New test/sun/security/pkcs12/params/README

   1 1. Preparing data in this directory
   2 
   3 mkdir tmp
   4 cd tmp
   5 keytool -keystore ks -genkeypair -storepass changeit -alias a -dname CN=A
   6 openssl pkcs12 -in ks -nodes -out kandc -passin pass:changeit
   7 openssl pkcs12 -export -in kandc -out os2 -name a -passout pass:changeit \
   8         -certpbe NONE -nomac
   9 openssl pkcs12 -export -in kandc -out os3 -name a -passout pass:changeit \
  10         -certpbe NONE
  11 openssl pkcs12 -export -in kandc -out os4 -name a -passout pass:changeit \
  12         -certpbe PBE-SHA1-RC4-128 -keypbe PBE-SHA1-RC4-128 -macalg SHA224
  13 openssl pkcs12 -export -in kandc -out os5 -name a -passout pass:changeit \
  14         -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA512
  15 for a in *; do
  16     openssl base64 -in $a -out ../$a
  17 done
  18 cd ..
  19 rm -rf tmp
  20 
  21 2. After running the test, we can go to the scratch directory and run the
  22 following commands to check keytool -> openssl interoperability.
  23 OpenSSL 1.1.0i is used here. Earlier versions might generate different info.
  24 
  25 (
  26 openssl pkcs12 -in ks2 -passin pass:changeit -info -nokeys -nocerts 2> t2 || exit 20
  27 grep "MAC:sha1 Iteration 100000" t2 || exit 21
  28 grep "Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 50000" t2 || exit 23
  29 grep "PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 50000" t2 || exit 24
  30 
  31 openssl pkcs12 -in ks22 -passin pass:changeit -info -nokeys -nocerts 2> t22 || exit 25
  32 diff t2 t22 || exit 26
  33 
  34 openssl pkcs12 -in ks3 -passin pass:changeit -info -nokeys -nocerts && exit 30
  35 
  36 openssl pkcs12 -in ks3 -passin pass:changeit -info -nokeys -nocerts -nomacver 2> t3 || exit 31
  37 grep "PKCS7 Encrypted data:" t3 && exit 33
  38 grep "Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 50000" t3 || exit 34
  39 grep "Shrouded Keybag: pbeWithSHA1And128BitRC4, Iteration 50000" t3 || exit 35
  40 
  41 openssl pkcs12 -in ks33 -passin pass:changeit -info -nokeys -nocerts -nomacver 2> t33 || exit 36
  42 diff t3 t33 || exit 37
  43 
  44 openssl pkcs12 -in ks4 -passin pass:changeit -info -nokeys -nocerts 2> t4 || exit 40
  45 grep "MAC:sha1 Iteration 5555" t4 || exit 41
  46 grep "Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 7777" t4 || exit 43
  47 grep "Shrouded Keybag: pbeWithSHA1And128BitRC4, Iteration 50000" t4 || exit 44
  48 grep "PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 6666" t4 || exit 45
  49 
  50 openssl pkcs12 -in ks44 -passin pass:changeit -info -nokeys -nocerts 2> t44 || exit 46
  51 diff t4 t44 || exit 47
  52 
  53 echo Succeed
  54 )