diff options
| -rwxr-xr-x | examples/self.x509 | 19 | ||||
| -rwxr-xr-x | examples/vrfy.sig | 19 |
2 files changed, 33 insertions, 5 deletions
diff --git a/examples/self.x509 b/examples/self.x509 index b2d14f9..37b12c7 100755 --- a/examples/self.x509 +++ b/examples/self.x509 @@ -7,15 +7,28 @@ -- CSR generation. -- +local keytype = ... + +local openssl = require"openssl" local pkey = require"openssl.pkey" local x509 = require"openssl.x509" local name = require"openssl.x509.name" local altname = require"openssl.x509.altname" -- generate our public/private key pair ---local key = pkey.new{ type = "RSA", bits = 1024 } ---local key = pkey.new{ type = "DSA", bits = 1024 } -local key = pkey.new{ type = "EC", curve = "prime192v1" } +local function genkey(type) + type = string.upper(type or (not openssl.NO_EC and "EC") or "RSA") + + if type == "RSA" then + return pkey.new{ type = "RSA", bits = 1024 } + elseif type == "DSA" then + return pkey.new{ type = "DSA", bits = 1024 } + else + return pkey.new{ type = "EC", curve = "prime192v1" } + end +end + +local key = genkey(keytype) -- our Subject and Issuer DN (self-signed, so same) local dn = name.new() diff --git a/examples/vrfy.sig b/examples/vrfy.sig index cf60995..258490a 100755 --- a/examples/vrfy.sig +++ b/examples/vrfy.sig @@ -3,15 +3,30 @@ -- Example public-key signature verification. -- +local keytype = ... + +local openssl = require"openssl" local pkey = require"openssl.pkey" local digest = require"openssl.digest" -- generate a public/private key pair -local key = pkey.new{ type = "EC", curve = "prime192v1" } +local function genkey(type) + type = string.upper(type or (not openssl.NO_EC and "EC") or "RSA") + + if type == "RSA" then + return pkey.new{ type = "RSA", bits = 1024 }, "sha256" + elseif type == "DSA" then + return pkey.new{ type = "DSA", bits = 1024 }, "dss1" + else + return pkey.new{ type = "EC", curve = "prime192v1" }, "ecdsa-with-SHA1" + end +end + +local key, hash = genkey(keytype) -- digest our message using an appropriate digest ("ecdsa-with-SHA1" for EC; -- "dss1" for DSA; and "sha1", "sha256", etc for RSA). -local data = digest.new"ecdsa-with-SHA1" +local data = digest.new(hash) data:update(... or "hello world") -- generate a signature for our data |