diff options
author | Bogumil Zebek <bogumil.zebek@nokia.com> | 2019-08-14 10:52:37 +0200 |
---|---|---|
committer | Zebek Bogumil <bogumil.zebek@nokia.com> | 2019-08-22 12:10:38 +0200 |
commit | 0562debfc5cdd31e61c016aea40272c6c02ad3cb (patch) | |
tree | 79e011e5247c1179d784723bb57c6bede0b3fb14 /csarvalidation/src/test/resources/README.txt | |
parent | 870a89675528664aa5c0aca57f50c584b76a8b8f (diff) |
CMS signature validation
Change-Id: Ie5d1c835d0e6a760f1b7de651a3833cb87b727e0
Issue-ID: VNFSDK-396
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Diffstat (limited to 'csarvalidation/src/test/resources/README.txt')
-rw-r--r-- | csarvalidation/src/test/resources/README.txt | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/csarvalidation/src/test/resources/README.txt b/csarvalidation/src/test/resources/README.txt new file mode 100644 index 0000000..1360ce9 --- /dev/null +++ b/csarvalidation/src/test/resources/README.txt @@ -0,0 +1,20 @@ +How to sign CSAR file - option 2 +--------------------- +openssl req -new -nodes -x509 -keyout root-private-key.pem > root.cert +openssl req -new -nodes -keyout sample-pnf-private-key.pem > sample-pnf-request.pem +openssl x509 -req -CA root.cert -CAkey root-private-key.pem -CAcreateserial < sample-pnf-request.pem > sample-pnf.cert +openssl cms -sign -binary -nocerts -outform pem -signer sample-pnf.cert -inkey sample-pnf-private-key.pem < sample-pnf.csar > sample-pnf.cms + +How to sign CSAR file - option 1 +-------------------------------- +openssl req -new -nodes -x509 -keyout root-private-key.pem > root-certificate.cert +TIP: As a 'Organizational Unit Name' set, for example: Certificate Authority + +openssl req -new -nodes -keyout signing-private-key.pem > signing-request.pem +TIP: As a 'Organizational Unit Name' set, for example: Nokia. Name values must be different! + +openssl x509 -req -CA root-certificate.cert -CAkey root-private-key.pem -CAcreateserial < signing-request.pem > signing-certificate.cert + +openssl cms -sign -signer signing-certificate.cert -inkey signing-private-key.pem -outform pem -binary < MainServiceTemplate.mf > signature-and-certificate.cms + +openssl cms -verify -content MainServiceTemplate.mf -CAfile root-certificate.cert -inform pem -binary < signature-and-certificate.cms > /dev/null |