sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

testing: Use AES and SHA-256 to protect PKCS#12 files

Browse Source 
The -aes128 option is used when encrypting private keys read from a
PKCS#12 file, not when generating such a file.
This commit is contained in:
Tobias Brunner 2021-10-18 14:27:14 +02:00
parent 66fa7c959a
commit 8c48de739d
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
testing/scripts/build-certs-chroot
View File

@ -343,8 +343,8 @@ HOST_CERT="${DIR}/hosts/moon/${SWANCTL_DIR}/x509/moonCert.pem"
MOON_PKCS12="${TEST}/hosts/moon/${SWANCTL_DIR}/pkcs12/moonCert.p12"
mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/pkcs12
openssl pkcs12 -export -inkey ${HOST_KEY} -in ${HOST_CERT} -name "moon" \
-certfile ${CA_CERT} -caname "strongSwan Root CA" \
-aes128 -passout "pass:kUqd8O7mzbjXNJKQ" > ${MOON_PKCS12} 2> /dev/null
-certfile ${CA_CERT} -caname "strongSwan Root CA" -keypbe aes-128-cbc \
-certpbe aes-128-cbc -macalg sha256 -passout "pass:kUqd8O7mzbjXNJKQ" > ${MOON_PKCS12}
# Create PKCS#12 file for sun
HOST_KEY="${DIR}/hosts/sun/${SWANCTL_DIR}/rsa/sunKey.pem"
@ -352,8 +352,8 @@ HOST_CERT="${DIR}/hosts/sun/${SWANCTL_DIR}/x509/sunCert.pem"
SUN_PKCS12="${TEST}/hosts/sun/${SWANCTL_DIR}/pkcs12/sunCert.p12"
mkdir -p ${TEST}/hosts/sun/${SWANCTL_DIR}/pkcs12
openssl pkcs12 -export -inkey ${HOST_KEY} -in ${HOST_CERT} -name "sun" \
-certfile ${CA_CERT} -caname "strongSwan Root CA" \
-aes128 -passout "pass:IxjQVCF3JGI+MoPi" > ${SUN_PKCS12} 2> /dev/null
-certfile ${CA_CERT} -caname "strongSwan Root CA" -keypbe aes-128-cbc \
-certpbe aes-128-cbc -macalg sha256 -passout "pass:IxjQVCF3JGI+MoPi" > ${SUN_PKCS12}
# Put a PKCS#12 copy into the botan/net2net-pkcs12 scenario
for t in botan/net2net-pkcs12 openssl-ikev2/net2net-pkcs12