feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5397 from SparkiDev/cert_rsa_pss

Browse Source 
Certs with RSA-PSS sig
This commit is contained in:
David Garske
2022-08-11 08:19:12 -07:00
committed by GitHub
parent 66644c2e31 fb531dacc2
commit 5e6c45a6fb
65 changed files with 3150 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
certs/include.am
View File

@@ -128,4 +128,5 @@ include certs/test/include.am
include certs/test-pathlen/include.am
include certs/intermediate/include.am
include certs/falcon/include.am
include certs/rsapss/include.am

12
certs/renewcerts.sh
View File

@@ -619,10 +619,20 @@ run_renewcerts(){
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## generate RSA-PSS certificates ###################
############################################################
echo "Renewing RSA-PSS certificates"
cd rsapss
./renew-rsapss-certs.sh
cd ..
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
########## generate Ed25519 certificates ###################
############################################################
echo "Renewing Ed448 certificates"
echo "Renewing Ed25519 certificates"
cd ed25519
./gen-ed25519-certs.sh
cd ..

BIN
certs/rsapss/ca-3072-rsapss-key.der Normal file
View File

Binary file not shown.

11
certs/rsapss/ca-3072-rsapss-key.pem Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGBAMgqQMjrrnwYM8s4Uea3exFP
zeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpdU2IR4gjfl003PXhiUEAxKnBEGm1p
Sfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoopc6xKDpZ2RkQOtQfkQcHc1CkK9gY
HyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJbh7UbjmU9txUI0RIaquxOVjVwpz5Q
Zfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0XwFiGB5dW1kWCL11y7wnAG9lBBRTZ/
QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0DawmP13uEfSLF4hDLzBGqofVmhQ41
WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0+7XC3mGgrG+8fu9TCJ+xGK1b4wEj
3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBrKQOhvlXkTPglp6ij4z8yH66nKptr
Vt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/QLwkOZwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/ca-3072-rsapss-priv.der Normal file
View File

Binary file not shown.

40
certs/rsapss/ca-3072-rsapss-priv.pem Normal file
View File

@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/AIBADALBgkqhkiG9w0BAQoEggboMIIG5AIBAAKCAYEAyCpAyOuufBgzyzhR
5rd7EU/N6jWHZNmyys9LIcSGKsejbxU+HsSbA4FLOl1TYhHiCN+XTTc9eGJQQDEq
cEQabWlJ/He48kIJhppdOc2EezKKO7BPvz3UBX7AqiilzrEoOlnZGRA61B+RBwdz
UKQr2BgfIvj0ZD8ToNhgflNMO5dwvDblvjGXRVXtoluHtRuOZT23FQjREhqq7E5W
NXCnPlBl9z4wnDLbsiR7hwIpJxI1rY7DAiITwm5TRfAWIYHl1bWRYIvXXLvCcAb2
UEFFNn9BRIm2lyO+dtd8cn/q9BkQF8Pfj82XIATLHQNrCY/Xe4R9IsXiEMvMEaqh
9WaFDjVajMOJYSnQXFMvCUuRfs7gEtPO68lQPDbwprT7tcLeYaCsb7x+71MIn7EY
rVvjASPeEaUffdW29HIdU3VmjNthHunrPPNJaYK2IGspA6G+VeRM+CWnqKPjPzIf
rqcqm2tW3clasRoBoBPSjpos2379Ww4u75JpzvLe79AvCQ5nAgMBAAECggGAEW40
hAqaAC5vXDQEVc4GhoRnjwyoRKz8d9LDXSZq9JC797Fm3nEKeqyoq2VzHGgoQdOO
rmewD6qoCF7/rhUQJBT2H2khjt8XS0Rn99+guMW26em5mBK/Qtc92dN+VNhyg1pN
oHQcW1qAW5dXgF87fi7jjz0UsyIXCHuvM3D3g3z1kT5KlVxmKuCHuAq2b5v9s21D
Yy6IXkY6Oie8NB0iQzfnGTeuLfvzy7iHlUMn6EIasIltC+OByv2mfMGie7p+7IWq
bzRf3cBTiR6ozEIfDobVT+RQbc3Zj6nLI63Lt1ANGLL3j4bcCTKmteNwaCYiDVBU
9cYhuoSUcnegZHkhnFjnY+PoqE8TIWp+nAY97Ptz8s8aMXP6vZ6j2KV8HJgqj18w
05x6cyvCPMXOh2ZJvn7daDRFL+o5Fj+rWch202gsTxqbPzqtph8OxMMyCZMbXHrw
GkDNhRlg22MjfLpiKYZKfPC6dX8GVywuc8O7qwBUBB4QH+w8myitVCj7h2QRAoHB
AP28yltlAlpIPovARsscof3ntn4koamcdLjtFxVeLRz/4DsBLH2Oa0vOu67Y/dH9
FunmPO6B7TqnE41pf1qBNhmWDwIb/eRD9bLQStW9Vd6jg42Z76+LVgjjAk1bXoUz
nNvNQhzfW9H6NgsqJhH+b07YhyI9qJCIWwGRcl9+C4XZXTxSY1qDDIL4KzsyK2SW
LsOcSK67VJisUsiVeq05yjTSzy6upjXgYVAoMqGRlKxw1RH/o2F5ovvkBYB90sws
DwKBwQDJ8ywW1YC3nuyRgX9B5+MGFnNIOnP5lSHuNf06o7hRY7ikpC9ZMSaIgZqZ
Fly6ZcBeja+rZuwmYQ4lmjpUfcY1mORsljSW+M8cobUIf9YDmc2MfZs0961sR4eR
fxSkDez819jn0iT4MiMqKzOBiRdvVw07UScpneC0coQ4j6nNaUoHg1/KIRIGrA5K
SZjK6LWsdulGMJp6u1K0ms+gOj6Jp2CO4xvpdl7EWKT/SDo4S8pVnQAvNSXE9cwT
IFBKACkCgcAkyeCVC7ohmOPoo0IgZNBf3d6pv2npC5Qo08dLA9KKp9a891iaA7Iu
1ZSEr1VtwsI1u3oOIqxgmqTNFgSu/Jj5cLZQWfqfw/K1sFmJT+BJXW/Pcgg8bXlV
5IQK7zpvGaKeg84YHZJUiXCYgc3vQfKlfeNp5YKxIfP/8DSi/8Vv7KoF+vQIxYNk
4dJyzL1Z4iR5nAk1vFdxo1qFVpbo0r4slnwPiqbynMu/MXTV1CO4NMvPxj7L/TTS
TKc3kAamL6UCgcEAi2Y1ytU5coZbGd1fsGiWhv88OGFQ6LkOoNXXpICanGPPcqZ6
oICS7qs3wfBztZ7C+QGofxIedCeOkloxZV0kUp7lHidYydWZcVQWGHXVjsq93fpe
BmPo69M8OyyTXOLX8Xg1G2AtcL17FIKZnRK6gHqAga907v8xup1Js5lHRqklFqaS
mn3VaZGek5zVwUp9DT1PrMmj+JAReOVb6GgL/wzwU/FktPSmWbYuvqBmv7FhS1OC
axOurJRWd+VYRpxxAoHBAOWBLmlWOGpOfr1r35I3+qrAQRtApEXplHCnCNc1ngIJ
bquSIAfEQCVlJBkE2OPxApqQ6WmU60TbOnuLzBZWh391wiFMEt3j1z9/ExUJjEhq
ub0VwhSI+Zm8wI3nIKf55JbO/H4diO2boOFs6hGFf7AM6yzmH3Pw3l9y+nXga+rp
aT/gIcqdz2mVpm3DiI4tNaSljyhvtJXrv7KDK6G0IPz5489619agwzU3sTLATeSD
M18AEXr2oS6sXtflRhcdDw==
-----END PRIVATE KEY-----

BIN
certs/rsapss/ca-3072-rsapss.der Normal file
View File

Binary file not shown.

116
certs/rsapss/ca-3072-rsapss.pem Normal file
View File

@@ -0,0 +1,116 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:c8:2a:40:c8:eb:ae:7c:18:33:cb:38:51:e6:b7:
7b:11:4f:cd:ea:35:87:64:d9:b2:ca:cf:4b:21:c4:
86:2a:c7:a3:6f:15:3e:1e:c4:9b:03:81:4b:3a:5d:
53:62:11:e2:08:df:97:4d:37:3d:78:62:50:40:31:
2a:70:44:1a:6d:69:49:fc:77:b8:f2:42:09:86:9a:
5d:39:cd:84:7b:32:8a:3b:b0:4f:bf:3d:d4:05:7e:
c0:aa:28:a5:ce:b1:28:3a:59:d9:19:10:3a:d4:1f:
91:07:07:73:50:a4:2b:d8:18:1f:22:f8:f4:64:3f:
13:a0:d8:60:7e:53:4c:3b:97:70:bc:36:e5:be:31:
97:45:55:ed:a2:5b:87:b5:1b:8e:65:3d:b7:15:08:
d1:12:1a:aa:ec:4e:56:35:70:a7:3e:50:65:f7:3e:
30:9c:32:db:b2:24:7b:87:02:29:27:12:35:ad:8e:
c3:02:22:13:c2:6e:53:45:f0:16:21:81:e5:d5:b5:
91:60:8b:d7:5c:bb:c2:70:06:f6:50:41:45:36:7f:
41:44:89:b6:97:23:be:76:d7:7c:72:7f:ea:f4:19:
10:17:c3:df:8f:cd:97:20:04:cb:1d:03:6b:09:8f:
d7:7b:84:7d:22:c5:e2:10:cb:cc:11:aa:a1:f5:66:
85:0e:35:5a:8c:c3:89:61:29:d0:5c:53:2f:09:4b:
91:7e:ce:e0:12:d3:ce:eb:c9:50:3c:36:f0:a6:b4:
fb:b5:c2:de:61:a0:ac:6f:bc:7e:ef:53:08:9f:b1:
18:ad:5b:e3:01:23:de:11:a5:1f:7d:d5:b6:f4:72:
1d:53:75:66:8c:db:61:1e:e9:eb:3c:f3:49:69:82:
b6:20:6b:29:03:a1:be:55:e4:4c:f8:25:a7:a8:a3:
e3:3f:32:1f:ae:a7:2a:9b:6b:56:dd:c9:5a:b1:1a:
01:a0:13:d2:8e:9a:2c:db:7e:fd:5b:0e:2e:ef:92:
69:ce:f2:de:ef:d0:2f:09:0e:67
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
X509v3 Authority Key Identifier:
keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
39:a8:ef:b1:66:08:50:0b:5e:cb:b2:29:8c:9b:b1:be:21:44:
d6:d8:97:1d:45:dc:52:70:f1:de:ac:74:65:03:6b:af:a0:f0:
21:61:ce:23:39:33:c8:cb:1e:8f:77:12:1e:5b:99:0c:e1:1b:
75:cf:1d:d7:12:86:cc:fc:86:90:0f:45:ea:8b:08:47:08:ac:
56:44:31:f2:c9:23:6b:d5:30:ca:5f:49:b0:4b:8b:36:bd:5c:
92:fa:86:34:57:80:30:93:29:59:19:a4:dd:f9:91:26:8a:49:
b4:ee:93:aa:e1:b2:06:f6:2f:2a:d9:5b:6d:f9:7c:04:4f:1c:
7a:cc:8e:39:c2:98:3a:bd:b9:a2:24:82:8f:e4:d8:80:47:73:
84:6e:bc:20:5c:ac:79:72:a7:6f:e3:c8:3a:9c:cc:83:b1:1f:
e2:65:3b:a1:f5:86:1a:33:53:bc:05:ba:6a:b1:bc:a7:b4:c1:
44:8c:0a:cc:c2:15:da:c1:dd:dc:31:91:46:5b:48:d8:ea:03:
78:e1:1f:ce:79:19:c8:6e:d6:3f:4c:f5:3b:b3:e7:2e:b7:46:
0c:58:cd:ca:56:a6:88:fb:fd:12:d1:27:80:5a:a2:51:96:f8:
4c:65:8d:71:0b:84:ca:94:f9:9f:c9:38:62:a3:64:cd:91:44:
50:ed:bb:c0:1d:9b:b8:a4:57:b1:7a:2e:44:57:a5:15:ba:cc:
b3:62:f5:46:aa:cd:fb:53:d3:ed:ef:e3:f4:b2:9b:3f:29:d0:
00:8c:19:61:48:b6:da:74:27:05:69:7b:df:04:0e:e2:f1:0f:
1a:fa:92:70:79:78:86:52:60:e1:4d:4e:66:14:ba:86:e2:4e:
dd:e0:d0:f3:c0:2d:6d:3a:16:00:1d:c6:9c:27:6f:a6:5f:21:
4c:e4:82:14:95:d1:a7:4a:15:13:ba:d8:65:ad:34:a2:93:3a:
d1:49:12:4d:f2:97:f3:e2:8a:83:d2:bf:84:84:c6:87:70:c9:
38:e0:5f:fe:7f:38
-----BEGIN CERTIFICATE-----
MIIFjzCCA8agAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgZ0xCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93
b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UEAwwP
d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
MB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAyMjc1NVowgbIxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
ggGBAMgqQMjrrnwYM8s4Uea3exFPzeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpd
U2IR4gjfl003PXhiUEAxKnBEGm1pSfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoo
pc6xKDpZ2RkQOtQfkQcHc1CkK9gYHyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJb
h7UbjmU9txUI0RIaquxOVjVwpz5QZfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0Xw
FiGB5dW1kWCL11y7wnAG9lBBRTZ/QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0D
awmP13uEfSLF4hDLzBGqofVmhQ41WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0
+7XC3mGgrG+8fu9TCJ+xGK1b4wEj3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBr
KQOhvlXkTPglp6ij4z8yH66nKptrVt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/Q
LwkOZwIDAQABo2MwYTAdBgNVHQ4EFgQU+ELMiMnIGPnTsCRlBkz/Vau/Dn8wHwYD
VR0jBBgwFoAUqnHTsYpLu0cVR1+b0Ctp0W+FXvYwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAYYwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAY
BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgFOA4IBgQA5qO+xZghQC17LsimM
m7G+IUTW2JcdRdxScPHerHRlA2uvoPAhYc4jOTPIyx6PdxIeW5kM4Rt1zx3XEobM
/IaQD0XqiwhHCKxWRDHyySNr1TDKX0mwS4s2vVyS+oY0V4AwkylZGaTd+ZEmikm0
7pOq4bIG9i8q2Vtt+XwETxx6zI45wpg6vbmiJIKP5NiAR3OEbrwgXKx5cqdv48g6
nMyDsR/iZTuh9YYaM1O8BbpqsbyntMFEjArMwhXawd3cMZFGW0jY6gN44R/OeRnI
btY/TPU7s+cut0YMWM3KVqaI+/0S0SeAWqJRlvhMZY1xC4TKlPmfyThio2TNkURQ
7bvAHZu4pFexei5EV6UVusyzYvVGqs37U9Pt7+P0sps/KdAAjBlhSLbadCcFaXvf
BA7i8Q8a+pJweXiGUmDhTU5mFLqG4k7d4NDzwC1tOhYAHcacJ2+mXyFM5IIUldGn
ShUTuthlrTSikzrRSRJN8pfz4oqD0r+EhMaHcMk44F/+fzg=
-----END CERTIFICATE-----

BIN
certs/rsapss/ca-rsapss-key.der Normal file
View File

Binary file not shown.

10
certs/rsapss/ca-rsapss-key.pem Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN PUBLIC KEY-----
MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
CDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1g7HUE0p9aii1ClbWPK8
LSfeiEkahBkrhI2U0XgS1nsU2NKCJJWr/k9V++BV/Dk3e0GAtJhvf8W3Pjf4Xx0v
EjGI+Ys7AIXmNqUXP5qkvkj/ejYiLCPUn1tS0RfRwfJpGdgyxfd57IMZh+MToENe
sekD7bQIzXsUaA8lT5DwBKe7CIkI3HZOcEkEQU2/t393eWrvaEtil44zkTIq42MV
R/ZhpCbbAgS2V8Cn8KrsIHKRwzKrmH+Exuhf1uAa0iSxx1C7c4feKsPixGAyuORa
W7XkKYyLKGu7Gtw8/rnvnokoYLqkQGbVu+Bif6cr4Q845jPqshAOFMg/h5//iyjM
HQIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/ca-rsapss-priv.der Normal file
View File

Binary file not shown.

29
certs/rsapss/ca-rsapss-priv.pem Normal file
View File

@@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIE7AIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKYwggSiAgEAAoIBAQDWDsdQTSn1qKLU
KVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X74FX8OTd7QYC0mG9/xbc+
N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LRF9HB8mkZ2DLF93nsgxmH
4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRBTb+3f3d5au9oS2KXjjOR
MirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W4BrSJLHHULtzh94qw+LE
YDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/pyvhDzjmM+qyEA4UyD+H
n/+LKMwdAgMBAAECggEAQG0QRjYDVAHeiDauXLYqNvkR/DjsdyfQNkQar3URTmab
Hqs1Kme17YPZYEbj+lcKQNm1MCXVIULT5TEZWx9AhJxOGrVyG7UxVe8YcTdNMExu
QE08ucZK/2+QHIirxFD+mx28ImNa2fmXXJPW21yLisaUPR37rETIHo24cBsycmOw
dO25ggGtIX2M5nI75P9p7+jG7vnfDKkn7ER5exGVrF1dED14wra0PUI9yBkjX0Pu
j053crZUcpZMivERWzoGmRA4/leLcTBM/6k7JNoSP+NPIvOm0tDtdDCwos6/wqMw
UlBWBHXWKYlnpYByLGWs+NTZuI/3AAq4Tz3eNX7egQKBgQDta9NSRgEvyXgry9Xv
PV77LBCXyha4FbCS+J3B8sXaGTLZ66zZia2abSRh6/f4HJ9T975tmsKycvcgbdMx
znO4VX+hrOzPYLEug0K3j6SWd8ogvUYfcHe3jqlEac8djfq9lL0/+b2oJGDkUKnM
mOz6WKmfJTora22P8zJ8dgt/vQKBgQDmzuvNQGhwINFBewVkUxjAUWs6sTVucva7
qd/19OwUIZPDjnIGI9GMY2G21ez8mfgM8NToqyHyl+nwa5y7yy2b18PPXO2agYA6
E2BIoor8q+y14g6rEsRDOzzWP0sdAp49CpA5wuEouFN+Wn4IJX8JFosHGK6yNn+h
hk4PNMST4QKBgExBGnFNTKpFghRG9qJNSslPQNEPtjZPuROrSDf3unYvK7b0S+Le
pmR383yD5nPI9Z9pbb8UOr5H0HmY7IENtvsYctLBkJmWi7HNtMryFsHBHalgQTpt
y/Wnm1P+y+fJJyRmtlXq53AupvQNuEufPlW1zlzv/vvdGCZozOlOnKjdAoGACjox
CK9J8W4C17vzyTZFaoAxGDCyBWris/4bBnML4vh567hsJQmBR48/zTI9hhPsgeZK
COVMY8uHejfKgifGpZkx/AZKIQaMAAbLxWwubHPR0V1q+Pmj6La/Q18anPZ4vIuz
SFvyTjOcv4STARloP6bYEkBtvUfc7/NbkiDsdQECgYB5e44XdK+5zu+dOUEoN2IR
Jn3YKDJD11Mu7iokFIAnaFC+JUWGUvCPxH8x/UIZ0dFGaak1cbRlfn+xN5SsVxj6
TZRDmarSQMe7awXUyNw8VHXfHgDFwLMJYC/farwtqH/C0b3DQb8Qq+qlqbj7tzRT
nHPf/IrgYLxWJSKZ/3nvvQ==
-----END PRIVATE KEY-----

BIN
certs/rsapss/ca-rsapss.der Normal file
View File

Binary file not shown.

101
certs/rsapss/ca-rsapss.pem Normal file
View File

@@ -0,0 +1,101 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:d6:0e:c7:50:4d:29:f5:a8:a2:d4:29:5b:58:f2:
bc:2d:27:de:88:49:1a:84:19:2b:84:8d:94:d1:78:
12:d6:7b:14:d8:d2:82:24:95:ab:fe:4f:55:fb:e0:
55:fc:39:37:7b:41:80:b4:98:6f:7f:c5:b7:3e:37:
f8:5f:1d:2f:12:31:88:f9:8b:3b:00:85:e6:36:a5:
17:3f:9a:a4:be:48:ff:7a:36:22:2c:23:d4:9f:5b:
52:d1:17:d1:c1:f2:69:19:d8:32:c5:f7:79:ec:83:
19:87:e3:13:a0:43:5e:b1:e9:03:ed:b4:08:cd:7b:
14:68:0f:25:4f:90:f0:04:a7:bb:08:89:08:dc:76:
4e:70:49:04:41:4d:bf:b7:7f:77:79:6a:ef:68:4b:
62:97:8e:33:91:32:2a:e3:63:15:47:f6:61:a4:26:
db:02:04:b6:57:c0:a7:f0:aa:ec:20:72:91:c3:32:
ab:98:7f:84:c6:e8:5f:d6:e0:1a:d2:24:b1:c7:50:
bb:73:87:de:2a:c3:e2:c4:60:32:b8:e4:5a:5b:b5:
e4:29:8c:8b:28:6b:bb:1a:dc:3c:fe:b9:ef:9e:89:
28:60:ba:a4:40:66:d5:bb:e0:62:7f:a7:2b:e1:0f:
38:e6:33:ea:b2:10:0e:14:c8:3f:87:9f:ff:8b:28:
cc:1d
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
X509v3 Authority Key Identifier:
keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
32:66:7b:22:4b:80:fc:7a:81:5a:11:1d:1b:d8:a6:26:a9:38:
6f:f8:c5:cb:80:47:0c:08:cc:12:a4:7a:17:8e:d6:a5:a8:cb:
df:ea:b7:77:b4:df:e5:92:ba:7f:9b:a2:71:0d:7d:7a:36:29:
bd:03:7b:52:65:0d:79:ae:c3:ac:e8:a4:75:c6:28:c0:05:33:
51:f4:85:37:0e:9c:03:dc:51:3d:5d:55:88:17:da:b5:c5:b1:
91:a5:a9:40:91:07:a3:0c:17:75:f9:fa:52:43:94:21:40:24:
8c:31:f3:4a:5e:96:86:20:9b:37:87:a4:56:ac:4f:ac:e6:a6:
0c:05:cc:62:b2:0a:62:63:04:5f:dc:52:46:db:12:5e:16:2b:
62:00:fa:30:5f:04:33:28:0c:a6:6c:49:cb:35:ad:f4:d5:57:
cb:16:7c:f4:8c:99:22:e4:e1:f4:97:e4:df:b2:1f:62:8f:50:
2e:43:aa:cf:c7:86:ae:da:7f:b7:eb:16:cb:28:c2:bc:80:7b:
f2:7f:16:60:88:0e:49:aa:d3:2a:92:54:38:a4:09:be:79:e1:
1d:6f:b1:95:0c:02:f9:e7:f4:4b:b8:44:4a:e2:db:02:08:b3:
e6:79:d5:d0:bd:34:8f:cc:8e:19:28:48:07:7b:d0:b2:31:ba:
db:e2:e0:3f
-----BEGIN CERTIFICATE-----
MIIEvzCCA3egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBnTELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dv
bGZTU0xfUlNBLVBTUzEVMBMGA1UECwwMUm9vdC1SU0EtUFNTMRgwFgYDVQQDDA93
d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
HhcNMjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIyNzU1WjCBsjELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
AoIBAQDWDsdQTSn1qKLUKVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X7
4FX8OTd7QYC0mG9/xbc+N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LR
F9HB8mkZ2DLF93nsgxmH4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRB
Tb+3f3d5au9oS2KXjjORMirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W
4BrSJLHHULtzh94qw+LEYDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/
pyvhDzjmM+qyEA4UyD+Hn/+LKMwdAgMBAAGjYzBhMB0GA1UdDgQWBBSeDODT37ZL
8xljXMpsk4aiFFORMTAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1GnqU81jAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA9BgkqhkiG9w0BAQowMKAN
MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC
AQEAMmZ7IkuA/HqBWhEdG9imJqk4b/jFy4BHDAjMEqR6F47WpajL3+q3d7Tf5ZK6
f5uicQ19ejYpvQN7UmUNea7DrOikdcYowAUzUfSFNw6cA9xRPV1ViBfatcWxkaWp
QJEHowwXdfn6UkOUIUAkjDHzSl6WhiCbN4ekVqxPrOamDAXMYrIKYmMEX9xSRtsS
XhYrYgD6MF8EMygMpmxJyzWt9NVXyxZ89IyZIuTh9Jfk37IfYo9QLkOqz8eGrtp/
t+sWyyjCvIB78n8WYIgOSarTKpJUOKQJvnnhHW+xlQwC+ef0S7hESuLbAgiz5nnV
0L00j8yOGShIB3vQsjG62+LgPw==
-----END CERTIFICATE-----

BIN
certs/rsapss/client-3072-rsapss-key.der Normal file
View File

Binary file not shown.

11
certs/rsapss/client-3072-rsapss-key.pem Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGBALsGKOR/yUF2vibGqboI5jWc
M6A8W6uVI9drYdMui43tHNlXrhpp4s5liC5lD8vxecssRpY+P1tZ5be1sTx8JuRW
IVFdBHnZf1xxVOkemcH3vmwPe+9GjUAOo2vOmJtsDW3TJJ2e6GglnEZgkjdicyF3
Gr1c8BFt7rlvso42VD7hcms2yYhIhhhs+Nex4OTXDCoVzJIzhL1xGgdwqgMk4c7C
KLjjg/+6GVC3riL9++twcLAtF6A+qoVQQ2IkXQBRuBH62MYGQAe9SrBCcFLPF5Wx
U/xojRO+oA7ES8sXcs3NCy7/ZkJQzHZ9cE59Yxbl2uH7mWwdBmyr7tM2Tsc0X/fQ
HlD9/kE5KVzhx7/EUDZ1ijZNCWrKKswatw2LFm1IBzlh9cgHWpy/0qXxOTt+v2Ix
k7opWskJ1wAwPtgYjJ6nKHVJqok03loUKV38RwWraoQPVyxkqzuYs9ZIutvxA9Ag
95/vfVJQKONI7Sk+/v+Go2Q9fymio5NS5WrDqRNEzwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/client-3072-rsapss-priv.der Normal file
View File

Binary file not shown.

40
certs/rsapss/client-3072-rsapss-priv.pem Normal file
View File

@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG+wIBADALBgkqhkiG9w0BAQoEggbnMIIG4wIBAAKCAYEAuwYo5H/JQXa+Jsap
ugjmNZwzoDxbq5Uj12th0y6Lje0c2VeuGmnizmWILmUPy/F5yyxGlj4/W1nlt7Wx
PHwm5FYhUV0Eedl/XHFU6R6Zwfe+bA9770aNQA6ja86Ym2wNbdMknZ7oaCWcRmCS
N2JzIXcavVzwEW3uuW+yjjZUPuFyazbJiEiGGGz417Hg5NcMKhXMkjOEvXEaB3Cq
AyThzsIouOOD/7oZULeuIv3763BwsC0XoD6qhVBDYiRdAFG4EfrYxgZAB71KsEJw
Us8XlbFT/GiNE76gDsRLyxdyzc0LLv9mQlDMdn1wTn1jFuXa4fuZbB0GbKvu0zZO
xzRf99AeUP3+QTkpXOHHv8RQNnWKNk0JasoqzBq3DYsWbUgHOWH1yAdanL/SpfE5
O36/YjGTuilayQnXADA+2BiMnqcodUmqiTTeWhQpXfxHBatqhA9XLGSrO5iz1ki6
2/ED0CD3n+99UlAo40jtKT7+/4ajZD1/KaKjk1LlasOpE0TPAgMBAAECggGAdKPV
0xRjRyGwW+ygo/ay5JKDnBaosW01Sj+dZiDsRlqwGFjXq3+IRWMLOKws2uvCItV9
PGycBPQfEaEOZYOkmdmhs+XISdo81UGVTEKacF97cleB2uvsYhv/DdhuUthj06/Q
cUFO/s0eFsJZzpLm7OMkWR9iVexy61HfUVRO3FysiHNF42ofv5IO7C7y7KW133Vy
/WeGDMRCEIvSbF2POuzaitzSUSYWbcHwp8AxYlfg3+9vgbAzlytEqyu0mONdUJFm
2Byjv141pDDtrEdTJPg1TYfaRkxVEtBJB6tFfwJm+Pcn2Y9vDW2/AdWXouhgV3tz
EGEN8U9LGQQ7AsSw6xYcJiH0fBXS0nq1DYNClSDp7dtvQGklp50tKuixLv55ahRL
J7Hcvt7yCMGbU5IGg1fu6wtuLEuvKKHg0maYQK0YDn7DXQkeTgVoK85vdxNJrZOD
vDKX6dT/1q6XkJnhUp74qVqL84MxAFjejK1Q+3JtWFfFjDR1/XDQ0AFbBjFBAoHB
AOxpeAZg5EA4KcSG6BIL5XxQ3g44Egsg6PPpNCuJZJEhU0kHZyD/VtTYRfw0awRI
IsZWo0lPRvzyzP/95IPP3YVHn7qgBu7wfR7sdH7nBXyXgu8Wkp62UfS1u6+3loFj
B9tUdbMjMUv+Em0Ns9tzWLFc/ILNniWmgz1VnweoE9EThYT1QWXuXhW7t3YFMbt3
vWZSA3Ev8cs+Kj7cUF7RPBBVVAtTjkvo40P0htTAk50+k41VXiftvT1ASBuQy41p
YQKBwQDKhR/ThcrXGN4J7KMr3jztMXi+iYVcY+V4ok9l9KdcSEUNVTIaSfvJNjOw
DJgXOc4uRdMhpO2Gmf6kZNP4Em5Ri0++G2iK+89lY4S4Na9wAd95790It2GokjEZ
TndvyHWYp26baHooV3gu/rc63p/PTHGRUn9EDh5NR28Neph2W6ggm8AntosLlT3b
UnAhLcPli0M14hq8lB/U04PA8/M9Cnh+QqX8/rpavbYooGGYibV3vDFKmVI6fyGC
kbqobC8CgcEAtmSAh1tFfg5WmxsB/LpU6N5zE0FLGm7fix7Gczhi8F1nphYiCKE2
2qupAvVmAz2sJp09CRgyyoCAjJfTL6a1X1hs8Uz5TGsZ/TusfSO7Ze52xAMER5Ke
FFAJZ34ajeRbcWnuDLEAHYL9sEk8E/kf2mbFIh2E/8NByZY/RWb1Mv7+qh+VvxBy
Yg4bcuB7CAlPhJuNsEuvHoDtkuXi0+RVlLxgRQTH6eTZQdpsE8Qnns9ig03zgJa4
w4LOnwXNJWLBAoHAasr+eG1CBGFBnRwjA1wC5tVCpb8hCxJGjHGSyuHTay9U8m3t
qL1Av98MLJbHkN/ToMUDS+eLtYH5LLlaqaMWd3uuBkKvwzJ8MCvlbboplDf4n3Vk
KleBcQH+UCj3hIPBt0j7Y4oZeLJ/VtDM0Ida4FagQJCvObT0N64mmoX+ZdN5ehCH
qKly8x2067WyGVznw2DHhV+A19aIXpNXE+XQa2zdEz+UBjBRFs6ZgxznuidMASLF
H2BwYxZtFkxAkNXTAoHAVTyVGyoWbFc3SGfmvTqXCo3MNRTPJHWuxVQz2/SLKVbb
ZltLjMnslRssPA/BMumWdYa6oc8TB0+vNLdOgJA5xn5Cqj2U60GdvNwp++dXXflF
vI8Cy/vNKT1PoMb3KWCUHCrYkHPLypSrZ0rVztNxKCjUYQ+u/BtNo2Sc8/HhB3tk
CybdGAZLD6LYhYfTcyTL1XwyXhFDcVwfu3HKtt0oNLLBB/+K1yTkOvEKx43tz2WT
QRuebAulzRxxwUIyE598
-----END PRIVATE KEY-----

BIN
certs/rsapss/client-3072-rsapss.der Normal file
View File

Binary file not shown.

128
certs/rsapss/client-3072-rsapss.pem Normal file
View File

@@ -0,0 +1,128 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:fb:25:ba:76:1a:4b:f9:38:2a:2b:4d:50:17:1e:7b:32:31:e3:30
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:bb:06:28:e4:7f:c9:41:76:be:26:c6:a9:ba:08:
e6:35:9c:33:a0:3c:5b:ab:95:23:d7:6b:61:d3:2e:
8b:8d:ed:1c:d9:57:ae:1a:69:e2:ce:65:88:2e:65:
0f:cb:f1:79:cb:2c:46:96:3e:3f:5b:59:e5:b7:b5:
b1:3c:7c:26:e4:56:21:51:5d:04:79:d9:7f:5c:71:
54:e9:1e:99:c1:f7:be:6c:0f:7b:ef:46:8d:40:0e:
a3:6b:ce:98:9b:6c:0d:6d:d3:24:9d:9e:e8:68:25:
9c:46:60:92:37:62:73:21:77:1a:bd:5c:f0:11:6d:
ee:b9:6f:b2:8e:36:54:3e:e1:72:6b:36:c9:88:48:
86:18:6c:f8:d7:b1:e0:e4:d7:0c:2a:15:cc:92:33:
84:bd:71:1a:07:70:aa:03:24:e1:ce:c2:28:b8:e3:
83:ff:ba:19:50:b7:ae:22:fd:fb:eb:70:70:b0:2d:
17:a0:3e:aa:85:50:43:62:24:5d:00:51:b8:11:fa:
d8:c6:06:40:07:bd:4a:b0:42:70:52:cf:17:95:b1:
53:fc:68:8d:13:be:a0:0e:c4:4b:cb:17:72:cd:cd:
0b:2e:ff:66:42:50:cc:76:7d:70:4e:7d:63:16:e5:
da:e1:fb:99:6c:1d:06:6c:ab:ee:d3:36:4e:c7:34:
5f:f7:d0:1e:50:fd:fe:41:39:29:5c:e1:c7:bf:c4:
50:36:75:8a:36:4d:09:6a:ca:2a:cc:1a:b7:0d:8b:
16:6d:48:07:39:61:f5:c8:07:5a:9c:bf:d2:a5:f1:
39:3b:7e:bf:62:31:93:ba:29:5a:c9:09:d7:00:30:
3e:d8:18:8c:9e:a7:28:75:49:aa:89:34:de:5a:14:
29:5d:fc:47:05:ab:6a:84:0f:57:2c:64:ab:3b:98:
b3:d6:48:ba:db:f1:03:d0:20:f7:9f:ef:7d:52:50:
28:e3:48:ed:29:3e:fe:ff:86:a3:64:3d:7f:29:a2:
a3:93:52:e5:6a:c3:a9:13:44:cf
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:01:9F:4E:11:24:28:BF:3E:EA:82:EA:54:2A:C9:0F:F5:E4:C5:47
X509v3 Authority Key Identifier:
keyid:8C:01:9F:4E:11:24:28:BF:3E:EA:82:EA:54:2A:C9:0F:F5:E4:C5:47
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_RSAPSS/OU=Client-RSAPSS/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
serial:34:FB:25:BA:76:1A:4B:F9:38:2A:2B:4D:50:17:1E:7B:32:31:E3:30
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
DNS:example.com, IP Address:127.0.0.1
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
6a:0b:ea:2c:f1:b8:04:d9:8f:a4:a4:be:11:1b:40:2f:dd:bc:
be:47:bb:1e:3d:ef:05:4f:a2:c4:78:59:79:ca:86:d9:d3:cf:
f6:61:9d:a7:5c:22:48:de:e0:53:27:8a:59:e2:d7:8d:03:e2:
0a:64:55:22:81:e9:69:b4:c4:d1:58:84:a7:85:0d:16:d2:c0:
ee:d7:10:72:46:73:ea:98:61:85:77:a8:b6:40:d4:49:36:a1:
e0:6f:c8:6c:ec:13:6e:e5:4b:d8:d4:e7:be:03:56:03:d4:6c:
67:9d:30:c4:c5:78:68:cc:60:e9:88:f7:5a:6f:31:ff:26:63:
a5:8d:d2:30:cf:a1:bc:fb:3f:d0:2f:a3:ba:d9:03:ec:fb:b8:
b7:02:46:98:cd:77:40:ba:67:46:55:e9:e3:16:bf:a9:7a:2d:
49:ee:19:c6:32:c4:04:b1:03:7a:7e:c5:bd:f8:b6:ac:7f:cf:
4a:ce:af:44:ae:14:cb:c7:69:fe:7c:a3:e7:63:49:b4:3c:e6:
8b:33:60:92:f7:cf:be:c8:94:c7:f2:3b:d2:03:6b:71:2b:d3:
f6:e0:e9:b2:ba:e2:2b:56:5e:5b:b1:d7:23:92:53:d4:90:e9:
64:9e:87:d6:e7:4a:74:7b:a8:78:46:1c:24:19:5b:e0:32:21:
92:cf:69:b4:c2:4d:62:2f:b5:b9:e5:0c:d6:cc:87:45:a2:4c:
29:a0:6d:50:60:4e:7b:c8:21:37:a0:12:1b:13:10:6e:ac:5c:
cc:07:21:ed:0b:e2:81:eb:7c:c8:e0:dc:cb:1f:8c:7e:38:6f:
1e:1c:ab:91:93:d0:ec:b4:ce:5e:7e:eb:7f:cf:e0:6c:f9:80:
29:04:4c:e4:e5:ab:69:ff:b3:18:ba:54:09:cd:ef:bd:6f:b7:
64:1f:33:ef:08:84:93:3a:2b:81:ab:60:98:9c:08:ac:5c:55:
06:44:bb:e5:4c:92:cb:a6:2f:8f:40:92:2d:80:43:a4:97:28:
18:17:0e:8e:54:94
-----BEGIN CERTIFICATE-----
MIIGxTCCBPygAwIBAgIUNPslunYaS/k4KitNUBceezIx4zAwPgYJKoZIhvcNAQEK
MDGgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQC
AgFOMIG2MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjEXMBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVu
dC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwHhcN
MjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIyNzU1WjCBtjELMAkGA1UEBhMCVVMxEDAO
BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndvbGZT
U0xfUlNBUFNTMRYwFAYDVQQLDA1DbGllbnQtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
ggGBALsGKOR/yUF2vibGqboI5jWcM6A8W6uVI9drYdMui43tHNlXrhpp4s5liC5l
D8vxecssRpY+P1tZ5be1sTx8JuRWIVFdBHnZf1xxVOkemcH3vmwPe+9GjUAOo2vO
mJtsDW3TJJ2e6GglnEZgkjdicyF3Gr1c8BFt7rlvso42VD7hcms2yYhIhhhs+Nex
4OTXDCoVzJIzhL1xGgdwqgMk4c7CKLjjg/+6GVC3riL9++twcLAtF6A+qoVQQ2Ik
XQBRuBH62MYGQAe9SrBCcFLPF5WxU/xojRO+oA7ES8sXcs3NCy7/ZkJQzHZ9cE59
Yxbl2uH7mWwdBmyr7tM2Tsc0X/fQHlD9/kE5KVzhx7/EUDZ1ijZNCWrKKswatw2L
Fm1IBzlh9cgHWpy/0qXxOTt+v2Ixk7opWskJ1wAwPtgYjJ6nKHVJqok03loUKV38
RwWraoQPVyxkqzuYs9ZIutvxA9Ag95/vfVJQKONI7Sk+/v+Go2Q9fymio5NS5WrD
qRNEzwIDAQABo4IBZzCCAWMwHQYDVR0OBBYEFIwBn04RJCi/PuqC6lQqyQ/15MVH
MIH2BgNVHSMEge4wgeuAFIwBn04RJCi/PuqC6lQqyQ/15MVHoYG8pIG5MIG2MQsw
CQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEX
MBUGA1UECgwOd29sZlNTTF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVudC1SU0FQU1Mx
GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dvbGZTU0yCFDT7Jbp2Gkv5OCor
TVAXHnsyMeMwMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22H
BH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GCSqGSIb3DQEB
CjAxoA0wCwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIE
AgIBTgOCAYEAagvqLPG4BNmPpKS+ERtAL928vke7Hj3vBU+ixHhZecqG2dPP9mGd
p1wiSN7gUyeKWeLXjQPiCmRVIoHpabTE0ViEp4UNFtLA7tcQckZz6phhhXeotkDU
STah4G/IbOwTbuVL2NTnvgNWA9RsZ50wxMV4aMxg6Yj3Wm8x/yZjpY3SMM+hvPs/
0C+jutkD7Pu4twJGmM13QLpnRlXp4xa/qXotSe4ZxjLEBLEDen7Fvfi2rH/PSs6v
RK4Uy8dp/nyj52NJtDzmizNgkvfPvsiUx/I70gNrcSvT9uDpsrriK1ZeW7HXI5JT
1JDpZJ6H1udKdHuoeEYcJBlb4DIhks9ptMJNYi+1ueUM1syHRaJMKaBtUGBOe8gh
N6ASGxMQbqxczAch7Qviget8yODcyx+MfjhvHhyrkZPQ7LTOXn7rf8/gbPmAKQRM
5OWraf+zGLpUCc3vvW+3ZB8z7wiEkzorgatgmJwIrFxVBkS75UySy6Yvj0CSLYBD
pJcoGBcOjlSU
-----END CERTIFICATE-----

BIN
certs/rsapss/client-rsapss-key.der Normal file
View File

Binary file not shown.

10
certs/rsapss/client-rsapss-key.pem Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN PUBLIC KEY-----
MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
CDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEAxoe+YIdDfcSs5Po8Eh3H
z+pcxJNy4g03RzM94KXsVxa9gCpa+aG37m1GfDpOJOMXYlo4lwsDE6V6XhGhUPsb
bRYTVrt3CnuYzIUR0pMx7XQBOD03ATbWUsAn+1P7rv1WvAKAkYHM7VFGFnsdjvMG
SIMoEUu4p3voko6T9I0d+sx8KFE9IZiQP4Aqudwih/CNuae7zKTdJa1liCjxHE/c
BPJaD1K2NYRSGNe/3uPc9vA8ydvNsUgRS658HlmstYzuLoMP9Sk0OXTLmvqm02PV
aXrc8g1DRgMQp7CczRWzNl5DXgVMA2KZKdBXBedU37DlcTk38RNmcBLzh5gJjx/h
5wIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/client-rsapss-priv.der Normal file
View File

Binary file not shown.

29
certs/rsapss/client-rsapss-priv.pem Normal file
View File

@@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIE7AIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKYwggSiAgEAAoIBAQDGh75gh0N9xKzk
+jwSHcfP6lzEk3LiDTdHMz3gpexXFr2AKlr5obfubUZ8Ok4k4xdiWjiXCwMTpXpe
EaFQ+xttFhNWu3cKe5jMhRHSkzHtdAE4PTcBNtZSwCf7U/uu/Va8AoCRgcztUUYW
ex2O8wZIgygRS7ine+iSjpP0jR36zHwoUT0hmJA/gCq53CKH8I25p7vMpN0lrWWI
KPEcT9wE8loPUrY1hFIY17/e49z28DzJ282xSBFLrnweWay1jO4ugw/1KTQ5dMua
+qbTY9VpetzyDUNGAxCnsJzNFbM2XkNeBUwDYpkp0FcF51TfsOVxOTfxE2ZwEvOH
mAmPH+HnAgMBAAECggEAdyBq5wcjQ2tph3hz5TcDd8ocYkRL0kK14b5oqc1GNLfL
fAVuU45rjOD7Q33E+DNgC78xZ8jOztIjzCBuGOakfV+auReCBcNGW6qZmC6E7gQG
21U4FT1ve3YcR54MTuNrUSN7PFSTv+9dzA2SHf3LzmUM/Nvf8HfUhWSSeVLYI23T
mwhU6VdQCRTk1zFuRNFI1ouekPZ2pLql3a/fWe4v4sxq7yWimUsw6DT5676Dy35g
gzgoXA25POglVNPeN79eHhJW0VlEcsRVwp6nBiPftXDWSZ9FEyu4WySB9hHKeWUR
A0WR05K4txv8VqtDjsUUd+9tSjaFQYdk7Z6v96e1+QKBgQDkY+Q2izXhbS844rny
cQVBBafr7ZuM1NGpZQDYpjgMQAfGiINfe/ecEFpd/fDmyo2lOdvZvOGaqul7Y+YN
Iu2YBREh+MRV2b0V285WV5B75LrjiVBAYmwUXvP/QAzO8r0cVpxxdJXroIDAxM90
WKixwflIZD65Trf082yUiX6EIwKBgQDeh8LOctcYnfvjL6Vxag80JijbHCaT/bTB
rM8msxs6/+ZuZbDKKHJF8062XYt6O3Kjh72vdOXQUrvB3o3TQB6FPQERqx/b6Axi
/mnktuPhEjmZgMM3lwWwSfsl/mLLs4fGPqepAP3nTKXC7wNbRUJDAI1Pdk7S+m9w
XUtQATZVbQKBgBRIOrANVM+cHqFyoQjCuLC5i9wL0dCD5cqhSZ3zxO5xkT80SFZm
b+rQGPZX4tjcDBAsPzXq7C4MF4f5qyhnfaoOaSMXMHhfScdzKbPJOu+FtIMYYqQV
GXwFoq18RqbqL5kgp+v7aoTuUADOeY3fgbunejfPjzJtpzB9nZrjSvT5AoGASZSO
X4EtimBCt547kELHgDDV9Y1bXDfZmuivHla+vEV9Riety0qQbnzDHB3WTrZ1c4kg
uXFnw/h3SOVz89QRw3Cmd9cjk60o21rQXOX0d6l1DkK7ShhPszjjKG7y7/QPAwgY
nBNN4TtA3DH35CgEfu8hypKOAcj5LChNDMk51AkCgYB1A9rfqXpqlFlwKxpD9kFr
Ym+UoSypwHrGR6MUjO5L6uvOkeBlVbUNMvDgenaPE0h+CFGi+7xqzUvLRZZ3aHVz
5CVbWm4VeCRHxK557adbT8lGiCzvC1PZYAANcmWLvRl53wKpUcYMpiIb3vCMjOCe
n/r41ciXkbYBfmdP7xNOeg==
-----END PRIVATE KEY-----

BIN
certs/rsapss/client-rsapss.der Normal file
View File

Binary file not shown.

112
certs/rsapss/client-rsapss.pem Normal file
View File

@@ -0,0 +1,112 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:58:ff:58:a9:ca:95:0e:04:64:0e:37:3b:f7:89:09:51:31:03:ac
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Client-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:c6:87:be:60:87:43:7d:c4:ac:e4:fa:3c:12:1d:
c7:cf:ea:5c:c4:93:72:e2:0d:37:47:33:3d:e0:a5:
ec:57:16:bd:80:2a:5a:f9:a1:b7:ee:6d:46:7c:3a:
4e:24:e3:17:62:5a:38:97:0b:03:13:a5:7a:5e:11:
a1:50:fb:1b:6d:16:13:56:bb:77:0a:7b:98:cc:85:
11:d2:93:31:ed:74:01:38:3d:37:01:36:d6:52:c0:
27:fb:53:fb:ae:fd:56:bc:02:80:91:81:cc:ed:51:
46:16:7b:1d:8e:f3:06:48:83:28:11:4b:b8:a7:7b:
e8:92:8e:93:f4:8d:1d:fa:cc:7c:28:51:3d:21:98:
90:3f:80:2a:b9:dc:22:87:f0:8d:b9:a7:bb:cc:a4:
dd:25:ad:65:88:28:f1:1c:4f:dc:04:f2:5a:0f:52:
b6:35:84:52:18:d7:bf:de:e3:dc:f6:f0:3c:c9:db:
cd:b1:48:11:4b:ae:7c:1e:59:ac:b5:8c:ee:2e:83:
0f:f5:29:34:39:74:cb:9a:fa:a6:d3:63:d5:69:7a:
dc:f2:0d:43:46:03:10:a7:b0:9c:cd:15:b3:36:5e:
43:5e:05:4c:03:62:99:29:d0:57:05:e7:54:df:b0:
e5:71:39:37:f1:13:66:70:12:f3:87:98:09:8f:1f:
e1:e7
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:71:87:88:D0:3E:C7:EE:08:4D:80:F2:C9:FC:CF:3D:76:E6:A5:62
X509v3 Authority Key Identifier:
keyid:59:71:87:88:D0:3E:C7:EE:08:4D:80:F2:C9:FC:CF:3D:76:E6:A5:62
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_RSAPSS/OU=Client-RSAPSS/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL
serial:37:58:FF:58:A9:CA:95:0E:04:64:0E:37:3B:F7:89:09:51:31:03:AC
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
DNS:example.com, IP Address:127.0.0.1
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
ae:d5:d0:0a:ba:a4:12:f1:95:99:15:c5:c6:a4:51:46:64:cb:
ed:15:94:0a:89:5e:d0:7f:e2:cb:64:a6:d2:48:e4:52:b2:5a:
c4:ab:d8:e5:2b:e3:72:f5:1d:de:f9:28:a6:e7:7c:29:0b:e3:
e6:0f:f8:2a:d2:e0:25:c6:c7:54:cb:a5:26:2d:20:c4:01:e5:
fe:9d:c6:4e:f8:ba:7a:84:e3:7c:b3:38:b0:d4:2e:47:57:a4:
2b:5e:29:a9:73:11:93:46:2a:bf:24:11:2f:6d:ff:06:28:1f:
05:c0:f2:4a:f0:81:29:22:d4:a4:0c:30:b4:cb:f6:51:72:76:
4a:cf:67:b0:fb:91:1b:d1:92:fc:ad:2e:6f:f0:49:21:31:05:
2d:ad:30:ba:fd:0b:6e:05:42:b9:a2:b8:34:3e:de:a7:a9:14:
f3:78:14:69:c6:67:ae:4d:b9:6e:72:4c:2e:95:19:03:22:8e:
14:bc:51:2a:18:ed:cf:f6:0b:50:25:a5:e2:e0:2e:a6:93:76:
68:8c:9e:1a:ee:bb:24:0a:93:4f:bf:73:2d:48:e8:43:bd:08:
a1:e2:6d:1d:00:a6:b1:78:43:36:57:8b:28:11:37:71:bb:a3:
f7:a6:93:29:85:28:93:ef:d8:a0:4f:2a:b7:15:09:a4:21:49:
b6:b8:c9:a0
-----BEGIN CERTIFICATE-----
MIIF9TCCBK2gAwIBAgIUN1j/WKnKlQ4EZA43O/eJCVExA6wwPQYJKoZIhvcNAQEK
MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
ASAwgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNQ2xpZW50
LVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0y
MjA3MjUwMjI3NTVaFw0yNTA0MjAwMjI3NTVaMIG2MQswCQYDVQQGEwJVUzEQMA4G
A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEXMBUGA1UECgwOd29sZlNT
TF9SU0FQU1MxFjAUBgNVBAsMDUNsaWVudC1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
AoIBAQDGh75gh0N9xKzk+jwSHcfP6lzEk3LiDTdHMz3gpexXFr2AKlr5obfubUZ8
Ok4k4xdiWjiXCwMTpXpeEaFQ+xttFhNWu3cKe5jMhRHSkzHtdAE4PTcBNtZSwCf7
U/uu/Va8AoCRgcztUUYWex2O8wZIgygRS7ine+iSjpP0jR36zHwoUT0hmJA/gCq5
3CKH8I25p7vMpN0lrWWIKPEcT9wE8loPUrY1hFIY17/e49z28DzJ282xSBFLrnwe
Way1jO4ugw/1KTQ5dMua+qbTY9VpetzyDUNGAxCnsJzNFbM2XkNeBUwDYpkp0FcF
51TfsOVxOTfxE2ZwEvOHmAmPH+HnAgMBAAGjggFnMIIBYzAdBgNVHQ4EFgQUWXGH
iNA+x+4ITYDyyfzPPXbmpWIwgfYGA1UdIwSB7jCB64AUWXGHiNA+x+4ITYDyyfzP
PXbmpWKhgbykgbkwgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
DgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UE
CwwNQ2xpZW50LVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJ
KoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29s
ZlNTTIIUN1j/WKnKlQ4EZA43O/eJCVExA6wwDAYDVR0TBAUwAwEB/zAcBgNVHREE
FTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0B
AQgwCwYJYIZIAWUDBAIBogMCASADggEBAK7V0Aq6pBLxlZkVxcakUUZky+0VlAqJ
XtB/4stkptJI5FKyWsSr2OUr43L1Hd75KKbnfCkL4+YP+CrS4CXGx1TLpSYtIMQB
5f6dxk74unqE43yzOLDULkdXpCteKalzEZNGKr8kES9t/wYoHwXA8krwgSki1KQM
MLTL9lFydkrPZ7D7kRvRkvytLm/wSSExBS2tMLr9C24FQrmiuDQ+3qepFPN4FGnG
Z65NuW5yTC6VGQMijhS8USoY7c/2C1AlpeLgLqaTdmiMnhruuyQKk0+/cy1I6EO9
CKHibR0AprF4QzZXiygRN3G7o/emkymFKJPv2KBPKrcVCaQhSba4yaA=
-----END CERTIFICATE-----

29
certs/rsapss/gen-rsapss-keys.sh Executable file
View File

@@ -0,0 +1,29 @@
#!/bin/sh
for key in root ca server client
do
openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 > ${key}-rsapss-priv.pem
openssl pkey -in ${key}-rsapss-priv.pem -outform DER -out ${key}-rsapss-priv.der
openssl pkey -in ${key}-rsapss-priv.pem -outform PEM -pubout -out ${key}-rsapss-key.pem
openssl pkey -in ${key}-rsapss-priv.pem -outform DER -pubout -out ${key}-rsapss-key.der
done
for key in root-3072 ca-3072 server-3072 client-3072
do
openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:3072 > ${key}-rsapss-priv.pem
openssl pkey -in ${key}-rsapss-priv.pem -outform DER -out ${key}-rsapss-priv.der
openssl pkey -in ${key}-rsapss-priv.pem -outform PEM -pubout -out ${key}-rsapss-key.pem
openssl pkey -in ${key}-rsapss-priv.pem -outform DER -pubout -out ${key}-rsapss-key.der
done

59
certs/rsapss/include.am Normal file
View File

@@ -0,0 +1,59 @@
# vim:ft=automake
# All paths should be given relative to the root
#
EXTRA_DIST += \
certs/rsapss/ca-rsapss.der \
certs/rsapss/ca-rsapss.pem \
certs/rsapss/ca-rsapss-key.der \
certs/rsapss/ca-rsapss-key.pem \
certs/rsapss/ca-rsapss-priv.der \
certs/rsapss/ca-rsapss-priv.pem \
certs/rsapss/client-rsapss.der \
certs/rsapss/client-rsapss.pem \
certs/rsapss/client-rsapss-key.der \
certs/rsapss/client-rsapss-key.pem \
certs/rsapss/client-rsapss-priv.der \
certs/rsapss/client-rsapss-priv.pem \
certs/rsapss/root-rsapss.der \
certs/rsapss/root-rsapss.pem \
certs/rsapss/root-rsapss-key.der \
certs/rsapss/root-rsapss-key.pem \
certs/rsapss/root-rsapss-priv.der \
certs/rsapss/root-rsapss-priv.pem \
certs/rsapss/server-rsapss.der \
certs/rsapss/server-rsapss.pem \
certs/rsapss/server-rsapss-cert.pem \
certs/rsapss/server-rsapss-key.der \
certs/rsapss/server-rsapss-key.pem \
certs/rsapss/server-rsapss-priv.der \
certs/rsapss/server-rsapss-priv.pem \
certs/rsapss/ca-3072-rsapss.der \
certs/rsapss/ca-3072-rsapss.pem \
certs/rsapss/ca-3072-rsapss-key.der \
certs/rsapss/ca-3072-rsapss-key.pem \
certs/rsapss/ca-3072-rsapss-priv.der \
certs/rsapss/ca-3072-rsapss-priv.pem \
certs/rsapss/client-3072-rsapss.der \
certs/rsapss/client-3072-rsapss.pem \
certs/rsapss/client-3072-rsapss-key.der \
certs/rsapss/client-3072-rsapss-key.pem \
certs/rsapss/client-3072-rsapss-priv.der \
certs/rsapss/client-3072-rsapss-priv.pem \
certs/rsapss/root-3072-rsapss.der \
certs/rsapss/root-3072-rsapss.pem \
certs/rsapss/root-3072-rsapss-key.der \
certs/rsapss/root-3072-rsapss-key.pem \
certs/rsapss/root-3072-rsapss-priv.der \
certs/rsapss/root-3072-rsapss-priv.pem \
certs/rsapss/server-3072-rsapss.der \
certs/rsapss/server-3072-rsapss.pem \
certs/rsapss/server-3072-rsapss-cert.pem \
certs/rsapss/server-3072-rsapss-key.der \
certs/rsapss/server-3072-rsapss-key.pem \
certs/rsapss/server-3072-rsapss-priv.der \
certs/rsapss/server-3072-rsapss-priv.pem
EXTRA_DIST += \
certs/rsapss/renew-rsapss-certs.sh \
certs/rsapss/gen-rsapss-keys.sh

191
certs/rsapss/renew-rsapss-certs.sh Executable file
View File

@@ -0,0 +1,191 @@
#!/bin/bash
check_result(){
if [ $1 -ne 0 ]; then
echo "Failed at \"$2\", Abort"
exit 1
else
echo "Step Succeeded!"
fi
}
############################################################
####### update the self-signed root-rsapss.pem #############
############################################################
echo "Updating root-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSA-PSS\\nRoot-RSA-PSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \
openssl req -new -key root-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out root-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in root-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-rsapss-priv.pem -out root-rsapss.pem
check_result $? "Generate certificate"
rm root-rsapss.csr
openssl x509 -in root-rsapss.pem -outform DER > root-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in root-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem root-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
####### update ca-rsapss.pem signed by root ################
############################################################
echo "Updating ca-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nCA-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key ca-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out ca-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in ca-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-rsapss.pem -CAkey root-rsapss-priv.pem -set_serial 01 -out ca-rsapss.pem
check_result $? "Generate certificate"
rm ca-rsapss.csr
openssl x509 -in ca-rsapss.pem -outform DER > ca-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in ca-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem ca-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
####### update server-rsapss.pem signed by ca ##############
############################################################
echo "Updating server-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nServer-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key server-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out server-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in server-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-rsapss.pem -CAkey ca-rsapss-priv.pem -set_serial 01 -out server-rsapss-cert.pem
check_result $? "Generate certificate"
rm server-rsapss.csr
openssl x509 -in server-rsapss-cert.pem -outform DER > server-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in server-rsapss-cert.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem server-rsapss-cert.pem
cat server-rsapss-cert.pem ca-rsapss.pem > server-rsapss.pem
check_result $? "Add CA into server cert"
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
####### update the self-signed client-rsapss.pem ###########
############################################################
echo "Updating client-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nClient-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key client-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out client-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in client-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-rsapss-priv.pem -out client-rsapss.pem
check_result $? "Generate certificate"
rm client-rsapss.csr
openssl x509 -in client-rsapss.pem -outform DER > client-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in client-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem client-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
################################################################################
# 3072-bit keys. RSA-PSS with SHA-384
################################################################################
############################################################
###### update the self-signed root-3072-rsapss.pem #########
############################################################
echo "Updating root-3072-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSA-PSS\\nRoot-RSA-PSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \
openssl req -new -key root-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out root-3072-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in root-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-3072-rsapss-priv.pem -sha384 -out root-3072-rsapss.pem
check_result $? "Generate certificate"
rm root-3072-rsapss.csr
openssl x509 -in root-3072-rsapss.pem -outform DER > root-3072-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in root-3072-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem root-3072-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update ca-3072-rsapss.pem signed by root ############
############################################################
echo "Updating ca-3072-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nCA-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key ca-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out ca-3072-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in ca-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-3072-rsapss.pem -CAkey root-3072-rsapss-priv.pem -sha384 -set_serial 01 -out ca-3072-rsapss.pem
check_result $? "Generate certificate"
rm ca-3072-rsapss.csr
openssl x509 -in ca-3072-rsapss.pem -outform DER > ca-3072-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in ca-3072-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem ca-3072-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update server-3072-rsapss.pem signed by ca ##########
############################################################
echo "Updating server-3072-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nServer-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key server-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out server-3072-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in server-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-3072-rsapss.pem -CAkey ca-3072-rsapss-priv.pem -sha384 -set_serial 01 -out server-3072-rsapss-cert.pem
check_result $? "Generate certificate"
rm server-3072-rsapss.csr
openssl x509 -in server-3072-rsapss-cert.pem -outform DER > server-3072-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in server-3072-rsapss-cert.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem server-3072-rsapss-cert.pem
cat server-3072-rsapss-cert.pem ca-3072-rsapss.pem > server-3072-rsapss.pem
check_result $? "Add CA into server cert"
echo "End of section"
echo "---------------------------------------------------------------------"
############################################################
###### update the self-signed client-3072-rsapss.pem #######
############################################################
echo "Updating client-3072-rsapss.pem"
echo ""
#pipe the following arguments to openssl req...
echo -e "US\\nMontana\\nBozeman\\nwolfSSL_RSAPSS\\nClient-RSAPSS\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key client-3072-rsapss-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out client-3072-rsapss.csr
check_result $? "Generate request"
openssl x509 -req -in client-3072-rsapss.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-3072-rsapss-priv.pem -sha384 -out client-3072-rsapss.pem
check_result $? "Generate certificate"
rm client-3072-rsapss.csr
openssl x509 -in client-3072-rsapss.pem -outform DER > client-3072-rsapss.der
check_result $? "Convert to DER"
openssl x509 -in client-3072-rsapss.pem -text > tmp.pem
check_result $? "Add text"
mv tmp.pem client-3072-rsapss.pem
echo "End of section"
echo "---------------------------------------------------------------------"

BIN
certs/rsapss/root-3072-rsapss-key.der Normal file
View File

Binary file not shown.

11
certs/rsapss/root-3072-rsapss-key.pem Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGBAK3N7U+UJ/pXKJC85TW2ljYY
JUXh3qqHmIhhK5cq5E72BjYcOLVdrplZmXABEvkCSXuuwap4QSab9jEJrwpr6/KM
OS/5/uA4pi8A7kBulIy+P8E+azqukebWbDQaVIi2OLj4yVi0jpkMqzduoVAl8eTi
dniclRJ+NX90ZR15t4FEeKNT8/QcF4AVt8H3obMLaVrnEmtJHwqEiHAZcxa+HM20
4Oe/BGG62kTrUkF6RriOAoPBdQVg0GwOdX1Snvk4F96ozFzd5gKL9TBDHFqYj8PB
2V/mb27xdNbei1+LzjWK9FiKDmval82KarF/g058rrZ4jlHoSTTRaOPQv1uzF1rg
15QgEiZ7nRn6HhZlZeFUu/lPnmPa3BDcsJsJJNULl4PrLLMeFVA4kwZajBESYyEx
kcN8v1TtLC+892OkODZc87txPQ0V9lq8TO54UDFhQL9FKNK1L8EIr77WAwDPGWnj
oLCS7CZCXgKl0S3PuGPfzrMibBrTXYkVmsR3mM2VfwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/root-3072-rsapss-priv.der Normal file
View File

Binary file not shown.

40
certs/rsapss/root-3072-rsapss-priv.pem Normal file
View File

@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/AIBADALBgkqhkiG9w0BAQoEggboMIIG5AIBAAKCAYEArc3tT5Qn+lcokLzl
NbaWNhglReHeqoeYiGErlyrkTvYGNhw4tV2umVmZcAES+QJJe67BqnhBJpv2MQmv
Cmvr8ow5L/n+4DimLwDuQG6UjL4/wT5rOq6R5tZsNBpUiLY4uPjJWLSOmQyrN26h
UCXx5OJ2eJyVEn41f3RlHXm3gUR4o1Pz9BwXgBW3wfehswtpWucSa0kfCoSIcBlz
Fr4czbTg578EYbraROtSQXpGuI4Cg8F1BWDQbA51fVKe+TgX3qjMXN3mAov1MEMc
WpiPw8HZX+ZvbvF01t6LX4vONYr0WIoOa9qXzYpqsX+DTnyutniOUehJNNFo49C/
W7MXWuDXlCASJnudGfoeFmVl4VS7+U+eY9rcENywmwkk1QuXg+sssx4VUDiTBlqM
ERJjITGRw3y/VO0sL7z3Y6Q4Nlzzu3E9DRX2WrxM7nhQMWFAv0Uo0rUvwQivvtYD
AM8ZaeOgsJLsJkJeAqXRLc+4Y9/OsyJsGtNdiRWaxHeYzZV/AgMBAAECggGAKjTm
2ztkVfPSgwuMMfYMFkjYzFakhw70qLHILyaYWOB/86X403pTiyPqEfwAyn2WsLVo
jGg1khWvvIrYehRpMPaCcLcqAPNgz+tO8FCqPF97BgeNbKu1/LO3hROb0bNGpQyt
gKAgPOSJs6VnARql2mpwUKvdu6bwgOoYIAdN29Nv5GHfzTkBL/aWMEFdgChWRl/0
5h7Ure4vX+GeRDiYsA+ryjtl6gHBPZlT2VjDUdASpkJVk5/GHWeJeoyU1HqdUty2
V4vekiql4+XzasHQkISkn4RkaD0mzK1KXng3cbwolQfT6C2batYIMTpGjsHNmGgG
NgNEGiHy0ZbgoQ3Ao4LpJ4G8fFK9n9dfQ9itroBRAgJeLIrQGcXEcBriM8jPU8HZ
jFqU9XTvoeefllj1cvXtoDL9CWmSyuuAexKZa55ip+cFfY4B5ZBdtjFdafSdn4UK
FYQr+E7SJ5HjsWTrQPTxBUQF15M0IOt3a0w1ULD44UC5hRqnuc3a17DrVeUhAoHB
ANXFtXSBdv4Qiow8o/HY4H6hP7sGj82HzyEKM7ZmbMagnX5QCYy+uwr5BVfQ1XHx
aznUo5/xsv5H0uYmXqnXVh2Xk4dvQAKzJYrMVXLbRgGCC7IijI2ufi1fITf4b1NJ
NKgyPdzQDogIAWQalwvIl9ZC0NcY+VhQ3geG6sQnYs5137jBepqYxw1gvW63716h
SrC2EjZMsBWoF++g5wJ26OLTFrXITvLdALEjF4/N7eYhs3siYSfddHM8nIhuqvxN
TwKBwQDQIxL6iMNmtmKKe+/2AetcJG0d7vJkYB/E+wLYkpYMsBrVptqt5SmHXcLZ
099GhnbooMlI+1y/15Gnve8h74t+YAxWxBdi/snX1j63+A9iQo4CwjHplrKFWCyT
ejFGEOXAqe+38w7njtxBu6V2ZHNzitZhHKwAlwamOEdbmxD7nlXX+AJUUh3jdn/O
hU17vj8t3d17ip/M6znhUagkO2LcaS+wTIz1/z4kju2wix5k/6EYKEaxdTKKTAaf
UXEYCNECgcEAh9wONYwuRsvWccf8XbD7BB+Q9Fj4PaRpZFMqiGrSCO59CZDucM+q
6g9XcPcdIDxRbECS+QzQOEEHbRPHp+NeLJJvxWxT3yNh4bN5PvTSqhSvQDgq4cSb
FlTWNM8kWWc2GwtLO7HS+ms0Dx3DD08eCKMQPRP3LETAx0HcpGtvpU1OsQnt1KDy
KLNp0Rr++0JAyMv+CRp18l2RUM8O4gcWfUmwrjkuy7TfQrTNvawf3NlgSwqPepmI
78/+n8rNymmLAoHAa8heAaNlHQGB0hkQUKL50MOERiYBG/2zNfyOorx2O6fOnalE
QR0U/maNiuPvEcR8O0dYNRUGGMp3QRhYh4hXAmCWwy/UtI0g1Ua7P+WTgdzZUZBi
7IX/eJIKs2xpq9EASV83JlkV9M/EO74Cl2a5arIRBkUkxUFwTg+C1Gtexg5egfKK
skO7+pjY4oehcl04tnXYRiupSSLe3FG+8tRWA7Hs4i0iKhm9go0JhYzldoPyVmI1
CZyZSYjJPSOdn0ahAoHBAKbA137srUs34GZvoLkLHsUAEsi9CICVcp5q3MQHvbDH
UfuKAnnpUk1Ly2PAM+zfYfMrC21AMpE2esg6VsqTuhFS/Y8cDYPic4WqtjCtszBn
yiGEFddY3j6dNAEM8Mm6WxsoY2PI6aAAbn8sVyFom4+cbpPeTifw5bFBtyeLsTlz
M5QFpZUvnbW9i8Pif7gea/nF/J/z3iX8XUskZwXpDsucktpGG2bchKN7XKHx1YzH
J4ULnO3PUfR4GVbrSVWl4g==
-----END PRIVATE KEY-----

BIN
certs/rsapss/root-3072-rsapss.der Normal file
View File

Binary file not shown.

117
certs/rsapss/root-3072-rsapss.pem Normal file
View File

@@ -0,0 +1,117 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:c6:f6:76:c9:a4:72:95:4c:7e:9a:0c:80:5c:6d:8f:64:f2:19:a5
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:ad:cd:ed:4f:94:27:fa:57:28:90:bc:e5:35:b6:
96:36:18:25:45:e1:de:aa:87:98:88:61:2b:97:2a:
e4:4e:f6:06:36:1c:38:b5:5d:ae:99:59:99:70:01:
12:f9:02:49:7b:ae:c1:aa:78:41:26:9b:f6:31:09:
af:0a:6b:eb:f2:8c:39:2f:f9:fe:e0:38:a6:2f:00:
ee:40:6e:94:8c:be:3f:c1:3e:6b:3a:ae:91:e6:d6:
6c:34:1a:54:88:b6:38:b8:f8:c9:58:b4:8e:99:0c:
ab:37:6e:a1:50:25:f1:e4:e2:76:78:9c:95:12:7e:
35:7f:74:65:1d:79:b7:81:44:78:a3:53:f3:f4:1c:
17:80:15:b7:c1:f7:a1:b3:0b:69:5a:e7:12:6b:49:
1f:0a:84:88:70:19:73:16:be:1c:cd:b4:e0:e7:bf:
04:61:ba:da:44:eb:52:41:7a:46:b8:8e:02:83:c1:
75:05:60:d0:6c:0e:75:7d:52:9e:f9:38:17:de:a8:
cc:5c:dd:e6:02:8b:f5:30:43:1c:5a:98:8f:c3:c1:
d9:5f:e6:6f:6e:f1:74:d6:de:8b:5f:8b:ce:35:8a:
f4:58:8a:0e:6b:da:97:cd:8a:6a:b1:7f:83:4e:7c:
ae:b6:78:8e:51:e8:49:34:d1:68:e3:d0:bf:5b:b3:
17:5a:e0:d7:94:20:12:26:7b:9d:19:fa:1e:16:65:
65:e1:54:bb:f9:4f:9e:63:da:dc:10:dc:b0:9b:09:
24:d5:0b:97:83:eb:2c:b3:1e:15:50:38:93:06:5a:
8c:11:12:63:21:31:91:c3:7c:bf:54:ed:2c:2f:bc:
f7:63:a4:38:36:5c:f3:bb:71:3d:0d:15:f6:5a:bc:
4c:ee:78:50:31:61:40:bf:45:28:d2:b5:2f:c1:08:
af:be:d6:03:00:cf:19:69:e3:a0:b0:92:ec:26:42:
5e:02:a5:d1:2d:cf:b8:63:df:ce:b3:22:6c:1a:d3:
5d:89:15:9a:c4:77:98:cd:95:7f
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
X509v3 Authority Key Identifier:
keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
66:1c:f4:d8:ae:83:99:36:d5:9b:57:84:24:3f:ff:bc:de:1a:
4c:ba:f2:8b:51:45:37:6f:42:81:18:1c:da:4c:c1:7f:a5:6c:
6e:45:02:2a:2e:e0:39:5b:47:9b:d9:e8:75:32:44:02:4b:ac:
65:74:25:e8:b5:9c:f2:33:90:73:e9:59:4f:20:82:dd:20:1e:
0f:30:bb:77:b2:4c:c1:67:d1:2d:3e:4f:96:e9:31:3d:f3:0c:
3a:9b:ee:b1:40:34:e3:a1:af:01:ea:91:d8:ba:58:71:32:23:
6f:a4:38:6a:f9:00:9a:a9:5a:06:b4:f8:6e:25:55:9d:e2:c0:
54:e8:88:32:68:1b:64:f6:d1:23:f1:46:01:2d:5e:68:bc:5f:
86:fb:84:d5:35:67:0a:65:4e:4f:e5:fb:d3:1b:ad:46:6a:6a:
43:d2:e8:3d:13:74:64:f7:54:37:41:14:2d:a3:f0:c6:57:ac:
25:f4:cd:00:ee:54:77:13:ce:59:13:55:1e:82:f2:68:ac:b7:
c4:90:ab:82:85:86:32:0c:03:9c:ed:ab:cd:81:ae:3e:d2:f9:
6c:41:cd:03:56:68:bd:48:e2:d0:c8:8b:b3:e5:f0:aa:28:f8:
36:2e:14:fb:5e:57:6a:26:60:a8:20:ca:f4:05:8e:41:cf:92:
43:5f:57:2f:c8:ea:de:cb:b0:00:dc:41:53:e1:10:27:b2:7f:
f8:f4:a5:7b:3f:df:f4:cf:53:e6:11:b4:ea:36:53:68:b6:0b:
96:5c:7d:d0:a1:77:1c:99:fa:68:c2:19:aa:89:40:cc:42:24:
33:e3:02:28:d0:04:b9:2f:6f:01:6b:55:95:6d:eb:93:3a:e4:
ed:e5:c8:36:68:df:61:07:d0:0d:77:19:8e:3d:9c:5f:6e:8a:
05:64:2e:27:78:7a:12:30:14:29:17:96:ae:6d:53:8c:98:35:
e9:a1:06:b5:e0:c8:2e:89:6e:7c:bf:b5:c8:3a:8f:07:d1:7e:
58:b8:c8:23:db:71
-----BEGIN CERTIFICATE-----
MIIFjTCCA8SgAwIBAgIUNMb2dsmkcpVMfpoMgFxtj2TyGaUwPgYJKoZIhvcNAQEK
MDGgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQC
AgFOMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290
LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMjA3MjUwMjI3NTVaFw0yNTA0MjAwMjI3
NTVaMIGdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjEYMBYGA1UECgwPd29sZlNTTF9SU0EtUFNTMRUwEwYDVQQLDAxSb290
LVJTQS1QU1MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTCCAaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIB
gQCtze1PlCf6VyiQvOU1tpY2GCVF4d6qh5iIYSuXKuRO9gY2HDi1Xa6ZWZlwARL5
Akl7rsGqeEEmm/YxCa8Ka+vyjDkv+f7gOKYvAO5AbpSMvj/BPms6rpHm1mw0GlSI
tji4+MlYtI6ZDKs3bqFQJfHk4nZ4nJUSfjV/dGUdebeBRHijU/P0HBeAFbfB96Gz
C2la5xJrSR8KhIhwGXMWvhzNtODnvwRhutpE61JBeka4jgKDwXUFYNBsDnV9Up75
OBfeqMxc3eYCi/UwQxxamI/Dwdlf5m9u8XTW3otfi841ivRYig5r2pfNimqxf4NO
fK62eI5R6Ek00Wjj0L9bsxda4NeUIBIme50Z+h4WZWXhVLv5T55j2twQ3LCbCSTV
C5eD6yyzHhVQOJMGWowREmMhMZHDfL9U7SwvvPdjpDg2XPO7cT0NFfZavEzueFAx
YUC/RSjStS/BCK++1gMAzxlp46CwkuwmQl4CpdEtz7hj386zImwa012JFZrEd5jN
lX8CAwEAAaNjMGEwHQYDVR0OBBYEFKpx07GKS7tHFUdfm9AradFvhV72MB8GA1Ud
IwQYMBaAFKpx07GKS7tHFUdfm9AradFvhV72MA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgGGMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZIAWUDBAICoRowGAYJ
KoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOCAYEAZhz02K6DmTbVm1eEJD//
vN4aTLryi1FFN29CgRgc2kzBf6VsbkUCKi7gOVtHm9nodTJEAkusZXQl6LWc8jOQ
c+lZTyCC3SAeDzC7d7JMwWfRLT5PlukxPfMMOpvusUA046GvAeqR2LpYcTIjb6Q4
avkAmqlaBrT4biVVneLAVOiIMmgbZPbRI/FGAS1eaLxfhvuE1TVnCmVOT+X70xut
RmpqQ9LoPRN0ZPdUN0EULaPwxlesJfTNAO5UdxPOWRNVHoLyaKy3xJCrgoWGMgwD
nO2rzYGuPtL5bEHNA1ZovUji0MiLs+Xwqij4Ni4U+15XaiZgqCDK9AWOQc+SQ19X
L8jq3suwANxBU+EQJ7J/+PSlez/f9M9T5hG06jZTaLYLllx90KF3HJn6aMIZqolA
zEIkM+MCKNAEuS9vAWtVlW3rkzrk7eXINmjfYQfQDXcZjj2cX26KBWQuJ3h6EjAU
KReWrm1TjJg16aEGteDILolufL+1yDqPB9F+WLjII9tx
-----END CERTIFICATE-----

BIN
certs/rsapss/root-rsapss-key.der Normal file
View File

Binary file not shown.

10
certs/rsapss/root-rsapss-key.pem Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN PUBLIC KEY-----
MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
CDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEAmQoBttFAewyuF37hXI37
a8yPBlF15vCXzi92+jG973myLuS1ER/LKa0X7jIpBJqaFUNM52e4DnjP6944a0I5
ZZAZ4FuUjujiGEvF0m7WePCJw9mw3BZ+aHK1ChvOsiSMoMf8xthyrLd4wwV613iq
fKusjK8K1+tLtSxA3b5aSk1tkwJp4gjll6lAbhg4be+OJ+NY+/Ob8Rn5kJpGjieW
aP92wzbjc+LrzQCXNelkzTsN4/IC+4Cq3VXhLRA/CGK+q9xIDIW1XvsSyZ7Au/EK
GGwV+edEShUJc0nYDJb33NACYsqRgfSyPLolqZiE0HUqsX+PnfjKluCClOOKs/bv
9QIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/root-rsapss-priv.der Normal file
View File

Binary file not shown.

29
certs/rsapss/root-rsapss-priv.pem Normal file
View File

@@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIE7gIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKgwggSkAgEAAoIBAQCZCgG20UB7DK4X
fuFcjftrzI8GUXXm8JfOL3b6Mb3vebIu5LURH8sprRfuMikEmpoVQ0znZ7gOeM/r
3jhrQjllkBngW5SO6OIYS8XSbtZ48InD2bDcFn5ocrUKG86yJIygx/zG2HKst3jD
BXrXeKp8q6yMrwrX60u1LEDdvlpKTW2TAmniCOWXqUBuGDht744n41j785vxGfmQ
mkaOJ5Zo/3bDNuNz4uvNAJc16WTNOw3j8gL7gKrdVeEtED8IYr6r3EgMhbVe+xLJ
nsC78QoYbBX550RKFQlzSdgMlvfc0AJiypGB9LI8uiWpmITQdSqxf4+d+MqW4IKU
44qz9u/1AgMBAAECggEAXtcKtOb8lMUI5lqlApyioO2F/R5ieJnFGevkSaylzlCW
keT+KPyRBOTWHbFMJiRBNMgeUpG+SImqILv4LtA9jak9wAJBEEdWRkQ+9efmVdCL
L6oqplnyQHxFoVwWPePUmpcVGY1tk4en+QPeWsXWsagaKJ0ZlTGmG0KveDvM7JoV
57qoqXw85VCA9yw4+1hyCoMFPZmWoqpU8MtAH65fzuBH/M0dAjzDwJRRsk+mpOxE
/XtKpFsHRXDlXf274U7ktAfHMxS6KthyuP2KJAvycs6BvvKyXW898X1K5ehChjmQ
gGGhm5mmeucdR7oMbw1snnrxZ9Vf+njBMCMQksJVSQKBgQDGFtOYGhHh+eSuUrdY
qlrXF2gxKD9uIwPMBt5uo4FcIVgVtqTE3nyISAkfVw7HbXLDYnICckkxqwZL2U1C
OQ9Syf4ZNNakZ/dwhTtmOQ1zcaEzt3higcBMxxXFeVPl7opxcA/d7N8r6+gPtpOx
bTQH6sN3GLB6v0qgjK4Y3UX1wwKBgQDFx5djSMjylnW6XIvmKH/eKebURGnJWtty
XMPkp+hNLodNgJGakpCe3L7GbiF+uWIxDg+De1oEfssb9Xu/wz507Y0T4mmVgyGn
EuF5cAd2o48p1Hn+G8adh6/ty2dsqBdCC2MCxMD/ZcZy5ELJHnynNUVuffQDcqDK
KZBe7hVP5wKBgQCch28ekwMsiTYeVjiRdNQhgVqQ9Zfh5QNcFtVvof5XmfWr+s6K
zrCjVCD5RebkyeTU5hbnPf3+pIFuMEFvof0s03bZ3jn6YjlSDcXZSh4J6nGSl1km
phcZ1HustuoIGI4Hg6DWIhZb86dFu2VL39oso2Nf2f+ij0ReR6xO85MT1wKBgQCQ
+HoJNoLE/nCRB+Er9ae0ivY9xV/dThHoxAJ7CnCGkoJu1rzjlmcXaysTfAplPzGw
T2QjtjkHboEmn0v0BgMz5iQw3RcTlqkGNBq9ztZJqh34RVyeXHG7aogUP7IxvQw/
RuVuVBY7nrhV4ubpUMWCMtQP55cDJ/Sf+tNuIgnRJQKBgBfKPaKXffSp+VAezB09
xPyhpg5mDZqnQCbN7UJTBDAzXLs7NkSRpAb7NT7iTrFq/uFY2QUdgfqIgmGdNmbq
xF/UtQBQBr+y5gu3EjU6p464rM+ui3xU5FlZ60bsDIfP/p2leiJYuGG2ds56CBV/
bD8DmfVsG0X3d4C/XMtveEgq
-----END PRIVATE KEY-----

BIN
certs/rsapss/root-rsapss.der Normal file
View File

Binary file not shown.

102
certs/rsapss/root-rsapss.pem Normal file
View File

@@ -0,0 +1,102 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:43:a2:a0:b6:01:0c:e3:6d:0d:e8:2d:8c:75:f8:1c:71:74:0d:72
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:99:0a:01:b6:d1:40:7b:0c:ae:17:7e:e1:5c:8d:
fb:6b:cc:8f:06:51:75:e6:f0:97:ce:2f:76:fa:31:
bd:ef:79:b2:2e:e4:b5:11:1f:cb:29:ad:17:ee:32:
29:04:9a:9a:15:43:4c:e7:67:b8:0e:78:cf:eb:de:
38:6b:42:39:65:90:19:e0:5b:94:8e:e8:e2:18:4b:
c5:d2:6e:d6:78:f0:89:c3:d9:b0:dc:16:7e:68:72:
b5:0a:1b:ce:b2:24:8c:a0:c7:fc:c6:d8:72:ac:b7:
78:c3:05:7a:d7:78:aa:7c:ab:ac:8c:af:0a:d7:eb:
4b:b5:2c:40:dd:be:5a:4a:4d:6d:93:02:69:e2:08:
e5:97:a9:40:6e:18:38:6d:ef:8e:27:e3:58:fb:f3:
9b:f1:19:f9:90:9a:46:8e:27:96:68:ff:76:c3:36:
e3:73:e2:eb:cd:00:97:35:e9:64:cd:3b:0d:e3:f2:
02:fb:80:aa:dd:55:e1:2d:10:3f:08:62:be:ab:dc:
48:0c:85:b5:5e:fb:12:c9:9e:c0:bb:f1:0a:18:6c:
15:f9:e7:44:4a:15:09:73:49:d8:0c:96:f7:dc:d0:
02:62:ca:91:81:f4:b2:3c:ba:25:a9:98:84:d0:75:
2a:b1:7f:8f:9d:f8:ca:96:e0:82:94:e3:8a:b3:f6:
ef:f5
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
X509v3 Authority Key Identifier:
keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
8c:4f:b2:a8:12:6c:80:56:78:44:ac:27:38:26:96:a3:e0:58:
34:81:48:5f:cd:34:28:bd:b7:f6:6e:95:b4:8d:9a:5a:5a:9e:
a5:40:e4:67:b8:53:db:00:ab:81:db:c8:de:77:0e:1b:a7:30:
74:b8:8f:4b:05:5d:12:5c:f5:7a:40:ed:ba:3a:58:05:99:7b:
72:a7:f1:c4:0a:4a:c4:fa:44:ef:5b:7e:8f:70:95:bc:3e:bb:
ab:e5:4a:db:7a:d0:a9:82:2d:0c:c8:a0:64:0a:9a:d9:8c:23:
d9:a5:3a:ea:80:ae:47:c0:31:7a:21:3c:4b:5d:9e:22:e1:34:
c8:bb:0c:d5:77:65:6b:c0:76:77:67:41:56:23:33:e2:a6:e9:
5f:8d:9d:af:73:92:e0:4e:2d:3f:c6:3a:ab:99:67:c5:5a:3e:
a2:50:bb:ca:26:5f:6d:be:f9:71:1f:63:6e:d8:41:ca:96:bc:
3d:1c:67:00:a1:78:d4:fe:a6:43:64:cf:20:ca:7b:ee:fa:65:
72:39:ff:9a:8b:99:9c:9c:2d:4e:1d:b0:dc:07:8a:f2:12:81:
78:d9:d4:55:aa:c5:d1:fb:73:36:71:01:4e:d6:e9:ea:e0:01:
5c:95:ee:aa:16:cd:1a:d3:00:31:6f:48:7d:b7:52:7c:53:40:
fd:c5:58:a1
-----BEGIN CERTIFICATE-----
MIIEvTCCA3WgAwIBAgIUNEOioLYBDONtDegtjHX4HHF0DXIwPQYJKoZIhvcNAQEK
MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC
ASAwgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3Qt
UlNBLVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
FhBpbmZvQHdvbGZzc2wuY29tMB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAyMjc1
NVowgZ0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMRgwFgYDVQQKDA93b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3Qt
UlNBLVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
FhBpbmZvQHdvbGZzc2wuY29tMIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFl
AwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKC
AQEAmQoBttFAewyuF37hXI37a8yPBlF15vCXzi92+jG973myLuS1ER/LKa0X7jIp
BJqaFUNM52e4DnjP6944a0I5ZZAZ4FuUjujiGEvF0m7WePCJw9mw3BZ+aHK1ChvO
siSMoMf8xthyrLd4wwV613iqfKusjK8K1+tLtSxA3b5aSk1tkwJp4gjll6lAbhg4
be+OJ+NY+/Ob8Rn5kJpGjieWaP92wzbjc+LrzQCXNelkzTsN4/IC+4Cq3VXhLRA/
CGK+q9xIDIW1XvsSyZ7Au/EKGGwV+edEShUJc0nYDJb33NACYsqRgfSyPLolqZiE
0HUqsX+PnfjKluCClOOKs/bv9QIDAQABo2MwYTAdBgNVHQ4EFgQUZNXsgoeA3lrt
SZjYDFR9Rp6lPNYwHwYDVR0jBBgwFoAUZNXsgoeA3lrtSZjYDFR9Rp6lPNYwDwYD
VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwPQYJKoZIhvcNAQEKMDCgDTAL
BglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEB
AIxPsqgSbIBWeESsJzgmlqPgWDSBSF/NNCi9t/ZulbSNmlpanqVA5Ge4U9sAq4Hb
yN53DhunMHS4j0sFXRJc9XpA7bo6WAWZe3Kn8cQKSsT6RO9bfo9wlbw+u6vlStt6
0KmCLQzIoGQKmtmMI9mlOuqArkfAMXohPEtdniLhNMi7DNV3ZWvAdndnQVYjM+Km
6V+Nna9zkuBOLT/GOquZZ8VaPqJQu8omX22++XEfY27YQcqWvD0cZwCheNT+pkNk
zyDKe+76ZXI5/5qLmZycLU4dsNwHivISgXjZ1FWqxdH7czZxAU7W6ergAVyV7qoW
zRrTADFvSH23UnxTQP3FWKE=
-----END CERTIFICATE-----

122
certs/rsapss/server-3072-rsapss-cert.pem Normal file
View File

@@ -0,0 +1,122 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:be:84:78:d3:6b:7d:b2:ae:51:88:68:6a:33:f1:
f9:c5:1a:6f:97:71:94:22:f4:c2:f0:49:88:2b:a4:
4d:15:6f:db:cc:d4:c6:6f:75:a6:e2:22:06:af:91:
26:4e:a0:2d:97:17:95:0b:40:1a:75:23:9b:b1:e0:
d7:5d:cc:0d:5f:09:9e:c9:b7:3d:f8:e5:62:bb:34:
75:99:0c:e6:da:7d:95:40:ee:5f:27:76:f9:ca:d6:
0d:1e:a7:06:9f:c5:75:57:96:44:b9:73:f4:de:aa:
a9:af:be:4b:98:f3:6c:c8:da:d9:a2:26:35:21:40:
e7:67:4b:e2:d9:c4:4f:b8:96:54:17:59:d8:ca:af:
b1:56:47:be:15:5b:05:d3:29:cc:ec:2b:99:fa:13:
1a:2a:d0:61:d1:41:c2:27:5d:d9:a7:f2:29:28:eb:
fb:e5:89:c5:01:83:88:1d:dc:70:1a:8f:2f:3b:e5:
34:e8:5b:ef:ed:76:5f:8a:51:ea:2d:92:c2:e6:86:
6d:6a:92:93:c3:6d:04:c5:95:68:07:fe:9a:32:d9:
38:c8:06:eb:33:92:b9:0b:ce:2e:c3:6b:6a:a2:41:
6a:ce:09:e7:4a:90:a8:2f:59:0e:76:dc:4f:b8:86:
d0:4b:95:e6:1b:e4:c6:59:26:ef:1c:00:4e:ce:fb:
cf:63:05:7e:a6:d4:09:39:fe:d3:79:49:f2:6a:6a:
1a:17:cb:13:a5:3d:d9:fa:b0:a4:5f:18:e8:e5:5c:
4b:38:d5:d8:b8:76:35:a0:0b:e1:98:b9:58:c3:88:
e5:f8:4a:e6:d0:84:a3:5e:4d:85:c9:d6:7f:9d:9f:
35:28:66:56:04:25:cc:1b:4c:f7:e3:cb:39:be:e0:
5f:a8:93:bd:a1:0b:cd:63:e0:16:07:af:40:0b:cb:
6e:3f:81:0c:cd:80:bf:13:f1:92:57:a1:48:17:d2:
29:b0:5a:a2:d5:42:84:c8:6c:09:31:c6:05:92:dd:
a3:f7:56:ed:e7:5f:29:88:eb:4b
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:F1:E9:1E:60:01:C8:23:CC:D7:98:B3:BB:65:7A:32:C4:4B:93:39
X509v3 Authority Key Identifier:
keyid:F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
68:61:62:4c:67:79:5d:4d:fd:95:14:51:37:f0:d5:d5:b6:f0:
c6:48:cb:23:3c:4c:b6:38:00:63:4d:0e:6a:f6:d0:ba:54:3d:
40:a4:aa:5b:01:f6:57:c1:13:12:e1:5b:4e:59:21:f7:09:90:
93:36:ab:44:54:59:f5:f0:da:3a:aa:41:f2:00:a4:fa:3d:8d:
92:bf:74:84:a2:93:c8:70:d9:5a:2a:ab:47:a9:18:fb:f9:51:
35:96:89:23:18:7b:a6:ae:1c:88:df:cd:68:ca:3c:8b:03:b2:
b0:c6:6f:9e:1f:fd:00:98:24:72:3b:6a:67:62:ef:28:4a:71:
6e:b2:53:1c:0b:7c:48:ef:78:6c:73:5d:03:71:44:ac:5c:5e:
a2:75:fd:0b:e4:cc:8c:af:1e:42:9c:b7:d4:02:f4:8e:ad:56:
77:fe:d0:1b:92:4d:35:ce:3e:bb:e0:43:98:e8:dc:71:e9:fb:
e1:26:17:5c:e1:f2:57:74:45:21:90:42:c1:b0:38:59:7f:0c:
6a:6e:94:7b:30:a1:fd:10:e0:9b:53:0f:05:19:2d:f6:9a:a3:
95:f4:52:54:c9:e2:fc:99:0e:64:56:29:31:d2:35:dd:01:b0:
34:c8:d6:16:40:1a:58:58:62:c1:e4:d8:ee:8e:1d:b2:b7:c9:
68:07:a5:91:a0:a8:18:c7:5f:80:c6:81:fb:7a:10:17:a8:a5:
9e:67:d2:ac:31:69:94:ab:36:6f:f6:35:05:c3:80:f3:3e:5f:
5c:29:d1:13:43:88:1e:79:ac:3d:d3:e0:3d:44:c4:da:c7:1e:
ab:f1:86:07:98:cf:b8:99:5d:6b:7c:3f:c2:c1:ff:1c:b1:8d:
90:02:45:62:c4:7c:ca:6a:fb:4c:48:bc:73:ad:04:ad:62:87:
1e:b3:c4:76:a6:a1:27:3d:f5:2a:ca:8e:c0:73:96:08:3c:db:
f7:36:a6:57:a4:98:47:58:cd:56:0e:cd:fc:63:84:b9:df:2f:
47:bb:8b:0d:7c:54
-----BEGIN CERTIFICATE-----
MIIFzzCCBAagAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgbIxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAy
Mjc1NVowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
DAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNU2Vy
dmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCC
AaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIBgQC+hHjTa32yrlGIaGoz8fnFGm+X
cZQi9MLwSYgrpE0Vb9vM1MZvdabiIgavkSZOoC2XF5ULQBp1I5ux4NddzA1fCZ7J
tz345WK7NHWZDObafZVA7l8ndvnK1g0epwafxXVXlkS5c/TeqqmvvkuY82zI2tmi
JjUhQOdnS+LZxE+4llQXWdjKr7FWR74VWwXTKczsK5n6Exoq0GHRQcInXdmn8iko
6/vlicUBg4gd3HAajy875TToW+/tdl+KUeotksLmhm1qkpPDbQTFlWgH/poy2TjI
BuszkrkLzi7Da2qiQWrOCedKkKgvWQ523E+4htBLleYb5MZZJu8cAE7O+89jBX6m
1Ak5/tN5SfJqahoXyxOlPdn6sKRfGOjlXEs41di4djWgC+GYuVjDiOX4SubQhKNe
TYXJ1n+dnzUoZlYEJcwbTPfjyzm+4F+ok72hC81j4BYHr0ALy24/gQzNgL8T8ZJX
oUgX0imwWqLVQoTIbAkxxgWS3aP3Vu3nXymI60sCAwEAAaOBiTCBhjAdBgNVHQ4E
FgQUyPHpHmAByCPM15izu2V6MsRLkzkwHwYDVR0jBBgwFoAU+ELMiMnIGPnTsCRl
Bkz/Vau/Dn8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww
CgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMD4GCSqGSIb3DQEBCjAxoA0w
CwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOC
AYEAaGFiTGd5XU39lRRRN/DV1bbwxkjLIzxMtjgAY00OavbQulQ9QKSqWwH2V8ET
EuFbTlkh9wmQkzarRFRZ9fDaOqpB8gCk+j2Nkr90hKKTyHDZWiqrR6kY+/lRNZaJ
Ixh7pq4ciN/NaMo8iwOysMZvnh/9AJgkcjtqZ2LvKEpxbrJTHAt8SO94bHNdA3FE
rFxeonX9C+TMjK8eQpy31AL0jq1Wd/7QG5JNNc4+u+BDmOjccen74SYXXOHyV3RF
IZBCwbA4WX8Mam6UezCh/RDgm1MPBRkt9pqjlfRSVMni/JkOZFYpMdI13QGwNMjW
FkAaWFhiweTY7o4dsrfJaAelkaCoGMdfgMaB+3oQF6ilnmfSrDFplKs2b/Y1BcOA
8z5fXCnRE0OIHnmsPdPgPUTE2sceq/GGB5jPuJlda3w/wsH/HLGNkAJFYsR8ymr7
TEi8c60ErWKHHrPEdqahJz31KsqOwHOWCDzb9zamV6SYR1jNVg7N/GOEud8vR7uL
DXxU
-----END CERTIFICATE-----

BIN
certs/rsapss/server-3072-rsapss-key.der Normal file
View File

Binary file not shown.

11
certs/rsapss/server-3072-rsapss-key.pem Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN PUBLIC KEY-----
MIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGBAL6EeNNrfbKuUYhoajPx+cUa
b5dxlCL0wvBJiCukTRVv28zUxm91puIiBq+RJk6gLZcXlQtAGnUjm7Hg113MDV8J
nsm3PfjlYrs0dZkM5tp9lUDuXyd2+crWDR6nBp/FdVeWRLlz9N6qqa++S5jzbMja
2aImNSFA52dL4tnET7iWVBdZ2MqvsVZHvhVbBdMpzOwrmfoTGirQYdFBwidd2afy
KSjr++WJxQGDiB3ccBqPLzvlNOhb7+12X4pR6i2SwuaGbWqSk8NtBMWVaAf+mjLZ
OMgG6zOSuQvOLsNraqJBas4J50qQqC9ZDnbcT7iG0EuV5hvkxlkm7xwATs77z2MF
fqbUCTn+03lJ8mpqGhfLE6U92fqwpF8Y6OVcSzjV2Lh2NaAL4Zi5WMOI5fhK5tCE
o15NhcnWf52fNShmVgQlzBtM9+PLOb7gX6iTvaELzWPgFgevQAvLbj+BDM2AvxPx
klehSBfSKbBaotVChMhsCTHGBZLdo/dW7edfKYjrSwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/server-3072-rsapss-priv.der Normal file
View File

Binary file not shown.

40
certs/rsapss/server-3072-rsapss-priv.pem Normal file
View File

@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/AIBADALBgkqhkiG9w0BAQoEggboMIIG5AIBAAKCAYEAvoR402t9sq5RiGhq
M/H5xRpvl3GUIvTC8EmIK6RNFW/bzNTGb3Wm4iIGr5EmTqAtlxeVC0AadSObseDX
XcwNXwmeybc9+OViuzR1mQzm2n2VQO5fJ3b5ytYNHqcGn8V1V5ZEuXP03qqpr75L
mPNsyNrZoiY1IUDnZ0vi2cRPuJZUF1nYyq+xVke+FVsF0ynM7CuZ+hMaKtBh0UHC
J13Zp/IpKOv75YnFAYOIHdxwGo8vO+U06Fvv7XZfilHqLZLC5oZtapKTw20ExZVo
B/6aMtk4yAbrM5K5C84uw2tqokFqzgnnSpCoL1kOdtxPuIbQS5XmG+TGWSbvHABO
zvvPYwV+ptQJOf7TeUnyamoaF8sTpT3Z+rCkXxjo5VxLONXYuHY1oAvhmLlYw4jl
+Erm0ISjXk2FydZ/nZ81KGZWBCXMG0z348s5vuBfqJO9oQvNY+AWB69AC8tuP4EM
zYC/E/GSV6FIF9IpsFqi1UKEyGwJMcYFkt2j91bt518piOtLAgMBAAECggGBALdl
MCZc0Ahj84p68NkGMuiA9TD0naQ0tz61mgZgx+892XlIzahXugjutj7lW9nOKXTL
t6a304A1gdfuV4MsPSbiTN9irJ5eufb5ncZx+/wRbc6uaBzGU9jkyoZaRG8ilj11
IrzfGbYK1QOfDIi0s2B6A4wqeXSEVP1DuKDmb9OBqns7+wvJqs0ijKFkGKxYDbK+
mh93qfXS2IamZW6d0jrwSpzg5X/laiZ15l7QZ325nb9rec2/SqvtCjVNez7ZiWeM
HQv6I8s8eBVDtSxzxytHHu90SRqC1fQEKnzKMEYAaT/i2sqqorBSIDVuwl6mnl0X
v22YKoBkaeqyanFY4bjgVkFtVyqxaPxNGW+AosD9usszSP7fHVDsxH+U3VauPDu3
E/rYkL4ftpetAk1jk7L/LipJkzdPOzcvuC/ZEXdxRkKIrM5Yb4usD+6zPLmm1yuY
HhdGZZuzcv+Uk7vmKZAv0p+IYpP7foCJlX9CsPPwCimWg581q8QTZl7/AQ7qOQKB
wQDx3siwpPspeznnxv0qxcQNK6GuADTSPxRc62ST5IHEXm+bEZJ5mmIOl5BVRn9N
RNQJSSYOHPnmyr0XTGnJ887Wpt6LutPc570pOFF8dBgLziCkHmQaDcKbVDkrNZrA
UKAP3ZppH59slXawVSlbrl3fMd6SEprxmVCuxBu7VJeee5puy4jc7Svl3aXaXOok
kmbxKUtDT456ZUxwqsXjeJbGQQgztGSB6aM/L3Jb9Z5e36o3UON9cfuvet+yCfmP
iW0CgcEAyaWyg74L9BK8taRmeQ2hMQbd8i1GvYnWrEGC0uUTpOxcsEwpFRBWGI47
Nt9+d9+v4fDULO4ysfOfUjoxpEP6OiPtcjPi+/uKGgqy5kRVEp7qqmv2iUgaJAug
95oxgmlEUjbvJfFFiq7c5UOtHfxM/TWYjoj6FzQUUM4wjcAhVaEMe+zBXpHOi1Db
pS0RuPZ+UaMTeH5NgQyrRNBQj9mK55mFHX9j97HrlbWrMGZQUQryxKWvVwLUe/uE
v/PoTMyXAoHAb8jINiO51N0X0RA9l5QZXQDqU3HS98yhi6RbMqLseqYurJt9d+gr
I5VW5qKTWVHTMYt2JBWuRcUziV4OkoC0+q3asvegzTrpSPC3cG5zYplcqp1FJGlx
pLpTRa4bnIBmyY5gu+8ajmOxnCNv3uiCiBITTK1+oOR7zpniOz0Iaf20TTqSQZD3
teAvs/E3YbmsDA9KsoxFTDofDv9OQChOfsg1kzfvL7+cbCpwjyHAlRaII9KloSeZ
6+s9EZrclUMtAoHADWADPj/N1Suk/rtf3Kmtxm25LQYZyhqpdZWG0uxE6EyRPVRf
6TjDLS/J97LNVbAtn2P0/uHx1OHe8HpRrp6fq1mUt11/sc0WdPG+ug1QQ0LtN86f
dK2mpjtrOuEsZYUL9hQUusSNI0zD9CUQB4wjoyv56YJmbEGVE2MJz20uCNr80/95
OAed1pnPZ95cbZNT/6A8e2KNS4EGnzLeFRyN3RzOuo0nmVdg0/ZP2479xtJeFfMT
dUcHxw2A2aaZAvcTAoHBAMsrLMCgT0skDJ/5/ar3f44Pkciibn455qzQ+Gx4vG9x
yCxpv70x4QT6NJz6Aht8JZWl81YlUY21S2JEiAPV3YIfTSrMKLlpvr7fCXz/ghje
4O2Cv3zGHQN6GUidXVR4cjJgx4cjcTcLaRk+e2N+0exAkV4UsDRS8OqBDZTqDwBQ
ntOJIUjNyx1Vqe1o/nxsN21EDF5Ya6K/tgEJsObEWfAStlJxm+ELaqk+29PPsmRD
O2FW8SWubrzhQCndGMYUig==
-----END PRIVATE KEY-----

BIN
certs/rsapss/server-3072-rsapss.der Normal file
View File

Binary file not shown.

238
certs/rsapss/server-3072-rsapss.pem Normal file
View File

@@ -0,0 +1,238 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:be:84:78:d3:6b:7d:b2:ae:51:88:68:6a:33:f1:
f9:c5:1a:6f:97:71:94:22:f4:c2:f0:49:88:2b:a4:
4d:15:6f:db:cc:d4:c6:6f:75:a6:e2:22:06:af:91:
26:4e:a0:2d:97:17:95:0b:40:1a:75:23:9b:b1:e0:
d7:5d:cc:0d:5f:09:9e:c9:b7:3d:f8:e5:62:bb:34:
75:99:0c:e6:da:7d:95:40:ee:5f:27:76:f9:ca:d6:
0d:1e:a7:06:9f:c5:75:57:96:44:b9:73:f4:de:aa:
a9:af:be:4b:98:f3:6c:c8:da:d9:a2:26:35:21:40:
e7:67:4b:e2:d9:c4:4f:b8:96:54:17:59:d8:ca:af:
b1:56:47:be:15:5b:05:d3:29:cc:ec:2b:99:fa:13:
1a:2a:d0:61:d1:41:c2:27:5d:d9:a7:f2:29:28:eb:
fb:e5:89:c5:01:83:88:1d:dc:70:1a:8f:2f:3b:e5:
34:e8:5b:ef:ed:76:5f:8a:51:ea:2d:92:c2:e6:86:
6d:6a:92:93:c3:6d:04:c5:95:68:07:fe:9a:32:d9:
38:c8:06:eb:33:92:b9:0b:ce:2e:c3:6b:6a:a2:41:
6a:ce:09:e7:4a:90:a8:2f:59:0e:76:dc:4f:b8:86:
d0:4b:95:e6:1b:e4:c6:59:26:ef:1c:00:4e:ce:fb:
cf:63:05:7e:a6:d4:09:39:fe:d3:79:49:f2:6a:6a:
1a:17:cb:13:a5:3d:d9:fa:b0:a4:5f:18:e8:e5:5c:
4b:38:d5:d8:b8:76:35:a0:0b:e1:98:b9:58:c3:88:
e5:f8:4a:e6:d0:84:a3:5e:4d:85:c9:d6:7f:9d:9f:
35:28:66:56:04:25:cc:1b:4c:f7:e3:cb:39:be:e0:
5f:a8:93:bd:a1:0b:cd:63:e0:16:07:af:40:0b:cb:
6e:3f:81:0c:cd:80:bf:13:f1:92:57:a1:48:17:d2:
29:b0:5a:a2:d5:42:84:c8:6c:09:31:c6:05:92:dd:
a3:f7:56:ed:e7:5f:29:88:eb:4b
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:F1:E9:1E:60:01:C8:23:CC:D7:98:B3:BB:65:7A:32:C4:4B:93:39
X509v3 Authority Key Identifier:
keyid:F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
68:61:62:4c:67:79:5d:4d:fd:95:14:51:37:f0:d5:d5:b6:f0:
c6:48:cb:23:3c:4c:b6:38:00:63:4d:0e:6a:f6:d0:ba:54:3d:
40:a4:aa:5b:01:f6:57:c1:13:12:e1:5b:4e:59:21:f7:09:90:
93:36:ab:44:54:59:f5:f0:da:3a:aa:41:f2:00:a4:fa:3d:8d:
92:bf:74:84:a2:93:c8:70:d9:5a:2a:ab:47:a9:18:fb:f9:51:
35:96:89:23:18:7b:a6:ae:1c:88:df:cd:68:ca:3c:8b:03:b2:
b0:c6:6f:9e:1f:fd:00:98:24:72:3b:6a:67:62:ef:28:4a:71:
6e:b2:53:1c:0b:7c:48:ef:78:6c:73:5d:03:71:44:ac:5c:5e:
a2:75:fd:0b:e4:cc:8c:af:1e:42:9c:b7:d4:02:f4:8e:ad:56:
77:fe:d0:1b:92:4d:35:ce:3e:bb:e0:43:98:e8:dc:71:e9:fb:
e1:26:17:5c:e1:f2:57:74:45:21:90:42:c1:b0:38:59:7f:0c:
6a:6e:94:7b:30:a1:fd:10:e0:9b:53:0f:05:19:2d:f6:9a:a3:
95:f4:52:54:c9:e2:fc:99:0e:64:56:29:31:d2:35:dd:01:b0:
34:c8:d6:16:40:1a:58:58:62:c1:e4:d8:ee:8e:1d:b2:b7:c9:
68:07:a5:91:a0:a8:18:c7:5f:80:c6:81:fb:7a:10:17:a8:a5:
9e:67:d2:ac:31:69:94:ab:36:6f:f6:35:05:c3:80:f3:3e:5f:
5c:29:d1:13:43:88:1e:79:ac:3d:d3:e0:3d:44:c4:da:c7:1e:
ab:f1:86:07:98:cf:b8:99:5d:6b:7c:3f:c2:c1:ff:1c:b1:8d:
90:02:45:62:c4:7c:ca:6a:fb:4c:48:bc:73:ad:04:ad:62:87:
1e:b3:c4:76:a6:a1:27:3d:f5:2a:ca:8e:c0:73:96:08:3c:db:
f7:36:a6:57:a4:98:47:58:cd:56:0e:cd:fc:63:84:b9:df:2f:
47:bb:8b:0d:7c:54
-----BEGIN CERTIFICATE-----
MIIFzzCCBAagAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgbIxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAy
Mjc1NVowgbYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH
DAdCb3plbWFuMRcwFQYDVQQKDA53b2xmU1NMX1JTQVBTUzEWMBQGA1UECwwNU2Vy
dmVyLVJTQVBTUzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
AQkBFhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDCC
AaAwCwYJKoZIhvcNAQEKA4IBjwAwggGKAoIBgQC+hHjTa32yrlGIaGoz8fnFGm+X
cZQi9MLwSYgrpE0Vb9vM1MZvdabiIgavkSZOoC2XF5ULQBp1I5ux4NddzA1fCZ7J
tz345WK7NHWZDObafZVA7l8ndvnK1g0epwafxXVXlkS5c/TeqqmvvkuY82zI2tmi
JjUhQOdnS+LZxE+4llQXWdjKr7FWR74VWwXTKczsK5n6Exoq0GHRQcInXdmn8iko
6/vlicUBg4gd3HAajy875TToW+/tdl+KUeotksLmhm1qkpPDbQTFlWgH/poy2TjI
BuszkrkLzi7Da2qiQWrOCedKkKgvWQ523E+4htBLleYb5MZZJu8cAE7O+89jBX6m
1Ak5/tN5SfJqahoXyxOlPdn6sKRfGOjlXEs41di4djWgC+GYuVjDiOX4SubQhKNe
TYXJ1n+dnzUoZlYEJcwbTPfjyzm+4F+ok72hC81j4BYHr0ALy24/gQzNgL8T8ZJX
oUgX0imwWqLVQoTIbAkxxgWS3aP3Vu3nXymI60sCAwEAAaOBiTCBhjAdBgNVHQ4E
FgQUyPHpHmAByCPM15izu2V6MsRLkzkwHwYDVR0jBBgwFoAU+ELMiMnIGPnTsCRl
Bkz/Vau/Dn8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww
CgYIKwYBBQUHAwEwEQYJYIZIAYb4QgEBBAQDAgZAMD4GCSqGSIb3DQEBCjAxoA0w
CwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIBTgOC
AYEAaGFiTGd5XU39lRRRN/DV1bbwxkjLIzxMtjgAY00OavbQulQ9QKSqWwH2V8ET
EuFbTlkh9wmQkzarRFRZ9fDaOqpB8gCk+j2Nkr90hKKTyHDZWiqrR6kY+/lRNZaJ
Ixh7pq4ciN/NaMo8iwOysMZvnh/9AJgkcjtqZ2LvKEpxbrJTHAt8SO94bHNdA3FE
rFxeonX9C+TMjK8eQpy31AL0jq1Wd/7QG5JNNc4+u+BDmOjccen74SYXXOHyV3RF
IZBCwbA4WX8Mam6UezCh/RDgm1MPBRkt9pqjlfRSVMni/JkOZFYpMdI13QGwNMjW
FkAaWFhiweTY7o4dsrfJaAelkaCoGMdfgMaB+3oQF6ilnmfSrDFplKs2b/Y1BcOA
8z5fXCnRE0OIHnmsPdPgPUTE2sceq/GGB5jPuJlda3w/wsH/HLGNkAJFYsR8ymr7
TEi8c60ErWKHHrPEdqahJz31KsqOwHOWCDzb9zamV6SYR1jNVg7N/GOEud8vR7uL
DXxU
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (3072 bit)
Modulus:
00:c8:2a:40:c8:eb:ae:7c:18:33:cb:38:51:e6:b7:
7b:11:4f:cd:ea:35:87:64:d9:b2:ca:cf:4b:21:c4:
86:2a:c7:a3:6f:15:3e:1e:c4:9b:03:81:4b:3a:5d:
53:62:11:e2:08:df:97:4d:37:3d:78:62:50:40:31:
2a:70:44:1a:6d:69:49:fc:77:b8:f2:42:09:86:9a:
5d:39:cd:84:7b:32:8a:3b:b0:4f:bf:3d:d4:05:7e:
c0:aa:28:a5:ce:b1:28:3a:59:d9:19:10:3a:d4:1f:
91:07:07:73:50:a4:2b:d8:18:1f:22:f8:f4:64:3f:
13:a0:d8:60:7e:53:4c:3b:97:70:bc:36:e5:be:31:
97:45:55:ed:a2:5b:87:b5:1b:8e:65:3d:b7:15:08:
d1:12:1a:aa:ec:4e:56:35:70:a7:3e:50:65:f7:3e:
30:9c:32:db:b2:24:7b:87:02:29:27:12:35:ad:8e:
c3:02:22:13:c2:6e:53:45:f0:16:21:81:e5:d5:b5:
91:60:8b:d7:5c:bb:c2:70:06:f6:50:41:45:36:7f:
41:44:89:b6:97:23:be:76:d7:7c:72:7f:ea:f4:19:
10:17:c3:df:8f:cd:97:20:04:cb:1d:03:6b:09:8f:
d7:7b:84:7d:22:c5:e2:10:cb:cc:11:aa:a1:f5:66:
85:0e:35:5a:8c:c3:89:61:29:d0:5c:53:2f:09:4b:
91:7e:ce:e0:12:d3:ce:eb:c9:50:3c:36:f0:a6:b4:
fb:b5:c2:de:61:a0:ac:6f:bc:7e:ef:53:08:9f:b1:
18:ad:5b:e3:01:23:de:11:a5:1f:7d:d5:b6:f4:72:
1d:53:75:66:8c:db:61:1e:e9:eb:3c:f3:49:69:82:
b6:20:6b:29:03:a1:be:55:e4:4c:f8:25:a7:a8:a3:
e3:3f:32:1f:ae:a7:2a:9b:6b:56:dd:c9:5a:b1:1a:
01:a0:13:d2:8e:9a:2c:db:7e:fd:5b:0e:2e:ef:92:
69:ce:f2:de:ef:d0:2f:09:0e:67
Exponent: 65537 (0x10001)
No PSS parameter restrictions
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:42:CC:88:C9:C8:18:F9:D3:B0:24:65:06:4C:FF:55:AB:BF:0E:7F
X509v3 Authority Key Identifier:
keyid:AA:71:D3:B1:8A:4B:BB:47:15:47:5F:9B:D0:2B:69:D1:6F:85:5E:F6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha384
Mask Algorithm: mgf1 with sha384
Salt Length: 0x014E
Trailer Field: 0xBC (default)
39:a8:ef:b1:66:08:50:0b:5e:cb:b2:29:8c:9b:b1:be:21:44:
d6:d8:97:1d:45:dc:52:70:f1:de:ac:74:65:03:6b:af:a0:f0:
21:61:ce:23:39:33:c8:cb:1e:8f:77:12:1e:5b:99:0c:e1:1b:
75:cf:1d:d7:12:86:cc:fc:86:90:0f:45:ea:8b:08:47:08:ac:
56:44:31:f2:c9:23:6b:d5:30:ca:5f:49:b0:4b:8b:36:bd:5c:
92:fa:86:34:57:80:30:93:29:59:19:a4:dd:f9:91:26:8a:49:
b4:ee:93:aa:e1:b2:06:f6:2f:2a:d9:5b:6d:f9:7c:04:4f:1c:
7a:cc:8e:39:c2:98:3a:bd:b9:a2:24:82:8f:e4:d8:80:47:73:
84:6e:bc:20:5c:ac:79:72:a7:6f:e3:c8:3a:9c:cc:83:b1:1f:
e2:65:3b:a1:f5:86:1a:33:53:bc:05:ba:6a:b1:bc:a7:b4:c1:
44:8c:0a:cc:c2:15:da:c1:dd:dc:31:91:46:5b:48:d8:ea:03:
78:e1:1f:ce:79:19:c8:6e:d6:3f:4c:f5:3b:b3:e7:2e:b7:46:
0c:58:cd:ca:56:a6:88:fb:fd:12:d1:27:80:5a:a2:51:96:f8:
4c:65:8d:71:0b:84:ca:94:f9:9f:c9:38:62:a3:64:cd:91:44:
50:ed:bb:c0:1d:9b:b8:a4:57:b1:7a:2e:44:57:a5:15:ba:cc:
b3:62:f5:46:aa:cd:fb:53:d3:ed:ef:e3:f4:b2:9b:3f:29:d0:
00:8c:19:61:48:b6:da:74:27:05:69:7b:df:04:0e:e2:f1:0f:
1a:fa:92:70:79:78:86:52:60:e1:4d:4e:66:14:ba:86:e2:4e:
dd:e0:d0:f3:c0:2d:6d:3a:16:00:1d:c6:9c:27:6f:a6:5f:21:
4c:e4:82:14:95:d1:a7:4a:15:13:ba:d8:65:ad:34:a2:93:3a:
d1:49:12:4d:f2:97:f3:e2:8a:83:d2:bf:84:84:c6:87:70:c9:
38:e0:5f:fe:7f:38
-----BEGIN CERTIFICATE-----
MIIFjzCCA8agAwIBAgIBATA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAU4wgZ0xCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRgwFgYDVQQKDA93
b2xmU1NMX1JTQS1QU1MxFTATBgNVBAsMDFJvb3QtUlNBLVBTUzEYMBYGA1UEAwwP
d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
MB4XDTIyMDcyNTAyMjc1NVoXDTI1MDQyMDAyMjc1NVowgbIxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRcwFQYDVQQKDA53
b2xmU1NMX1JTQVBTUzESMBAGA1UECwwJQ0EtUlNBUFNTMRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV
BgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoC
ggGBAMgqQMjrrnwYM8s4Uea3exFPzeo1h2TZssrPSyHEhirHo28VPh7EmwOBSzpd
U2IR4gjfl003PXhiUEAxKnBEGm1pSfx3uPJCCYaaXTnNhHsyijuwT7891AV+wKoo
pc6xKDpZ2RkQOtQfkQcHc1CkK9gYHyL49GQ/E6DYYH5TTDuXcLw25b4xl0VV7aJb
h7UbjmU9txUI0RIaquxOVjVwpz5QZfc+MJwy27Ike4cCKScSNa2OwwIiE8JuU0Xw
FiGB5dW1kWCL11y7wnAG9lBBRTZ/QUSJtpcjvnbXfHJ/6vQZEBfD34/NlyAEyx0D
awmP13uEfSLF4hDLzBGqofVmhQ41WozDiWEp0FxTLwlLkX7O4BLTzuvJUDw28Ka0
+7XC3mGgrG+8fu9TCJ+xGK1b4wEj3hGlH33VtvRyHVN1ZozbYR7p6zzzSWmCtiBr
KQOhvlXkTPglp6ij4z8yH66nKptrVt3JWrEaAaAT0o6aLNt+/VsOLu+Sac7y3u/Q
LwkOZwIDAQABo2MwYTAdBgNVHQ4EFgQU+ELMiMnIGPnTsCRlBkz/Vau/Dn8wHwYD
VR0jBBgwFoAUqnHTsYpLu0cVR1+b0Ctp0W+FXvYwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAYYwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAY
BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgFOA4IBgQA5qO+xZghQC17LsimM
m7G+IUTW2JcdRdxScPHerHRlA2uvoPAhYc4jOTPIyx6PdxIeW5kM4Rt1zx3XEobM
/IaQD0XqiwhHCKxWRDHyySNr1TDKX0mwS4s2vVyS+oY0V4AwkylZGaTd+ZEmikm0
7pOq4bIG9i8q2Vtt+XwETxx6zI45wpg6vbmiJIKP5NiAR3OEbrwgXKx5cqdv48g6
nMyDsR/iZTuh9YYaM1O8BbpqsbyntMFEjArMwhXawd3cMZFGW0jY6gN44R/OeRnI
btY/TPU7s+cut0YMWM3KVqaI+/0S0SeAWqJRlvhMZY1xC4TKlPmfyThio2TNkURQ
7bvAHZu4pFexei5EV6UVusyzYvVGqs37U9Pt7+P0sps/KdAAjBlhSLbadCcFaXvf
BA7i8Q8a+pJweXiGUmDhTU5mFLqG4k7d4NDzwC1tOhYAHcacJ2+mXyFM5IIUldGn
ShUTuthlrTSikzrRSRJN8pfz4oqD0r+EhMaHcMk44F/+fzg=
-----END CERTIFICATE-----

106
certs/rsapss/server-rsapss-cert.pem Normal file
View File

@@ -0,0 +1,106 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:d7:f7:6c:e1:02:89:cc:9b:74:10:f3:ec:01:cb:
89:ce:ef:f6:29:62:fc:75:3f:6a:99:ba:d6:88:ec:
ae:b3:20:33:44:d2:06:d7:99:21:bb:f3:40:ce:30:
b0:e1:90:4c:5b:58:75:54:1d:a2:dd:bc:63:01:48:
43:3b:22:7a:78:2a:65:5b:d8:11:5f:9b:7b:db:21:
1c:bc:f4:a5:ad:3e:d6:07:41:da:04:1f:ea:78:ec:
57:f3:53:fd:49:2b:5e:0e:34:02:3b:5e:3e:5f:dc:
63:da:d4:68:26:1a:61:c9:25:d7:53:16:e7:fb:c0:
a5:2d:59:36:7b:e9:c7:42:cb:9b:15:81:fd:d4:0f:
c5:b7:c6:49:c0:45:77:ea:5b:ac:ca:1e:a5:9c:c1:
86:1b:f2:9e:ed:66:a0:d1:3b:b6:6f:02:54:69:30:
0d:ba:55:01:18:c0:5f:7d:b2:ee:a6:bd:89:84:fc:
e8:36:e4:bb:d3:b4:9e:dd:b3:a6:80:32:12:37:30:
8e:0a:89:54:c5:eb:4b:1c:85:02:2b:f8:26:63:c4:
23:f8:59:35:18:0e:28:cf:5d:07:49:d8:cc:60:4d:
3b:fb:27:24:f0:d6:46:0f:c5:5b:16:a5:94:8a:69:
1a:34:62:cd:e0:32:32:55:b9:16:65:50:11:8b:5e:
36:83
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:07:69:B0:A1:6F:9F:0C:FA:25:05:B2:CA:97:08:44:DF:0E:97:A8
X509v3 Authority Key Identifier:
keyid:9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
be:97:50:2b:be:31:97:8f:92:ed:52:c6:86:b7:12:3c:08:c2:
97:40:2d:58:51:1d:4b:c4:66:1f:9b:ca:06:66:14:7d:ba:c6:
16:7d:18:fb:28:3c:5a:b0:b1:e7:dd:6e:6f:1e:18:74:8c:9b:
71:b3:4a:94:26:bf:14:00:ab:1c:0b:a0:ae:91:7c:71:9c:25:
c5:9a:2d:8a:a3:39:2a:3c:fa:e5:66:ea:9a:16:85:4c:5e:f4:
03:0b:59:1d:13:08:76:22:f0:de:8c:1c:d4:67:01:fc:a4:cd:
12:1a:73:1d:67:b0:df:7a:53:68:80:04:a9:37:aa:3f:30:ac:
ee:58:c9:d9:ba:78:00:ff:72:0f:d9:98:62:8e:e6:16:37:fb:
86:35:b6:20:9e:30:72:39:a6:c8:68:07:83:1c:ad:86:fb:1a:
67:39:18:2a:99:1f:1f:36:94:72:a2:af:a5:fc:ca:1d:16:cf:
55:b5:86:30:dc:fd:8b:d1:db:38:28:20:fc:64:4b:71:d4:91:
0a:dc:b9:00:f7:9c:af:99:e4:b6:2b:b7:f3:76:81:92:8b:0f:
f7:4a:7a:15:2f:48:5c:a4:59:57:55:ab:9e:9e:fc:81:b4:64:
4b:8e:37:b7:00:c9:54:a5:ea:f6:b9:9c:2b:60:12:7d:f5:29:
41:07:5a:a3
-----BEGIN CERTIFICATE-----
MIIE/zCCA7egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBsjELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIy
NzU1WjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
B0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1TZXJ2
ZXItUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIB
UjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
BglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJzu/2
KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6eCpl
W9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhphySXX
Uxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2bwJU
aTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gmY8Qj
+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142gwID
AQABo4GJMIGGMB0GA1UdDgQWBBQtB2mwoW+fDPolBbLKlwhE3w6XqDAfBgNVHSME
GDAWgBSeDODT37ZL8xljXMpsk4aiFFORMTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAw
PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ
YIZIAWUDBAIBogMCASADggEBAL6XUCu+MZePku1Sxoa3EjwIwpdALVhRHUvEZh+b
ygZmFH26xhZ9GPsoPFqwsefdbm8eGHSMm3GzSpQmvxQAqxwLoK6RfHGcJcWaLYqj
OSo8+uVm6poWhUxe9AMLWR0TCHYi8N6MHNRnAfykzRIacx1nsN96U2iABKk3qj8w
rO5Yydm6eAD/cg/ZmGKO5hY3+4Y1tiCeMHI5pshoB4McrYb7Gmc5GCqZHx82lHKi
r6X8yh0Wz1W1hjDc/YvR2zgoIPxkS3HUkQrcuQD3nK+Z5LYrt/N2gZKLD/dKehUv
SFykWVdVq56e/IG0ZEuON7cAyVSl6va5nCtgEn31KUEHWqM=
-----END CERTIFICATE-----

BIN
certs/rsapss/server-rsapss-key.der Normal file
View File

Binary file not shown.

10
certs/rsapss/server-rsapss-key.pem Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN PUBLIC KEY-----
MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
CDALBglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJ
zu/2KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6
eCplW9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhph
ySXXUxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2
bwJUaTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gm
Y8Qj+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142
gwIDAQAB
-----END PUBLIC KEY-----

BIN
certs/rsapss/server-rsapss-priv.der Normal file
View File

Binary file not shown.

29
certs/rsapss/server-rsapss-priv.pem Normal file
View File

@@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIE7gIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKgwggSkAgEAAoIBAQDX92zhAonMm3QQ
8+wBy4nO7/YpYvx1P2qZutaI7K6zIDNE0gbXmSG780DOMLDhkExbWHVUHaLdvGMB
SEM7Inp4KmVb2BFfm3vbIRy89KWtPtYHQdoEH+p47FfzU/1JK14ONAI7Xj5f3GPa
1GgmGmHJJddTFuf7wKUtWTZ76cdCy5sVgf3UD8W3xknARXfqW6zKHqWcwYYb8p7t
ZqDRO7ZvAlRpMA26VQEYwF99su6mvYmE/Og25LvTtJ7ds6aAMhI3MI4KiVTF60sc
hQIr+CZjxCP4WTUYDijPXQdJ2MxgTTv7JyTw1kYPxVsWpZSKaRo0Ys3gMjJVuRZl
UBGLXjaDAgMBAAECggEARZ4GxQnSbdh2s7hNjc6U39ZOnczA4PLOZDvsSDsznZ51
qGujtQAx9apWa6Eag7vGQXPkbncXNy8xIwquUXOt0uqnvdGK2C0A4gRshSS/+3bT
+4boxoebR9u4BkI+1cVbDm0JgyXAKZqbvcDWyeGbQAIoxSoPIgJZvKKTg6I6j3cH
KyVYARmQTWbfVcupY/BlFIw3kSpLU3EYPNjF4hBDiEMsp6CpgipIipY6W2HjWHp1
YS55S6meflkGnikjzXMcptQkaKA3uJmHgNviwZb1z8si5gvUsAA1TbnekVzSCt95
8aRGZfHFi39CAJ+SZPL+hOHLR1QnDvqFMm/UxKlMMQKBgQDvSlU0j9rt/xZXWF0F
ZfVzRrU6fCDhHhIUu7ujcIvsIl/rAdnDTHZN12vUPI08VtPI5oxNDly95q683rNm
d17YicbKQFRdxRjdG9RCM0JzIbBUzLlbprCEDixi8enyIGkjjxVwA8oEhquAo+if
GUimrwc+/BhAC8JnHvF2nCC+/QKBgQDnDCTrgYDaQSS0bXIjqNontoh2eifAbfYd
A3yqszsseJ0FNEf0KjTyKP0Kz5OYi5uLyi/RlvYj+d+m0qDupPauQEVZGIEb1NG/
9mwFxrcc9uMiyv0M5Zzh7QrIUX5oJwHGJzad8rFUl/KZCbTaDKdUFsRf+005Yd1t
2f//0jSDfwKBgQCq1HNd0fFnBTwq4S+Pggmn4WvSM/m5HSGlYZ0Egn2x95xohuqy
zWyMB+W4H/5ofEg33bd972nwPLa0qXyEA2ZXyox7qU9Rnjsw5wQyuquOzBc5guo1
bxwHOqMfhDsTG2ZT93tDe8EGWCop7VpN8tv1+3B927VoS7zep62UksOh9QKBgHPc
QydV6aeIwz83IuV+5ubDQesnloeInMIv3XQ8LJBAa30QmoR2JdbJdxrUvM7iMz4G
RbR0XznrM5wUQ19omcsHr77d6uBp+ESq7cB3xZtgssXfxMWS3vjsRVvugdT4uosD
XwAVk5c4Gw9jLq2par9gK1l2S2NbEA7mItnGL09BAoGBANvLVWSr7kXEsyH23OX1
XWbbpBK+OW1zzXsfglkpNkqaxI7OtOghhBOeQC4q/8xOInjNjp7fYpkquEawMobo
cyijj+IotP9pak1vk6tf31UkFtNyCJIM8UwUV/oiFTHFW2h6QOrSLgKnPbetWZH4
7UAAE0VzM7MI7XIdSObbjpr4
-----END PRIVATE KEY-----

BIN
certs/rsapss/server-rsapss.der Normal file
View File

Binary file not shown.

207
certs/rsapss/server-rsapss.pem Normal file
View File

@@ -0,0 +1,207 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = Server-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:d7:f7:6c:e1:02:89:cc:9b:74:10:f3:ec:01:cb:
89:ce:ef:f6:29:62:fc:75:3f:6a:99:ba:d6:88:ec:
ae:b3:20:33:44:d2:06:d7:99:21:bb:f3:40:ce:30:
b0:e1:90:4c:5b:58:75:54:1d:a2:dd:bc:63:01:48:
43:3b:22:7a:78:2a:65:5b:d8:11:5f:9b:7b:db:21:
1c:bc:f4:a5:ad:3e:d6:07:41:da:04:1f:ea:78:ec:
57:f3:53:fd:49:2b:5e:0e:34:02:3b:5e:3e:5f:dc:
63:da:d4:68:26:1a:61:c9:25:d7:53:16:e7:fb:c0:
a5:2d:59:36:7b:e9:c7:42:cb:9b:15:81:fd:d4:0f:
c5:b7:c6:49:c0:45:77:ea:5b:ac:ca:1e:a5:9c:c1:
86:1b:f2:9e:ed:66:a0:d1:3b:b6:6f:02:54:69:30:
0d:ba:55:01:18:c0:5f:7d:b2:ee:a6:bd:89:84:fc:
e8:36:e4:bb:d3:b4:9e:dd:b3:a6:80:32:12:37:30:
8e:0a:89:54:c5:eb:4b:1c:85:02:2b:f8:26:63:c4:
23:f8:59:35:18:0e:28:cf:5d:07:49:d8:cc:60:4d:
3b:fb:27:24:f0:d6:46:0f:c5:5b:16:a5:94:8a:69:
1a:34:62:cd:e0:32:32:55:b9:16:65:50:11:8b:5e:
36:83
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:07:69:B0:A1:6F:9F:0C:FA:25:05:B2:CA:97:08:44:DF:0E:97:A8
X509v3 Authority Key Identifier:
keyid:9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Cert Type:
SSL Server
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
be:97:50:2b:be:31:97:8f:92:ed:52:c6:86:b7:12:3c:08:c2:
97:40:2d:58:51:1d:4b:c4:66:1f:9b:ca:06:66:14:7d:ba:c6:
16:7d:18:fb:28:3c:5a:b0:b1:e7:dd:6e:6f:1e:18:74:8c:9b:
71:b3:4a:94:26:bf:14:00:ab:1c:0b:a0:ae:91:7c:71:9c:25:
c5:9a:2d:8a:a3:39:2a:3c:fa:e5:66:ea:9a:16:85:4c:5e:f4:
03:0b:59:1d:13:08:76:22:f0:de:8c:1c:d4:67:01:fc:a4:cd:
12:1a:73:1d:67:b0:df:7a:53:68:80:04:a9:37:aa:3f:30:ac:
ee:58:c9:d9:ba:78:00:ff:72:0f:d9:98:62:8e:e6:16:37:fb:
86:35:b6:20:9e:30:72:39:a6:c8:68:07:83:1c:ad:86:fb:1a:
67:39:18:2a:99:1f:1f:36:94:72:a2:af:a5:fc:ca:1d:16:cf:
55:b5:86:30:dc:fd:8b:d1:db:38:28:20:fc:64:4b:71:d4:91:
0a:dc:b9:00:f7:9c:af:99:e4:b6:2b:b7:f3:76:81:92:8b:0f:
f7:4a:7a:15:2f:48:5c:a4:59:57:55:ab:9e:9e:fc:81:b4:64:
4b:8e:37:b7:00:c9:54:a5:ea:f6:b9:9c:2b:60:12:7d:f5:29:
41:07:5a:a3
-----BEGIN CERTIFICATE-----
MIIE/zCCA7egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBsjELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIy
NzU1WjCBtjELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM
B0JvemVtYW4xFzAVBgNVBAoMDndvbGZTU0xfUlNBUFNTMRYwFAYDVQQLDA1TZXJ2
ZXItUlNBUFNTMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
CQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xmU1NMMIIB
UjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL
BglghkgBZQMEAgGiAwIBIAOCAQ8AMIIBCgKCAQEA1/ds4QKJzJt0EPPsAcuJzu/2
KWL8dT9qmbrWiOyusyAzRNIG15khu/NAzjCw4ZBMW1h1VB2i3bxjAUhDOyJ6eCpl
W9gRX5t72yEcvPSlrT7WB0HaBB/qeOxX81P9SSteDjQCO14+X9xj2tRoJhphySXX
Uxbn+8ClLVk2e+nHQsubFYH91A/Ft8ZJwEV36lusyh6lnMGGG/Ke7Wag0Tu2bwJU
aTANulUBGMBffbLupr2JhPzoNuS707Se3bOmgDISNzCOColUxetLHIUCK/gmY8Qj
+Fk1GA4oz10HSdjMYE07+yck8NZGD8VbFqWUimkaNGLN4DIyVbkWZVARi142gwID
AQABo4GJMIGGMB0GA1UdDgQWBBQtB2mwoW+fDPolBbLKlwhE3w6XqDAfBgNVHSME
GDAWgBSeDODT37ZL8xljXMpsk4aiFFORMTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATARBglghkgBhvhCAQEEBAMCBkAw
PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ
YIZIAWUDBAIBogMCASADggEBAL6XUCu+MZePku1Sxoa3EjwIwpdALVhRHUvEZh+b
ygZmFH26xhZ9GPsoPFqwsefdbm8eGHSMm3GzSpQmvxQAqxwLoK6RfHGcJcWaLYqj
OSo8+uVm6poWhUxe9AMLWR0TCHYi8N6MHNRnAfykzRIacx1nsN96U2iABKk3qj8w
rO5Yydm6eAD/cg/ZmGKO5hY3+4Y1tiCeMHI5pshoB4McrYb7Gmc5GCqZHx82lHKi
r6X8yh0Wz1W1hjDc/YvR2zgoIPxkS3HUkQrcuQD3nK+Z5LYrt/N2gZKLD/dKehUv
SFykWVdVq56e/IG0ZEuON7cAyVSl6va5nCtgEn31KUEHWqM=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSA-PSS, OU = Root-RSA-PSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Jul 25 02:27:55 2022 GMT
Not After : Apr 20 02:27:55 2025 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_RSAPSS, OU = CA-RSAPSS, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL
Subject Public Key Info:
Public Key Algorithm: rsassaPss
RSA-PSS Public-Key: (2048 bit)
Modulus:
00:d6:0e:c7:50:4d:29:f5:a8:a2:d4:29:5b:58:f2:
bc:2d:27:de:88:49:1a:84:19:2b:84:8d:94:d1:78:
12:d6:7b:14:d8:d2:82:24:95:ab:fe:4f:55:fb:e0:
55:fc:39:37:7b:41:80:b4:98:6f:7f:c5:b7:3e:37:
f8:5f:1d:2f:12:31:88:f9:8b:3b:00:85:e6:36:a5:
17:3f:9a:a4:be:48:ff:7a:36:22:2c:23:d4:9f:5b:
52:d1:17:d1:c1:f2:69:19:d8:32:c5:f7:79:ec:83:
19:87:e3:13:a0:43:5e:b1:e9:03:ed:b4:08:cd:7b:
14:68:0f:25:4f:90:f0:04:a7:bb:08:89:08:dc:76:
4e:70:49:04:41:4d:bf:b7:7f:77:79:6a:ef:68:4b:
62:97:8e:33:91:32:2a:e3:63:15:47:f6:61:a4:26:
db:02:04:b6:57:c0:a7:f0:aa:ec:20:72:91:c3:32:
ab:98:7f:84:c6:e8:5f:d6:e0:1a:d2:24:b1:c7:50:
bb:73:87:de:2a:c3:e2:c4:60:32:b8:e4:5a:5b:b5:
e4:29:8c:8b:28:6b:bb:1a:dc:3c:fe:b9:ef:9e:89:
28:60:ba:a4:40:66:d5:bb:e0:62:7f:a7:2b:e1:0f:
38:e6:33:ea:b2:10:0e:14:c8:3f:87:9f:ff:8b:28:
cc:1d
Exponent: 65537 (0x10001)
PSS parameter restrictions:
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Minimum Salt Length: 0x20
Trailer Field: 0xBC (default)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:0C:E0:D3:DF:B6:4B:F3:19:63:5C:CA:6C:93:86:A2:14:53:91:31
X509v3 Authority Key Identifier:
keyid:64:D5:EC:82:87:80:DE:5A:ED:49:98:D8:0C:54:7D:46:9E:A5:3C:D6
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: rsassaPss
Hash Algorithm: sha256
Mask Algorithm: mgf1 with sha256
Salt Length: 0x20
Trailer Field: 0xBC (default)
32:66:7b:22:4b:80:fc:7a:81:5a:11:1d:1b:d8:a6:26:a9:38:
6f:f8:c5:cb:80:47:0c:08:cc:12:a4:7a:17:8e:d6:a5:a8:cb:
df:ea:b7:77:b4:df:e5:92:ba:7f:9b:a2:71:0d:7d:7a:36:29:
bd:03:7b:52:65:0d:79:ae:c3:ac:e8:a4:75:c6:28:c0:05:33:
51:f4:85:37:0e:9c:03:dc:51:3d:5d:55:88:17:da:b5:c5:b1:
91:a5:a9:40:91:07:a3:0c:17:75:f9:fa:52:43:94:21:40:24:
8c:31:f3:4a:5e:96:86:20:9b:37:87:a4:56:ac:4f:ac:e6:a6:
0c:05:cc:62:b2:0a:62:63:04:5f:dc:52:46:db:12:5e:16:2b:
62:00:fa:30:5f:04:33:28:0c:a6:6c:49:cb:35:ad:f4:d5:57:
cb:16:7c:f4:8c:99:22:e4:e1:f4:97:e4:df:b2:1f:62:8f:50:
2e:43:aa:cf:c7:86:ae:da:7f:b7:eb:16:cb:28:c2:bc:80:7b:
f2:7f:16:60:88:0e:49:aa:d3:2a:92:54:38:a4:09:be:79:e1:
1d:6f:b1:95:0c:02:f9:e7:f4:4b:b8:44:4a:e2:db:02:08:b3:
e6:79:d5:d0:bd:34:8f:cc:8e:19:28:48:07:7b:d0:b2:31:ba:
db:e2:e0:3f
-----BEGIN CERTIFICATE-----
MIIEvzCCA3egAwIBAgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa
MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDCBnTELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dv
bGZTU0xfUlNBLVBTUzEVMBMGA1UECwwMUm9vdC1SU0EtUFNTMRgwFgYDVQQDDA93
d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w
HhcNMjIwNzI1MDIyNzU1WhcNMjUwNDIwMDIyNzU1WjCBsjELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFzAVBgNVBAoMDndv
bGZTU0xfUlNBUFNTMRIwEAYDVQQLDAlDQS1SU0FQU1MxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUG
CgmSJomT8ixkAQEMB3dvbGZTU0wwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZI
AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEK
AoIBAQDWDsdQTSn1qKLUKVtY8rwtJ96ISRqEGSuEjZTReBLWexTY0oIklav+T1X7
4FX8OTd7QYC0mG9/xbc+N/hfHS8SMYj5izsAheY2pRc/mqS+SP96NiIsI9SfW1LR
F9HB8mkZ2DLF93nsgxmH4xOgQ16x6QPttAjNexRoDyVPkPAEp7sIiQjcdk5wSQRB
Tb+3f3d5au9oS2KXjjORMirjYxVH9mGkJtsCBLZXwKfwquwgcpHDMquYf4TG6F/W
4BrSJLHHULtzh94qw+LEYDK45FpbteQpjIsoa7sa3Dz+ue+eiShguqRAZtW74GJ/
pyvhDzjmM+qyEA4UyD+Hn/+LKMwdAgMBAAGjYzBhMB0GA1UdDgQWBBSeDODT37ZL
8xljXMpsk4aiFFORMTAfBgNVHSMEGDAWgBRk1eyCh4DeWu1JmNgMVH1GnqU81jAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA9BgkqhkiG9w0BAQowMKAN
MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC
AQEAMmZ7IkuA/HqBWhEdG9imJqk4b/jFy4BHDAjMEqR6F47WpajL3+q3d7Tf5ZK6
f5uicQ19ejYpvQN7UmUNea7DrOikdcYowAUzUfSFNw6cA9xRPV1ViBfatcWxkaWp
QJEHowwXdfn6UkOUIUAkjDHzSl6WhiCbN4ekVqxPrOamDAXMYrIKYmMEX9xSRtsS
XhYrYgD6MF8EMygMpmxJyzWt9NVXyxZ89IyZIuTh9Jfk37IfYo9QLkOqz8eGrtp/
t+sWyyjCvIB78n8WYIgOSarTKpJUOKQJvnnhHW+xlQwC+ef0S7hESuLbAgiz5nnV
0L00j8yOGShIB3vQsjG62+LgPw==
-----END CERTIFICATE-----

2
configure.ac
View File

@@ -3574,7 +3574,7 @@ else
fi
if test "$ENABLED_RSAPSS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT"
fi

6
src/internal.c
View File

@@ -12537,6 +12537,9 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
switch (args->dCert->keyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
if (ssl->options.minRsaKeySz < 0 ||
args->dCert->pubKeySize <
@@ -13612,6 +13615,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
/* decode peer key */
switch (args->dCert->keyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
{
word32 keyIdx = 0;

48
src/ssl.c
View File

@@ -5113,7 +5113,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
/* check CA key size */
if (verify) {
switch (cert->keyOID) {
#ifndef NO_RSA
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
if (cm->minRsaKeySz < 0 ||
cert->pubKeySize < (word16)cm->minRsaKeySz) {
@@ -5121,7 +5124,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
WOLFSSL_MSG("\tCA RSA key size error");
}
break;
#endif /* !NO_RSA */
#endif /* !NO_RSA */
#ifdef HAVE_ECC
case ECDSAk:
if (cm->minEccKeySz < 0 ||
@@ -6519,6 +6522,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
else if (cert->keyOID == RSAk) {
ssl->options.haveRSA = 1;
}
#ifdef WC_RSA_PSS
else if (cert->keyOID == RSAPSSk) {
ssl->options.haveRSA = 1;
}
#endif
#endif
#ifdef HAVE_ED25519
else if (cert->keyOID == ED25519k) {
@@ -6552,6 +6560,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
else if (cert->keyOID == RSAk) {
ctx->haveRSA = 1;
}
#ifdef WC_RSA_PSS
else if (cert->keyOID == RSAPSSk) {
ctx->haveRSA = 1;
}
#endif
#endif
#ifdef HAVE_ED25519
else if (cert->keyOID == ED25519k) {
@@ -6578,6 +6591,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
/* check key size of cert unless specified not to */
switch (cert->keyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
#ifdef WOLF_PRIVATE_KEY_ID
keyType = rsa_sa_algo;
@@ -8405,6 +8421,11 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
if (der->keyOID == RSAk) {
type = DYNAMIC_TYPE_RSA;
}
#ifdef WC_RSA_PSS
if (der->keyOID == RSAPSSk) {
type = DYNAMIC_TYPE_RSA;
}
#endif
#endif
#ifdef HAVE_ECC
if (der->keyOID == ECDSAk) {
@@ -8417,7 +8438,11 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
#ifdef WOLF_CRYPTO_CB
if (ret == 0) {
#ifndef NO_RSA
if (der->keyOID == RSAk) {
if (der->keyOID == RSAk
#ifdef WC_RSA_PSS
|| der->keyOID == RSAPSSk
#endif
) {
ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey,
der->publicKey, der->pubKeySize);
}
@@ -8435,7 +8460,11 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
#endif
if (pkey != NULL) {
#ifndef NO_RSA
if (der->keyOID == RSAk) {
if (der->keyOID == RSAk
#ifdef WC_RSA_PSS
|| der->keyOID == RSAPSSk
#endif
) {
wc_FreeRsaKey((RsaKey*)pkey);
}
#endif
@@ -9195,7 +9224,11 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
WOLFSSL_MSG("Found PKCS8 header");
pkcs8HeaderSz = (word16)idx;
if ((type == EVP_PKEY_RSA && algId != RSAk) ||
if ((type == EVP_PKEY_RSA && algId != RSAk
#ifdef WC_RSA_PSS
&& algId != RSAPSSk
#endif
) ||
(type == EVP_PKEY_EC && algId != ECDSAk) ||
(type == EVP_PKEY_DSA && algId != DSAk) ||
(type == EVP_PKEY_DH && algId != DHk)) {
@@ -29465,9 +29498,14 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
/* Update the available options with public keys. */
switch (x->pubKeyOID) {
#ifndef NO_RSA
#ifdef WC_RSA_PSS
case RSAPSSk:
#endif
case RSAk:
ctx->haveRSA = 1;
break;
#endif
#ifdef HAVE_ED25519
case ED25519k:
#endif

80
tests/api.c
View File

@@ -2378,6 +2378,62 @@ static int test_wolfSSL_FPKI(void)
return 0;
}
static int test_wolfSSL_CertRsaPss(void)
{
/* FIPS v2 and below don't support long salts. */
#if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \
(defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2)))
XFILE f;
const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der";
const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem";
#ifdef WOLFSSL_SHA384
const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der";
const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem";
#endif
DecodedCert cert;
byte buf[4096];
int bytes;
WOLFSSL_CERT_MANAGER* cm;
printf(testingFmt, "test_CertRsaPss");
cm = wolfSSL_CertManagerNew();
AssertNotNull(cm);
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL));
#ifdef WOLFSSL_SHA384
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL));
#endif
f = XFOPEN(rsaPssSha256Cert, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
wc_InitDecodedCert(&cert, buf, bytes, NULL);
AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
wc_FreeDecodedCert(&cert);
#ifdef WOLFSSL_SHA384
f = XFOPEN(rsaPssSha384Cert, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
wc_InitDecodedCert(&cert, buf, bytes, NULL);
AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0);
wc_FreeDecodedCert(&cert);
#endif
wolfSSL_CertManagerFree(cm);
printf(resultFmt, passed);
#endif
return 0;
}
static int test_wolfSSL_CertManagerCRL(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
@@ -18523,6 +18579,12 @@ static int test_wc_RsaPublicKeyDecode(void)
int bytes = 0;
word32 keySz = 0;
word32 tstKeySz = 0;
#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
XFILE f;
const char* rsaPssPubKey = "./certs/rsapss/ca-rsapss-key.der";
const char* rsaPssPubKeyNoParams = "./certs/rsapss/ca-3072-rsapss-key.der";
byte buf[4096];
#endif
tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
@@ -18592,6 +18654,23 @@ static int test_wc_RsaPublicKeyDecode(void)
ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR;
}
#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM)
f = XFOPEN(rsaPssPubKey, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
idx = 0;
AssertIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
NULL), 0);
f = XFOPEN(rsaPssPubKeyNoParams, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
idx = 0;
AssertIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL,
NULL), 0);
#endif
if (tmp != NULL) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
@@ -57044,6 +57123,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_CertManagerNameConstraint4),
TEST_DECL(test_wolfSSL_CertManagerNameConstraint5),
TEST_DECL(test_wolfSSL_FPKI),
TEST_DECL(test_wolfSSL_CertRsaPss),
TEST_DECL(test_wolfSSL_CertManagerCRL),
TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex),
TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex),

1
tests/include.am
View File

@@ -48,6 +48,7 @@ EXTRA_DIST += tests/unit.h \
tests/test-sctp.conf \
tests/test-sctp-sha2.conf \
tests/test-sig.conf \
tests/test-rsapss.conf \
tests/test-ed25519.conf \
tests/test-ed448.conf \
tests/test-enckeys.conf \

14
tests/suites.c
View File

@@ -916,6 +916,20 @@ int SuiteTest(int argc, char** argv)
}
#endif
#endif
#if defined(WC_RSA_PSS) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
(!defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST_VERSION) && \
(HAVE_SELFTEST_VERSION > 2)))
/* add RSA-PSS certificate cipher suite tests */
XSTRLCPY(argv0[1], "tests/test-rsapss.conf", sizeof(argv0[1]));
printf("starting RSA-PSS extra cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) && \
defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_VERIFY) && \
defined(HAVE_ED25519_KEY_IMPORT) && defined(HAVE_ED25519_KEY_EXPORT)

74
tests/test-rsapss.conf Normal file
View File

@@ -0,0 +1,74 @@
# server TLSv1.2 - RSA PSS SHA256 MGF1 SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-c ./certs/rsapss/server-rsapss.pem
-k ./certs/rsapss/server-rsapss-priv.pem
-d
# client TLSv1.2 - RSA PSS SHA256 MGF1 SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/rsapss/root-rsapss.pem
-C
# server TLSv1.2 - RSA PSS SHA256 MGF1 SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-c ./certs/rsapss/server-rsapss.pem
-k ./certs/rsapss/server-rsapss-priv.pem
-A ./certs/rsapss/client-rsapss.pem
-V
# client TLSv1.2 - RSA PSS SHA256 MGF1 SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-c ./certs/rsapss/client-rsapss.pem
-k ./certs/rsapss/client-rsapss-priv.pem
-A ./certs/rsapss/root-rsapss.pem
-C
# server TLSv1.2 - RSA PSS SHA384 MGF1 SHA384
-v 3
-l DHE-RSA-AES256-GCM-SHA384
-c ./certs/rsapss/server-3072-rsapss.pem
-k ./certs/rsapss/server-3072-rsapss-priv.pem
-A ./certs/rsapss/client-3072-rsapss.pem
-V
# client TLSv1.2 - RSA PSS SHA384 MGF1 SHA384
-v 3
-l DHE-RSA-AES256-GCM-SHA384
-c ./certs/rsapss/client-3072-rsapss.pem
-k ./certs/rsapss/client-3072-rsapss-priv.pem
-A ./certs/rsapss/root-3072-rsapss.pem
-C
# server TLSv1.3 - RSA PSS SHA384 MGF1 SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-c ./certs/rsapss/server-rsapss.pem
-k ./certs/rsapss/server-rsapss-priv.pem
-d
# client TLSv1.3 - RSA PSS SHA384 MGF1 SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-A ./certs/rsapss/root-rsapss.pem
-C
# server TLSv1.3 - RSA PSS SHA384 MGF1 SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-c ./certs/rsapss/server-rsapss.pem
-k ./certs/rsapss/server-rsapss-priv.pem
-A ./certs/rsapss/client-rsapss.pem
-V
# client TLSv1.3 - RSA PSS SHA384 MGF1 SHA384
-v 4
-l TLS13-AES256-GCM-SHA384
-c ./certs/rsapss/client-rsapss.pem
-k ./certs/rsapss/client-rsapss-priv.pem
-A ./certs/rsapss/root-rsapss.pem
-C

990
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

9
wolfssl/wolfcrypt/asn.h
View File

@@ -1052,7 +1052,6 @@ enum Hash_Sum {
SHAKE256h = 425
};
#if !defined(NO_DES3) || !defined(NO_AES)
enum Block_Sum {
#ifdef WOLFSSL_AES_128
@@ -1081,6 +1080,7 @@ enum Block_Sum {
enum Key_Sum {
DSAk = 515,
RSAk = 645,
RSAPSSk = 654,
ECDSAk = 518,
ED25519k = 256, /* 1.3.101.112 */
X25519k = 254, /* 1.3.101.110 */
@@ -1119,7 +1119,8 @@ enum Key_Agree {
enum KDF_Sum {
PBKDF2_OID = 660
PBKDF2_OID = 660,
MGF1_OID = 652,
};
@@ -1549,6 +1550,10 @@ struct DecodedCert {
word32 sigLength; /* length of signature */
word32 signatureOID; /* sum of algorithm object id */
word32 keyOID; /* sum of key algo object id */
#ifdef WC_RSA_PSS
word32 sigParamsIndex; /* start of signature parameters */
word32 sigParamsLength; /* length of signature parameters */
#endif
int version; /* cert version, 1 or 3 */
DNS_entry* altNames; /* alt names list of dns entries */
#ifndef IGNORE_NAME_CONSTRAINTS

2
wolfssl/wolfcrypt/asn_public.h
View File

@@ -167,6 +167,8 @@ enum Ctc_SigType {
CTC_SHA3_384wRSA = 429,
CTC_SHA3_512wRSA = 430,
CTC_RSASSAPSS = 654,
CTC_ED25519 = 256,
CTC_ED448 = 257,