MBEDTLS_CERT_REQ) output_file = $@ filename = $< subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Cert MD4" md = MD4
all_intermediate += cert_md4.csr
cert_md4.crt : cert_md 4.csr
2019-06-03 15:14:38 +02:00
$( MBEDTLS_CERT_WRITE) request_file = $< serial = 5 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20000101121212 not_after = 20300101121212 md = MD4 version = 3 output_file = $@
2019-06-03 15:14:04 +02:00
all_final += cert_md4.crt
cert_md5.csr : $( cert_md_test_key )
$( MBEDTLS_CERT_REQ) output_file = $@ filename = $< subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md = MD5
all_intermediate += cert_md5.csr
cert_md5.crt : cert_md 5.csr
2019-06-03 15:14:38 +02:00
$( MBEDTLS_CERT_WRITE) request_file = $< serial = 6 issuer_crt = $( test_ca_crt) issuer_key = $( test_ca_key_file_rsa) issuer_pwd = $( test_ca_pwd_rsa) not_before = 20000101121212 not_after = 20300101121212 md = MD5 version = 3 output_file = $@
2019-06-03 15:14:04 +02:00
all_final += cert_md5.crt
2017-11-28 17:30:52 +01:00
2017-05-11 17:57:22 +02:00
################################################################
#### Meta targets
################################################################
2017-05-05 18:56:12 +02:00
all_final : $( all_final )
all : $( all_intermediate ) $( all_final )
2017-11-28 17:30:52 +01:00
.PHONY : default all_final all
.PHONY : keys_rsa_all
.PHONY : keys_rsa_unenc keys_rsa_enc_basic
.PHONY : keys_rsa_enc_pkcs 8_v 1 keys_rsa_enc_pkcs 8_v 2
.PHONY : keys_rsa_enc_basic_ 1024 keys_rsa_enc_basic_ 2048 keys_rsa_enc_basic_ 4096
.PHONY : keys_rsa_enc_pkcs 8_v 1_ 1024 keys_rsa_enc_pkcs 8_v 2_ 1024
.PHONY : keys_rsa_enc_pkcs 8_v 1_ 2048 keys_rsa_enc_pkcs 8_v 2_ 2048
.PHONY : keys_rsa_enc_pkcs 8_v 1_ 4096 keys_rsa_enc_pkcs 8_v 2_ 4096
.PHONY : server 1_all
2017-05-11 17:57:22 +02:00
2017-05-05 18:56:12 +02:00
# These files should not be committed to the repository.
list_intermediate :
@printf '%s\n' $( all_intermediate) | sort
# These files should be committed to the repository so that the test data is
# available upon checkout without running a randomized process depending on
# third-party tools.
list_final :
@printf '%s\n' $( all_final) | sort
2017-05-11 17:57:22 +02:00
.PHONY : list_intermediate list_final
2017-05-05 18:56:12 +02:00
2017-05-11 17:57:22 +02:00
## Remove intermediate files
2017-05-05 18:56:12 +02:00
clean :
rm -f $( all_intermediate)
2017-05-11 17:57:22 +02:00
## Remove all build products, even the ones that are committed
2017-05-05 18:56:12 +02:00
neat : clean
rm -f $( all_final)
2017-05-11 17:57:22 +02:00
.PHONY : clean neat