#!/bin/sh # # Generate an X.509 certificate and stuff that into a key, then generate a # PKCS#7 cert from that over some random data and stuff that into a key. # # Format: # # x509-stuffer.sh [] # file=/tmp/x509cert if [ "$1" != "" ] then file=$1 fi cd /tmp sync while true do openssl req -new -x509 -outform PEM -keyout $file.pem -nodes -subj "/CN=GB/O=Red Hat/OU=Magrathea/CN=Slartibartfast" -out $file.x509 || exit $? openssl x509 -in $file.x509 -inform PEM -outform DER >$file.x509.asn1 || exit $? keyctl padd asymmetric bar @s <$file.x509.asn1 || exit $? n=$RANDOM if [ $n -lt 10 ]; then n=10; fi dd if=/dev/urandom of=$file.stuff bs=$n count=1 openssl smime -sign -inkey $file.pem -signer $file.x509 -keyform PEM \ -in $file.stuff -out $file.pkcs7 -binary -outform DER || exit $? keyctl padd asymmetric baz @s <$file.pkcs7 done