2 files changed, 89 insertions, 0 deletions
diff --git a/examples/self.x509 b/examples/self.x509
new file mode 100755
index 0000000..39525d0
--- /dev/null
+++ b/examples/self.x509
@@ -0,0 +1,54 @@
+#!/usr/local/lua52/bin/lua
+--
+-- Example self-signed X.509 certificate generation.
+--
+-- Skips intermediate CSR object, which is just an antiquated way for
+-- specifying subject DN and public key to CAs. See API documentation for
+-- CSR generation.
+--
+local pubkey = require"openssl.pubkey"
+local x509 = require"openssl.x509"
+local name = require"openssl.x509.name"
+local altname = require"openssl.x509.altname"
+-- generate our public/private key pair
+--local key = pubkey.new{ type = "RSA", bits = 1024 }
+--local key = pubkey.new{ type = "DSA", bits = 1024 }
+local key = pubkey.new{ type = "EC", curve = "prime192v1" }
+-- our Subject and Issuer DN (self-signed, so same)
+local dn = name.new()
+dn:add("C", "US")
+dn:add("ST", "California")
+dn:add("L", "San Francisco")
+dn:add("O", "Acme, Inc")
+dn:add("CN", "acme.inc")
+-- our Alternative Names
+local alt = altname.new()
+alt:add("DNS", "acme.inc")
+alt:add("DNS", "*.acme.inc")
+-- build our certificate
+local crt = x509.new()
+crt:setVersion(3)
+crt:setSerial(47)
+crt:setSubject(dn)
+crt:setIssuer(crt:getSubject())
+crt:setSubjectAlt(alt)
+local issued, expires = crt:getLifetime()
+crt:setLifetime(issued, expires + 60) -- good for 60 seconds
+crt:setBasicConstraints{ CA = true, pathLen = 2 }
+crt:setBasicConstraintsCritical(true)
+crt:setPublicKey(key)
+crt:sign(key)
+-- pretty-print using openssl command-line utility.
+io.popen("openssl x509 -text -noout", "w"):write(tostring(crt))
diff --git a/examples/vrfy.sig b/examples/vrfy.sig
new file mode 100755
index 0000000..94daf43
--- /dev/null
+++ b/examples/vrfy.sig
@@ -0,0 +1,35 @@
+#!/usr/local/lua52/bin/lua
+--
+-- Example public-key signature verification.
+--
+local pubkey = require"openssl.pubkey"
+local digest = require"openssl.digest"
+-- generate a public/private key pair
+local key = pubkey.new{ type = "EC", curve = "prime192v1" }
+-- digest our message using an appropriate digest ("ecdsa-with-SHA1" for EC;
+-- "dss1" for DSA; and "sha1", "sha256", etc for RSA).
+local data = digest.new"ecdsa-with-SHA1"
+data:update(... or "hello world")
+-- generate a signature for our data
+local sig = key:sign(data)
+-- to prove verification works, instantiate a new object holding just
+-- the public key
+local pub = pubkey.new(key:toPEM"public")
+-- a utility routine to output our signature
+local function tohex(b)
+        local x = ""
+        for i = 1, #b do
+                x = x .. string.format("%.2x", string.byte(b, i))
+        end
+        return x
+end
+print("okay", pub:verify(sig, data))
+print("type", pub:type())
+print("sig", tohex(sig))

diff --git a/examples/self.x509 b/examples/self.x509 new file mode 100755 index 0000000..39525d0 --- /dev/null +++ b/examples/self.x509
@@ -0,0 +1,54 @@
	1	#!/usr/local/lua52/bin/lua
	2	--
	3	-- Example self-signed X.509 certificate generation.
	4	--
	5	-- Skips intermediate CSR object, which is just an antiquated way for
	6	-- specifying subject DN and public key to CAs. See API documentation for
	7	-- CSR generation.
	8	--
	9
	10	local pubkey = require"openssl.pubkey"
	11	local x509 = require"openssl.x509"
	12	local name = require"openssl.x509.name"
	13	local altname = require"openssl.x509.altname"
	14
	15	-- generate our public/private key pair
	16	--local key = pubkey.new{ type = "RSA", bits = 1024 }
	17	--local key = pubkey.new{ type = "DSA", bits = 1024 }
	18	local key = pubkey.new{ type = "EC", curve = "prime192v1" }
	19
	20	-- our Subject and Issuer DN (self-signed, so same)
	21	local dn = name.new()
	22	dn:add("C", "US")
	23	dn:add("ST", "California")
	24	dn:add("L", "San Francisco")
	25	dn:add("O", "Acme, Inc")
	26	dn:add("CN", "acme.inc")
	27
	28	-- our Alternative Names
	29	local alt = altname.new()
	30	alt:add("DNS", "acme.inc")
	31	alt:add("DNS", "*.acme.inc")
	32
	33	-- build our certificate
	34	local crt = x509.new()
	35
	36	crt:setVersion(3)
	37	crt:setSerial(47)
	38
	39	crt:setSubject(dn)
	40	crt:setIssuer(crt:getSubject())
	41	crt:setSubjectAlt(alt)
	42
	43	local issued, expires = crt:getLifetime()
	44	crt:setLifetime(issued, expires + 60) -- good for 60 seconds
	45
	46	crt:setBasicConstraints{ CA = true, pathLen = 2 }
	47	crt:setBasicConstraintsCritical(true)
	48
	49	crt:setPublicKey(key)
	50	crt:sign(key)
	51
	52	-- pretty-print using openssl command-line utility.
	53	io.popen("openssl x509 -text -noout", "w"):write(tostring(crt))
	54


diff --git a/examples/vrfy.sig b/examples/vrfy.sig new file mode 100755 index 0000000..94daf43 --- /dev/null +++ b/examples/vrfy.sig
@@ -0,0 +1,35 @@
	1	#!/usr/local/lua52/bin/lua
	2	--
	3	-- Example public-key signature verification.
	4	--
	5
	6	local pubkey = require"openssl.pubkey"
	7	local digest = require"openssl.digest"
	8
	9	-- generate a public/private key pair
	10	local key = pubkey.new{ type = "EC", curve = "prime192v1" }
	11
	12	-- digest our message using an appropriate digest ("ecdsa-with-SHA1" for EC;
	13	-- "dss1" for DSA; and "sha1", "sha256", etc for RSA).
	14	local data = digest.new"ecdsa-with-SHA1"
	15	data:update(... or "hello world")
	16
	17	-- generate a signature for our data
	18	local sig = key:sign(data)
	19
	20	-- to prove verification works, instantiate a new object holding just
	21	-- the public key
	22	local pub = pubkey.new(key:toPEM"public")
	23
	24	-- a utility routine to output our signature
	25	local function tohex(b)
	26	local x = ""
	27	for i = 1, #b do
	28	x = x .. string.format("%.2x", string.byte(b, i))
	29	end
	30	return x
	31	end
	32
	33	print("okay", pub:verify(sig, data))
	34	print("type", pub:type())
	35	print("sig", tohex(sig))