@@ -36,6 +36,16 @@ sudo make install
3636sudo ldconfig # required on some targets
3737```
3838
39+ And need to setup wolfCLU:
40+
41+ ``` sh
42+ ./autogen.sh # Cloned from GitHub
43+ ./configure
44+ make
45+ sudo make install
46+ sudo ldconfig # required on some targets
47+ ```
48+
3949In the directory where this README.md file is found, clean up previous build
4050products and certificates and then build the applications.
4151
@@ -78,33 +88,45 @@ wolfSSL Leaving DoTls13CertificateVerify, return 0
7888Generate the various conventional keys; the post-quantum key are pre-generated:
7989
8090``` sh
81- openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out ca-key.der -outform der
91+ # CA
92+ wolfssl genkey ecc -name secp256r1 -out ca-key -outform pem -output keypair
8293
83- openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out server-key.der -outform der
94+ wolfssl pkey -in ca-key.priv -inform pem -out ca-key.der -outform der
95+
96+ wolfssl pkey -pubin -in ca-key.pub -inform pem -pubout -out ca-pubkey.der -outform der
97+
98+ mv ca-key.priv ca-key.pem
99+
100+ # Server
101+ wolfssl genkey ecc -name secp256r1 -out server-key -outform pem -output keypair
102+
103+ wolfssl pkey -in server-key.priv -inform pem -out server-key.der -outform der
104+
105+ wolfssl pkey -in server-key.priv -inform pem -pubout -out server-pubkey.der -outform der
84106```
85107
86108Generate the certificate chain:
87109
88- ```
110+ ``` sh
89111./gen_ecdsa_mldsa_dual_keysig_root_cert 2
90112
91113./gen_ecdsa_mldsa_dual_keysig_server_cert 2
92114```
93115
94116Convert the DER encoded resulting certificates and keys into PEM:
95117
96- ```
97- openssl x509 -in ca-cert-pq.der -inform der -out ca-P256-mldsa44-cert.pem -outform pem
118+ ``` sh
119+ wolfssl x509 -in ca-cert-pq.der -inform der -out ca-P256-mldsa44-cert.pem -outform pem
98120
99- openssl x509 -in server-cert-pq.der -inform der -out server-P256-mldsa44-cert.pem -outform pem
121+ wolfssl x509 -in server-cert-pq.der -inform der -out server-P256-mldsa44-cert.pem -outform pem
100122
101- openssl pkey -in server-key.der -inform der -out server-P256-key.pem -outform pem
123+ mv server-key.priv server-P256-key.pem
102124
103125cp ../certs/mldsa44_server_key.pem server-mldsa44-key-pq.pem
104126```
105127Then in wolfssl's source directory:
106128
107- ```
129+ ``` sh
108130examples/server/server -d -v 4 -c ../wolfssl-examples/X9.146/server-P256-mldsa44-cert.pem -k ../wolfssl-examples/X9.146/server-P256-key.pem --altPrivKey ../wolfssl-examples/X9.146/server-mldsa44-key-pq.pem
109131
110132examples/client/client -v 4 -A ../wolfssl-examples/X9.146/ca-P256-mldsa44-cert.pem
@@ -114,34 +136,46 @@ examples/client/client -v 4 -A ../wolfssl-examples/X9.146/ca-P256-mldsa44-cert.p
114136Generate the various conventional keys; the post-quantum key are pre-generated:
115137
116138``` sh
117- openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-384 -out ca-key.der -outform der
139+ # CA
140+ wolfssl genkey ecc -name secp384r1 -out ca-key -outform pem -output keypair
141+
142+ wolfssl pkey -in ca-key.priv -inform pem -out ca-key.der -outform der
143+
144+ wolfssl pkey -pubin -in ca-key.pub -inform pem -pubout -out ca-pubkey.der -outform der
145+
146+ mv ca-key.priv ca-key.pem
118147
119- openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-384 -out server-key.der -outform der
148+ # Server
149+ wolfssl genkey ecc -name secp384r1 -out server-key -outform pem -output keypair
150+
151+ wolfssl pkey -in server-key.priv -inform pem -out server-key.der -outform der
152+
153+ wolfssl pkey -in server-key.priv -inform pem -pubout -out server-pubkey.der -outform der
120154```
121155
122156Generate the certificate chain:
123157
124- ```
158+ ``` sh
125159./gen_ecdsa_mldsa_dual_keysig_root_cert 3
126160
127161./gen_ecdsa_mldsa_dual_keysig_server_cert 3
128162```
129163
130164Convert the DER encoded resulting certificates and keys into PEM:
131165
132- ```
133- openssl x509 -in ca-cert-pq.der -inform der -out ca-P384-mldsa65-cert.pem -outform pem
166+ ``` sh
167+ wolfssl x509 -in ca-cert-pq.der -inform der -out ca-P384-mldsa65-cert.pem -outform pem
134168
135- openssl x509 -in server-cert-pq.der -inform der -out server-P384-mldsa65-cert.pem -outform pem
169+ wolfssl x509 -in server-cert-pq.der -inform der -out server-P384-mldsa65-cert.pem -outform pem
136170
137- openssl pkey -in server-key.der -inform der -out server-P384-key.pem -outform pem
171+ mv server-key.priv server-P384-key.pem
138172
139173cp ../certs/mldsa65_server_key.pem server-mldsa65-key-pq.pem
140174```
141175
142176Then in wolfssl's source directory:
143177
144- ```
178+ ``` sh
145179examples/server/server -d -v 4 -c ../wolfssl-examples/X9.146/server-P384-mldsa65-cert.pem -k ../wolfssl-examples/X9.146/server-P384-key.pem --altPrivKey ../wolfssl-examples/X9.146/server-mldsa65-key-pq.pem
146180
147181examples/client/client -v 4 -A ../wolfssl-examples/X9.146/ca-P384-mldsa65-cert.pem
@@ -151,35 +185,46 @@ examples/client/client -v 4 -A ../wolfssl-examples/X9.146/ca-P384-mldsa65-cert.p
151185Generate the various conventional keys; the post-quantum key are pre-generated:
152186
153187``` sh
154- openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-521 -out ca-key.der -outform der
188+ # CA
189+ wolfssl genkey ecc -name secp521r1 -out ca-key -outform pem -output priv
155190
156- openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-521 -out server-key.der -outform der
157- ```
191+ wolfssl pkey -in ca-key.priv -inform pem -out ca-key.der -outform der
158192
159- Generate the certificate chain:
193+ wolfssl pkey -in ca-key.priv -inform pem -pubout -out ca-pubkey.der -outform der
194+
195+ mv ca-key.priv ca-key.pem
160196
197+ # Server
198+ wolfssl genkey ecc -name secp521r1 -out server-key -outform pem -output priv
199+
200+ wolfssl pkey -in server-key.priv -inform pem -out server-key.der -outform der
201+
202+ wolfssl pkey -in server-key.priv -inform pem -pubout -out server-pubkey.der -outform der
161203```
162204
205+ Generate the certificate chain:
206+
207+ ``` sh
163208./gen_ecdsa_mldsa_dual_keysig_root_cert 5
164209
165210./gen_ecdsa_mldsa_dual_keysig_server_cert 5
166211```
167212
168213Convert the DER encoded resulting certificates and keys into PEM:
169214
170- ```
171- openssl x509 -in ca-cert-pq.der -inform der -out ca-P521-mldsa87-cert.pem -outform pem
215+ ``` sh
216+ wolfssl x509 -in ca-cert-pq.der -inform der -out ca-P521-mldsa87-cert.pem -outform pem
172217
173- openssl x509 -in server-cert-pq.der -inform der -out server-P521-mldsa87-cert.pem -outform pem
218+ wolfssl x509 -in server-cert-pq.der -inform der -out server-P521-mldsa87-cert.pem -outform pem
174219
175- openssl pkey -in server-key.der -inform der -out server-P521-key.pem -outform pem
220+ mv server-key.priv server-P521-key.pem
176221
177222cp ../certs/mldsa87_server_key.pem server-mldsa87-key-pq.pem
178223```
179224
180225Then in wolfssl's source directory:
181226
182- ```
227+ ``` sh
183228examples/server/server -d -v 4 -c ../wolfssl-examples/X9.146/server-P521-mldsa87-cert.pem -k ../wolfssl-examples/X9.146/server-P521-key.pem --altPrivKey ../wolfssl-examples/X9.146/server-mldsa87-key-pq.pem
184229
185230examples/client/client -v 4 -A ../wolfssl-examples/X9.146/ca-P521-mldsa87-cert.pem
@@ -191,34 +236,39 @@ examples/client/client -v 4 -A ../wolfssl-examples/X9.146/ca-P521-mldsa87-cert.p
191236Generate the various conventional keys; the post-quantum key are pre-generated:
192237
193238``` sh
194- openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:3072 -out ca-key.der -outform der
239+ # CA
240+ wolfssl -genkey rsa -size 3072 -out ca-key -outform der -output priv
195241
196- openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:3072 -out server-key.der -outform der
197- ```
242+ mv ca-key.priv ca-key.der
198243
199- Generate the certificate chain:
244+ # Server
245+ wolfssl -genkey rsa -size 3072 -out server-key -outform der -output priv
200246
247+ mv server-key.priv server-key.der
201248```
202249
250+ Generate the certificate chain:
251+
252+ ``` sh
203253./gen_rsa_mldsa_dual_keysig_root_cert
204254
205255./gen_rsa_mldsa_dual_keysig_server_cert
206256```
207257
208258Convert the DER encoded resulting certificates and keys into PEM:
209259
210- ```
211- openssl x509 -in ca-cert-pq.der -inform der -out ca-rsa3072-mldsa44-cert.pem -outform pem
260+ ``` sh
261+ wolfssl x509 -in ca-cert-pq.der -inform der -out ca-rsa3072-mldsa44-cert.pem -outform pem
212262
213- openssl x509 -in server-cert-pq.der -inform der -out server-rsa3072-mldsa44-cert.pem -outform pem
263+ wolfssl x509 -in server-cert-pq.der -inform der -out server-rsa3072-mldsa44-cert.pem -outform pem
214264
215- openssl pkey -in server-key.der -inform der -out server-rsa3072-key.pem -outform pem
265+ wolfssl pkey -in server-key.der -inform der -out server-rsa3072-key.pem -outform pem
216266
217267cp ../certs/mldsa44_server_key.pem server-mldsa44-key-pq.pem
218268```
219269Then in wolfssl's source directory:
220270
221- ```
271+ ``` sh
222272examples/server/server -d -v 4 -c ../wolfssl-examples/X9.146/server-rsa3072-mldsa44-cert.pem -k ../wolfssl-examples/X9.146/server-rsa3072-key.pem --altPrivKey ../wolfssl-examples/X9.146/server-mldsa44-key-pq.pem
223273
224274examples/client/client -v 4 -A ../wolfssl-examples/X9.146/ca-rsa3072-mldsa44-cert.pem
@@ -249,15 +299,15 @@ openssl pkey -in alt-server-key.der -inform der -pubout -out alt-server-pub-key.
249299
250300Generate the certificate chain:
251301
252- ```
302+ ``` sh
253303./gen_dual_keysig_root_cert
254304
255305./gen_dual_keysig_server_cert
256306```
257307
258308Convert the DER encoded resulting certificates and keys into PEM:
259309
260- ```
310+ ``` sh
261311openssl x509 -in ./ca-cert.der -inform der -out ca-cert.pem -outform pem
262312
263313openssl x509 -in ./server-cert.der -inform der -out server-cert.pem -outform pem
0 commit comments