aboutsummaryrefslogtreecommitdiffstats
path: root/examples
diff options
context:
space:
mode:
authorLibravatarLibravatar william <william@25tandclement.com> 2013-12-09 21:26:39 -0800
committerLibravatarLibravatar william <william@25tandclement.com> 2013-12-09 21:26:39 -0800
commite3ec2e4f949267ca48fe9fe983dd00f41010c2a8 (patch)
tree744fc7d57d94e044699c0f7ece7cb47cb56cfaff /examples
parent9db41e05d9a00eb906b530b38bcaaa068d40c88b (diff)
downloadluaossl-e3ec2e4f949267ca48fe9fe983dd00f41010c2a8.tar.gz
luaossl-e3ec2e4f949267ca48fe9fe983dd00f41010c2a8.tar.bz2
luaossl-e3ec2e4f949267ca48fe9fe983dd00f41010c2a8.zip
copy over our examples/
Diffstat (limited to 'examples')
-rwxr-xr-xexamples/self.x50954
-rwxr-xr-xexamples/vrfy.sig35
2 files changed, 89 insertions, 0 deletions
diff --git a/examples/self.x509 b/examples/self.x509
new file mode 100755
index 0000000..39525d0
--- /dev/null
+++ b/examples/self.x509
@@ -0,0 +1,54 @@
+#!/usr/local/lua52/bin/lua
+--
+-- Example self-signed X.509 certificate generation.
+--
+-- Skips intermediate CSR object, which is just an antiquated way for
+-- specifying subject DN and public key to CAs. See API documentation for
+-- CSR generation.
+--
+
+local pubkey = require"openssl.pubkey"
+local x509 = require"openssl.x509"
+local name = require"openssl.x509.name"
+local altname = require"openssl.x509.altname"
+
+-- generate our public/private key pair
+--local key = pubkey.new{ type = "RSA", bits = 1024 }
+--local key = pubkey.new{ type = "DSA", bits = 1024 }
+local key = pubkey.new{ type = "EC", curve = "prime192v1" }
+
+-- our Subject and Issuer DN (self-signed, so same)
+local dn = name.new()
+dn:add("C", "US")
+dn:add("ST", "California")
+dn:add("L", "San Francisco")
+dn:add("O", "Acme, Inc")
+dn:add("CN", "acme.inc")
+
+-- our Alternative Names
+local alt = altname.new()
+alt:add("DNS", "acme.inc")
+alt:add("DNS", "*.acme.inc")
+
+-- build our certificate
+local crt = x509.new()
+
+crt:setVersion(3)
+crt:setSerial(47)
+
+crt:setSubject(dn)
+crt:setIssuer(crt:getSubject())
+crt:setSubjectAlt(alt)
+
+local issued, expires = crt:getLifetime()
+crt:setLifetime(issued, expires + 60) -- good for 60 seconds
+
+crt:setBasicConstraints{ CA = true, pathLen = 2 }
+crt:setBasicConstraintsCritical(true)
+
+crt:setPublicKey(key)
+crt:sign(key)
+
+-- pretty-print using openssl command-line utility.
+io.popen("openssl x509 -text -noout", "w"):write(tostring(crt))
+
diff --git a/examples/vrfy.sig b/examples/vrfy.sig
new file mode 100755
index 0000000..94daf43
--- /dev/null
+++ b/examples/vrfy.sig
@@ -0,0 +1,35 @@
+#!/usr/local/lua52/bin/lua
+--
+-- Example public-key signature verification.
+--
+
+local pubkey = require"openssl.pubkey"
+local digest = require"openssl.digest"
+
+-- generate a public/private key pair
+local key = pubkey.new{ type = "EC", curve = "prime192v1" }
+
+-- digest our message using an appropriate digest ("ecdsa-with-SHA1" for EC;
+-- "dss1" for DSA; and "sha1", "sha256", etc for RSA).
+local data = digest.new"ecdsa-with-SHA1"
+data:update(... or "hello world")
+
+-- generate a signature for our data
+local sig = key:sign(data)
+
+-- to prove verification works, instantiate a new object holding just
+-- the public key
+local pub = pubkey.new(key:toPEM"public")
+
+-- a utility routine to output our signature
+local function tohex(b)
+ local x = ""
+ for i = 1, #b do
+ x = x .. string.format("%.2x", string.byte(b, i))
+ end
+ return x
+end
+
+print("okay", pub:verify(sig, data))
+print("type", pub:type())
+print("sig", tohex(sig))