openssl3.2/test/certs - 074 - CT entry

2024-01-27 22:44
文章标签 test entry ct 074 certs openssl3.2

本文主要是介绍openssl3.2/test/certs - 074 - CT entry,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

文章目录

    • openssl3.2/test/certs - 074 - CT entry
    • 概述
    • 笔记
    • setup074.sh
    • setup074_sc1.sh
    • setup074_sc2.sh
    • setup074_sc3.sh
    • END

openssl3.2/test/certs - 074 - CT entry

概述

openssl3.2 - 官方demo学习 - test - certs

笔记

setup074.sh

#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc1
openssl -v
./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key# sc2
openssl -v
OPENSSL_SIGALG= OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" root-ed448-key root-ed448-cert# sc3
openssl -v
OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert

官方脚本报错, 分为3个小脚本做实验

setup074_sc1.sh

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\074\my_openssl_linux_doc_074_sc1.txt
* \note 
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc1
openssl -v
./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
// cfg_exp074_sc1_cmd1.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.exampleopenssl req -new -sha256 -key embeddedSCTs1-key.pem -config cfg_exp074_sc1_cmd1.txt -out req_exp074_sc1_cmd1.pem// cmd 2
// cfg_exp074_sc1_cmd2.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.3 = critical,ASN1:NULL
subjectAltName = @alts
[alts]
DNS=server.example// ok
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile cfg_exp074_sc1_cmd2.txt -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -in req_exp074_sc1_cmd1.pem// cmd 3
// cfg_exp074_sc1_cmd3.txt
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.2 = ASN1:FORMAT:HEX,OCT:00780076subjectAltName = @alts
DNS=server.example
[alts]// err
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile cfg_exp074_sc1_cmd3.txt -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -in req_exp074_sc1_cmd1.pem报错如下:
Error checking extension section default
88140400:error:07800066:common libcrypto routines:hexstr2buf_sep:illegal hex digit:crypto\o_str.c:158:
88140400:error:068000B2:asn1 encoding routines:asn1_str2type:illegal hex:crypto\asn1\asn1_gen.c:696:string=00780076subjectAltName = @alts
88140400:error:11000074:X509 V3 routines:v3_generic_extension:extension value error:crypto\x509\v3_conf.c:260:value=FORMAT:HEX,OCT:00780076subjectAltName = @alts原因 [alts]节中是空的, 没写内容// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------openssl -v 
openssl req -new -sha256 -key embeddedSCTs1-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = server.example
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile /dev/fd/63 -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtsubjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.3 = critical,ASN1:NULL
subjectAltName = @alts
[alts]
DNS=server.example
openssl x509 -req -sha256 -out embeddedSCTs1.pem -extfile /dev/fd/63 -CA embeddedSCTs1_issuer.pem -CAkey embeddedSCTs1_issuer-key.pem -set_serial 2 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtsubjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:false
extendedKeyUsage = serverAuth
1.3.6.1.4.1.11129.2.4.2 = ASN1:FORMAT:HEX,OCT:00780076subjectAltName = @alts
DNS=server.example
[alts]

setup074_sc2.sh

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\074\my_openssl_linux_doc_074_sc2.txt
* \note 
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc2
openssl -v
OPENSSL_SIGALG= OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" root-ed448-key root-ed448-cert// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm ed448 -out root-ed448-key.pem // cmd 2
// cfg_exp074_sc2_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root Ed448openssl req -new -sha256 -key root-ed448-key.pem -config cfg_exp074_sc2_cmd2.txt -out req_exp074_sc2_cmd2.pem// cmd 3
// cfg_exp074_sc2_cmd3.txt
basicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyidopenssl x509 -req -sha256 -out root-ed448-cert.pem -extfile cfg_exp074_sc2_cmd3.txt -signkey root-ed448-key.pem -set_serial 1 -days 36525 -in req_exp074_sc2_cmd2.pem// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------
openssl genpkey -algorithm ed448 -out root-ed448-key.pem 
openssl req -new -sha256 -key root-ed448-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = Root Ed448
openssl x509 -req -sha256 -out root-ed448-cert.pem -extfile /dev/fd/63 -signkey root-ed448-key.pem -set_serial 1 -days 36525 -extfile /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtbasicConstraints = critical,CA:true
keyUsage = keyCertSign,cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid

setup074_sc3.sh

/*!
* \file D:\my_dev\my_local_git_prj\study\openSSL\test_certs\074\my_openssl_linux_doc_074_sc3.txt
* \note 
*/// --------------------------------------------------------------------------------
// official bash script
// --------------------------------------------------------------------------------
#! /bin/bash# \file setup074.sh# openssl3.2/test/certs - 074 - CT entry# sc3
openssl -v
OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert// --------------------------------------------------------------------------------
// openssl cmd line parse
// --------------------------------------------------------------------------------
// cmd 1
openssl genpkey -algorithm ed448 -out server-ed448-key.pem // cmd 2
// cfg_exp074_sc3_cmd2.txt
string_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = ed448// 这里只生成了一个证书请求, 这是干啥?
openssl req -new -ED448 -key server-ed448-key.pem -config cfg_exp074_sc3_cmd2.txt// 报错 : req: Unknown option or message digest: ED448
// 官方脚本单独运行, 是看不到任何报错信息的.// --------------------------------------------------------------------------------
// openssl log
// --------------------------------------------------------------------------------
openssl genpkey -algorithm ed448 -out server-ed448-key.pem 
openssl req -new -ED448 -key server-ed448-key.pem -config /dev/fd/63 -config /dev/fd/63 => /home/lostspeed/openssl/openssl-3.2.0_debian/test/certs/my_openssl_linux_log.txtstring_mask=utf8only
[req]
prompt = no
distinguished_name = dn
[dn]
CN = ed448

END

这篇关于openssl3.2/test/certs - 074 - CT entry的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/651702

相关文章

论文翻译:ICLR-2024 PROVING TEST SET CONTAMINATION IN BLACK BOX LANGUAGE MODELS

论文翻译:ICLR-2024 PROVING TEST SET CONTAMINATION IN BLACK BOX LANGUAGE MODELS

PROVING TEST SET CONTAMINATION IN BLACK BOX LANGUAGE MODELS https://openreview.net/forum?id=KS8mIvetg2 验证测试集污染在黑盒语言模型中 文章目录 验证测试集污染在黑盒语言模型中摘要1 引言 摘要 大型语言模型是在大量互联网数据上训练的,这引发了人们的担忧和猜测,即它们可能已
阅读更多...
Golang test编译使用

Golang test编译使用

创建文件my_test.go package testsimport "testing"func TestMy(t *testing.T) {t.Log("TestMy")} 通常用法: $ go test -v -run TestMy my_test.go=== RUN TestMyTestMy: my_test.go:6: TestMy--- PASS: TestMy (0.
阅读更多...
JavaScript正则表达式六大利器:`test`、`exec`、`match`、`matchAll`、`search`与`replace`详解及对比

JavaScript正则表达式六大利器:`test`、`exec`、`match`、`matchAll`、`search`与`replace`详解及对比

在JavaScript中,正则表达式(Regular Expression)是一种用于文本搜索、替换、匹配和验证的强大工具。本文将深入解析与正则表达式相关的几个主要执行方法:test、exec、match、matchAll、search和replace,并对它们进行对比,帮助开发者更好地理解这些方法的使用场景和差异。 正则表达式基础 在深入解析方法之前,先简要回顾一下正则表达式的基础知识。正则
阅读更多...
mybatis if test 之 0当做参数传入出问题

mybatis if test 之 0当做参数传入出问题

首先前端传入了参数 if(StringUtils.isNotBlank(status)){requestParam.setProperty("status", Integer.parseInt(status));}List<SuperPojo> applicationList = groupDao.getApplicationListByReviewStatusAndMember(req
阅读更多...
js正则表达式test方法的问题

js正则表达式test方法的问题

今天在网上碰到一个帖子,写了一个关于Regex的奇怪现象,(文章来源http://www.php100.com/html/webkaifa/javascript/2007/0109/1866.html) 代码如下 <script type="text/javascript"><!--var re = /^\d+(?:\.\d)?$/ig; alert(re.test('112.3'
阅读更多...
c:if test=/c:if如何判断空(使用例子)

c:if test=/c:if如何判断空(使用例子)

userName是登录的时候放到session中了 <c:if test="${ not empty userName }">这表示userName判断不为null `<c:if test="${empty userName }"> ` 这表示userName判断为null 使用案例 <c:if test="${ not empty userName }"><ul><li><a
阅读更多...
[UVM]6.component driver monitor sequencer agent scoreboard env test

[UVM]6.component driver monitor sequencer agent scoreboard env test

1.知识点回顾 (1)component需要有parent,因为参加构成组件,所以需要(继承); (2)object与component之间间隔report_object。 2.组件家族 (1)构建寄存器模型 :uvm_reg_predictor;激励器:driver/random_stimulus/sequencer_base/sequencer;监测器:monitor;
阅读更多...
shell脚本编写之test命令

shell脚本编写之test命令

test命令用于测试某个条件是否成立,它可以进行数值、字符和文件三个方面的测试。 在shell文件中输入命令,通过特定的参数可以对数值、字符串进行比较,如下参数及示例。 1、数值比较参数 举例,在myshell.sh脚本中加入如下内容,将两个变量值进行比较: 执行结果: 2、字符串比较参数 举例,在myshell.sh中添加如下内容,进行变量值比较: 执行结果如下
阅读更多...
3D Deeply Supervised Network for Automatic Liver Segmentation from CT Volumes

3D Deeply Supervised Network for Automatic Liver Segmentation from CT Volumes

下面博主详细翻译了该篇论文,可以当做详尽的参考,并认真学习。 【参考】论文笔记:3D Deeply Supervised Network for Automatic Liver Segmentation from CT 数据集: MICCAI-SLiver07[1] 数据预处理: 作者没有讲数据预处理的过程。 CRF 轮廓精细修正: 参考上述博主博客。 参考文献: [1]Heimann,
阅读更多...
Liver Segmentation in CT based on ResUNet with 3D Probabilistic and Geometric Post Process

Liver Segmentation in CT based on ResUNet with 3D Probabilistic and Geometric Post Process

一、摘要 本文提出了使用具有3D概率和几何后期处理功能的ResUNet的新型肝分割框架。 我们的语义分割模型ResUNet在U-Net的上采样和下采样部分添加了残差单元和批处理规范化层,以构建更深的网络。 为了快速收敛,我们提出了一种新的损失函数DCE,该函数由Dice损失和交叉熵损失线性组合。 我们使用连续的几个CT图像作为训练和测试的输入,以探索更多的上下文信息。 基于ResUNet的初始分割
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2