1 ## This file contains a record of how some of the test data was
2 ## generated. The final build products are committed to the repository
3 ## as well to make sure that the test data is identical. You do not
4 ## need to use this makefile unless you're extending mbed TLS's tests.
6 ## Many data files were generated prior to the existence of this
7 ## makefile, so the method of their generation was not recorded.
9 ## Note that in addition to depending on the version of the data
10 ## generation tool, many of the build outputs are randomized, so
11 ## running this makefile twice would not produce the same results.
16 MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
17 MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req
20 ## Build the generated test data. Note that since the final outputs
21 ## are committed to the repository, this target should do nothing on a
22 ## fresh checkout. Furthermore, since the generation is randomized,
23 ## re-running the same targets may result in differing files. The goal
24 ## of this makefile is primarily to serve as a record of how the
25 ## targets were generated in the first place.
28 all_intermediate := # temporary files
29 all_final := # files used by tests
33 ################################################################
34 #### Generate certificates from existing keys
35 ################################################################
37 test_ca_crt = test-ca.crt
38 test_ca_key_file_rsa = test-ca.key
39 test_ca_pwd_rsa = PolarSSLTest
40 test_ca_config_file = test-ca.opensslconf
42 test-ca.req.sha256: $(test_ca_key_file_rsa)
43 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
44 all_intermediate += test-ca.req.sha256
46 test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
47 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
48 test-ca.der: test-ca.crt
49 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
50 all_final += test-ca.crt test-ca.der
52 test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
53 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
54 all_final += test-ca-sha1.crt
56 test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
57 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA256 version=3 output_file=$@
58 all_final += test-ca-sha256.crt
60 test_ca_key_file_rsa_alt = test-ca-alt.key
62 $(test_ca_key_file_rsa_alt):
63 $(OPENSSL) genrsa -out $@ 2048
64 test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
65 $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
66 all_intermediate += test-ca-alt.csr
67 test-ca-alt.crt: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) test-ca-alt.csr
68 $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa_alt) -set_serial 0 -days 3653 -sha256 -in test-ca-alt.csr -out $@
69 all_final += test-ca-alt.crt
70 test-ca-alt-good.crt: test-ca-alt.crt test-ca-sha256.crt
71 cat test-ca-alt.crt test-ca-sha256.crt > $@
72 all_final += test-ca-alt-good.crt
73 test-ca-good-alt.crt: test-ca-alt.crt test-ca-sha256.crt
74 cat test-ca-sha256.crt test-ca-alt.crt > $@
75 all_final += test-ca-good-alt.crt
77 test_ca_crt_file_ec = test-ca2.crt
78 test_ca_key_file_ec = test-ca2.key
80 test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
81 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
82 all_final += test-ca-any_policy.crt
84 test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
85 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
86 all_final += test-ca-any_policy_ec.crt
88 test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
89 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
90 all_final += test-ca-any_policy_with_qualifier.crt
92 test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
93 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
94 all_final += test-ca-any_policy_with_qualifier_ec.crt
96 test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
97 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
98 all_final += test-ca-multi_policy.crt
100 test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
101 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
102 all_final += test-ca-multi_policy_ec.crt
104 test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
105 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
106 all_final += test-ca-unsupported_policy.crt
108 test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
109 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
110 all_final += test-ca-unsupported_policy_ec.crt
112 test-ca.req_ec.sha256: $(test_ca_key_file_ec)
113 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
114 all_intermediate += test-ca.req_ec.sha256
116 test_ca_crt_cat12 = test-ca_cat12.crt
117 $(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
118 cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
119 all_final += $(test_ca_crt_cat12)
121 test_ca_crt_cat21 = test-ca_cat21.crt
122 $(test_ca_crt_cat21): $(test_ca_crt) $(test_ca_crt_file_ec)
123 cat $(test_ca_crt_file_ec) $(test_ca_crt) > $@
124 all_final += $(test_ca_crt_cat21)
126 test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
127 $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
128 all_intermediate += test-int-ca.csr
129 test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
130 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
131 all_final += test-int-ca-exp.crt
133 crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
134 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
135 all_final += crl-idp.pem
136 crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
137 $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
138 all_final += crl-idpnc.pem
140 cli_crt_key_file_rsa = cli-rsa.key
141 cli_crt_extensions_file = cli.opensslconf
143 cli-rsa.csr: $(cli_crt_key_file_rsa)
144 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Client 2" md=SHA1
145 all_intermediate += cli-rsa.csr
147 cli-rsa-sha1.crt: cli-rsa.csr
148 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
150 cli-rsa-sha256.crt: cli-rsa.csr
151 $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
152 all_final += cli-rsa-sha256.crt
154 test_ca_int_rsa1 = test-int-ca.crt
156 server7.csr: server7.key
157 $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
158 all_intermediate += server7.csr
159 server7-expired.crt: server7.csr $(test_ca_int_rsa1)
160 $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
161 all_final += server7-expired.crt
162 server7-future.crt: server7.csr $(test_ca_int_rsa1)
163 $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
164 all_final += server7-future.crt
165 server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
166 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@
167 all_final += server7-badsign.crt
168 server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
169 cat server7.crt test-int-ca-exp.crt > $@
170 all_final += server7_int-ca-exp.crt
172 server5-ss-expired.crt: server5.key
173 $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
174 all_final += server5-ss-expired.crt
176 # try to forge a copy of test-int-ca3 with different key
177 server5-ss-forgeca.crt: server5.key
178 $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
179 all_final += server5-ss-forgeca.crt
181 server5-othername.crt: server5.key
182 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
184 server5-unsupported_othername.crt: server5.key
185 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
187 server5-fan.crt: server5.key
188 $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@
190 server10-badsign.crt: server10.crt
191 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
192 all_final += server10-badsign.crt
193 server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt
194 cat server10-badsign.crt test-int-ca3.crt > $@
195 all_final += server10-bs_int3.pem
196 test-int-ca3-badsign.crt: test-int-ca3.crt
197 { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
198 all_final += test-int-ca3-badsign.crt
199 server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
200 cat server10.crt test-int-ca3-badsign.crt > $@
201 all_final += server10_int3-bs.pem
203 rsa_pkcs1_2048_public.pem: server8.key
204 $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
205 all_final += rsa_pkcs1_2048_public.pem
207 rsa_pkcs1_2048_public.der: rsa_pkcs1_2048_public.pem
208 $(OPENSSL) rsa -RSAPublicKey_in -in $< -outform DER -RSAPublicKey_out -out $@
209 all_final += rsa_pkcs1_2048_public.der
211 rsa_pkcs8_2048_public.pem: server8.key
212 $(OPENSSL) rsa -in $< -outform PEM -pubout -out $@
213 all_final += rsa_pkcs8_2048_public.pem
215 rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem
216 $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
217 all_final += rsa_pkcs8_2048_public.der
219 ################################################################
220 #### Generate various RSA keys
221 ################################################################
223 ### Password used for PKCS1-encoded encrypted RSA keys
224 keys_rsa_basic_pwd = testkey
226 ### Password used for PKCS8-encoded encrypted RSA keys
227 keys_rsa_pkcs8_pwd = PolarSSLTest
229 ### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
230 ### all other encrypted RSA keys are derived.
231 rsa_pkcs1_1024_clear.pem:
232 $(OPENSSL) genrsa -out $@ 1024
233 all_final += rsa_pkcs1_1024_clear.pem
234 rsa_pkcs1_2048_clear.pem:
235 $(OPENSSL) genrsa -out $@ 2048
236 all_final += rsa_pkcs1_2048_clear.pem
237 rsa_pkcs1_4096_clear.pem:
238 $(OPENSSL) genrsa -out $@ 4096
239 all_final += rsa_pkcs1_4096_clear.pem
242 ### PKCS1-encoded, encrypted RSA keys
246 rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
247 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
248 all_final += rsa_pkcs1_1024_des.pem
249 rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
250 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
251 all_final += rsa_pkcs1_1024_3des.pem
252 rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
253 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
254 all_final += rsa_pkcs1_1024_aes128.pem
255 rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
256 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
257 all_final += rsa_pkcs1_1024_aes192.pem
258 rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
259 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
260 all_final += rsa_pkcs1_1024_aes256.pem
261 keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
264 rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
265 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
266 all_final += rsa_pkcs1_2048_des.pem
267 rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
268 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
269 all_final += rsa_pkcs1_2048_3des.pem
270 rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
271 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
272 all_final += rsa_pkcs1_2048_aes128.pem
273 rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
274 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
275 all_final += rsa_pkcs1_2048_aes192.pem
276 rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
277 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
278 all_final += rsa_pkcs1_2048_aes256.pem
279 keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
282 rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
283 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
284 all_final += rsa_pkcs1_4096_des.pem
285 rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
286 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
287 all_final += rsa_pkcs1_4096_3des.pem
288 rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
289 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
290 all_final += rsa_pkcs1_4096_aes128.pem
291 rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
292 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
293 all_final += rsa_pkcs1_4096_aes192.pem
294 rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
295 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
296 all_final += rsa_pkcs1_4096_aes256.pem
297 keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
300 ### PKCS8-v1 encoded, encrypted RSA keys
304 rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
305 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
306 all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
307 rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
308 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
309 all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
310 keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
312 rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
313 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
314 all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
315 rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
316 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
317 all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
318 keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
320 rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem
321 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
322 all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
323 rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem
324 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
325 all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
326 keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der
328 keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128
331 rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
332 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
333 all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
334 rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
335 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
336 all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
337 keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
339 rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
340 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
341 all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
342 rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
343 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
344 all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
345 keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
347 rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem
348 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
349 all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
350 rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem
351 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
352 all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
353 keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der
355 keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128
358 rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
359 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
360 all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
361 rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
362 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
363 all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
364 keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
366 rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
367 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
368 all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
369 rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
370 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
371 all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
372 keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
374 rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem
375 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
376 all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
377 rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem
378 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
379 all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
380 keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der
382 keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
385 ### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1)
389 rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
390 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
391 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
392 rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
393 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
394 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
395 keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
397 rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
398 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
399 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
400 rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
401 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
402 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
403 keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
405 keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
408 rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
409 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
410 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
411 rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
412 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
413 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
414 keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
416 rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
417 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
418 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
419 rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
420 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
421 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
422 keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
424 keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
427 rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
428 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
429 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
430 rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
431 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
432 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
433 keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
435 rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
436 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
437 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
438 rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
439 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
440 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
441 keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
443 keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
446 ### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224
450 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem
451 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
452 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
453 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem
454 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
455 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
456 keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
458 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem
459 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
460 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
461 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem
462 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
463 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
464 keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
466 keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224
469 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem
470 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
471 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
472 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem
473 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
474 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
475 keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
477 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem
478 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
479 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
480 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem
481 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
482 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
483 keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
485 keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224
488 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem
489 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
490 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
491 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem
492 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
493 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
494 keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
496 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem
497 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
498 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
499 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem
500 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
501 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
502 keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
504 keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224
507 ### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256
511 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem
512 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
513 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
514 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem
515 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
516 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
517 keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
519 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem
520 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
521 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
522 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem
523 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
524 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
525 keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
527 keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256
530 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem
531 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
532 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
533 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem
534 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
535 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
536 keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
538 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem
539 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
540 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
541 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem
542 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
543 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
544 keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
546 keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256
549 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem
550 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
551 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
552 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem
553 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
554 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
555 keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
557 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem
558 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
559 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
560 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem
561 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
562 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
563 keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
565 keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256
568 ### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384
572 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem
573 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
574 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
575 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem
576 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
577 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
578 keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
580 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem
581 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
582 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
583 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem
584 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
585 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
586 keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
588 keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384
591 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem
592 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
593 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
594 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem
595 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
596 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
597 keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
599 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem
600 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
601 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
602 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem
603 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
604 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
605 keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
607 keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384
610 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem
611 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
612 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
613 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem
614 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
615 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
616 keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
618 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem
619 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
620 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
621 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem
622 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
623 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
624 keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
626 keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384
629 ### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512
633 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem
634 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
635 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
636 rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem
637 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
638 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
639 keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
641 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem
642 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
643 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
644 rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem
645 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
646 all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
647 keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
649 keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512
652 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem
653 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
654 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
655 rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem
656 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
657 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
658 keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
660 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem
661 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
662 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
663 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem
664 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
665 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
666 keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
668 keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512
671 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem
672 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
673 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
674 rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem
675 $(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
676 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
677 keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
679 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem
680 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
681 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
682 rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem
683 $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
684 all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
685 keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
687 keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512
690 ### Rules to generate all RSA keys from a particular class
693 ### Generate basic unencrypted RSA keys
694 keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
696 ### Generate PKCS1-encoded encrypted RSA keys
697 keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
699 ### Generate PKCS8-v1 encrypted RSA keys
700 keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
702 ### Generate PKCS8-v2 encrypted RSA keys
703 keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512
705 ### Generate all RSA keys
706 keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
708 ################################################################
709 #### Generate various EC keys
710 ################################################################
717 $(OPENSSL) genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime192v1 -pkeyopt ec_param_enc:named_curve -out $@ -outform DER
718 all_final += ec_prv.pk8.der
720 # ### Instructions for creating `ec_prv.pk8nopub.der`,
721 # ### `ec_prv.pk8nopubparam.der`, and `ec_prv.pk8param.der` by hand from
722 # ### `ec_prv.pk8.der`.
724 # These instructions assume you are familiar with ASN.1 DER encoding and can
725 # use a hex editor to manipulate DER.
727 # The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
729 # PrivateKeyInfo ::= SEQUENCE {
731 # privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
732 # privateKey PrivateKey,
733 # attributes [0] IMPLICIT Attributes OPTIONAL
736 # AlgorithmIdentifier ::= SEQUENCE {
737 # algorithm OBJECT IDENTIFIER,
738 # parameters ANY DEFINED BY algorithm OPTIONAL
741 # ECParameters ::= CHOICE {
742 # namedCurve OBJECT IDENTIFIER
743 # -- implicitCurve NULL
744 # -- specifiedCurve SpecifiedECDomain
747 # ECPrivateKey ::= SEQUENCE {
748 # version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
749 # privateKey OCTET STRING,
750 # parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
751 # publicKey [1] BIT STRING OPTIONAL
754 # `ec_prv.pk8.der` as generatde above by OpenSSL should have the following
757 # * privateKeyAlgorithm namedCurve
758 # * privateKey.parameters NOT PRESENT
759 # * privateKey.publicKey PRESENT
760 # * attributes NOT PRESENT
762 # # ec_prv.pk8nopub.der
764 # Take `ec_prv.pk8.der` and remove `privateKey.publicKey`.
766 # # ec_prv.pk8nopubparam.der
768 # Take `ec_prv.pk8nopub.der` and add `privateKey.parameters`, the same value as
769 # `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
771 # # ec_prv.pk8param.der
773 # Take `ec_prv.pk8.der` and add `privateKey.parameters`, the same value as
774 # `privateKeyAlgorithm.namedCurve`. Don't forget to add the explicit tag.
776 ec_prv.pk8.pem: ec_prv.pk8.der
777 $(OPENSSL) pkey -in $< -inform DER -out $@
778 all_final += ec_prv.pk8.pem
779 ec_prv.pk8nopub.pem: ec_prv.pk8nopub.der
780 $(OPENSSL) pkey -in $< -inform DER -out $@
781 all_final += ec_prv.pk8nopub.pem
782 ec_prv.pk8nopubparam.pem: ec_prv.pk8nopubparam.der
783 $(OPENSSL) pkey -in $< -inform DER -out $@
784 all_final += ec_prv.pk8nopubparam.pem
785 ec_prv.pk8param.pem: ec_prv.pk8param.der
786 $(OPENSSL) pkey -in $< -inform DER -out $@
787 all_final += ec_prv.pk8param.pem
789 ################################################################
790 ### Generate CSRs for X.509 write test suite
791 ################################################################
793 server1.req.sha1: server1.key
794 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
795 all_final += server1.req.sha1
797 server1.req.md4: server1.key
798 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4
799 all_final += server1.req.md4
801 server1.req.md5: server1.key
802 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5
803 all_final += server1.req.md5
805 server1.req.sha224: server1.key
806 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA224
807 all_final += server1.req.sha224
809 server1.req.sha256: server1.key
810 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
811 all_final += server1.req.sha256
813 server1.req.sha384: server1.key
814 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
815 all_final += server1.req.sha384
817 server1.req.sha512: server1.key
818 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA512
819 all_final += server1.req.sha512
821 server1.req.cert_type: server1.key
822 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
823 all_final += server1.req.cert_type
825 server1.req.key_usage: server1.key
826 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
827 all_final += server1.req.key_usage
829 server1.req.ku-ct: server1.key
830 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
831 all_final += server1.req.ku-ct
833 server1.req.key_usage_empty: server1.key
834 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
835 all_final += server1.req.key_usage_empty
837 server1.req.cert_type_empty: server1.key
838 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
839 all_final += server1.req.cert_type_empty
843 server2.req.sha256: server2.key
844 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
845 all_intermediate += server2.req.sha256
849 # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
850 server5.req.ku.sha1: server5.key
851 $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
852 all_final += server5.req.ku.sha1
854 ################################################################
855 ### Generate certificates for CRT write check tests
856 ################################################################
858 ### The test files use the Mbed TLS generated certificates server1*.crt,
859 ### but for comparison with OpenSSL also rules for OpenSSL-generated
860 ### certificates server1*.crt.openssl are offered.
862 ### Known differences:
863 ### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
864 ### as unused bits, while Mbed TLS doesn't.
866 test_ca_server1_db = test-ca.server1.db
867 test_ca_server1_serial = test-ca.server1.serial
868 test_ca_server1_config_file = test-ca.server1.opensslconf
872 server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
873 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
874 server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
875 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
876 server1.der: server1.crt
877 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
878 all_final += server1.crt server1.noauthid.crt server1.der
880 server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
881 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
882 server1.key_usage_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
883 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
884 server1.key_usage.der: server1.key_usage.crt
885 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
886 all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
888 server1.cert_type.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
889 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
890 server1.cert_type_noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
891 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
892 server1.cert_type.der: server1.cert_type.crt
893 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
894 all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
896 server1.v1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
897 $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
898 server1.v1.der: server1.v1.crt
899 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
900 all_final += server1.v1.crt server1.v1.der
902 # OpenSSL-generated certificates for comparison
903 # Also provide certificates in DER format to allow
904 # direct binary comparison using e.g. dumpasn1
905 server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
906 echo "01" > $(test_ca_server1_serial)
907 rm -f $(test_ca_server1_db)
908 touch $(test_ca_server1_db)
909 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -extensions v3_ext -extfile $@.v3_ext -out $@
910 server1.der.openssl: server1.crt.openssl
911 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
912 server1.key_usage.der.openssl: server1.key_usage.crt.openssl
913 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
914 server1.cert_type.der.openssl: server1.cert_type.crt.openssl
915 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
917 server1.v1.crt.openssl: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
918 echo "01" > $(test_ca_server1_serial)
919 rm -f $(test_ca_server1_db)
920 touch $(test_ca_server1_db)
921 $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.req.sha256 -out $@
922 server1.v1.der.openssl: server1.v1.crt.openssl
923 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
925 server1_all: server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
929 server2.crt: server2.req.sha256
930 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
931 server2.der: server2.crt
932 $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
933 all_final += server2.crt server2.der
935 server2-sha256.crt: server2.req.sha256
936 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
937 all_final += server2-sha256.crt
941 ################################################################
943 ################################################################
945 all_final: $(all_final)
946 all: $(all_intermediate) $(all_final)
948 .PHONY: default all_final all
950 .PHONY: keys_rsa_unenc keys_rsa_enc_basic
951 .PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
952 .PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
953 .PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
954 .PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
955 .PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
958 # These files should not be committed to the repository.
960 @printf '%s\n' $(all_intermediate) | sort
961 # These files should be committed to the repository so that the test data is
962 # available upon checkout without running a randomized process depending on
965 @printf '%s\n' $(all_final) | sort
966 .PHONY: list_intermediate list_final
968 ## Remove intermediate files
970 rm -f $(all_intermediate)
971 ## Remove all build products, even the ones that are committed