github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/cli/e2e/image/testdata/notary/gen.sh (about)

     1  for selfsigned in delgkey1 delgkey2 delgkey3 delgkey4; do
     2          subj='/C=US/ST=CA/L=SanFrancisco/O=Docker/CN=delegation'
     3  
     4          openssl genrsa -out "${selfsigned}.key" 2048
     5          openssl req -new -key "${selfsigned}.key" -out "${selfsigned}.csr" -sha256 -subj "${subj}"
     6          cat > "${selfsigned}.cnf" <<EOL
     7  [selfsigned]
     8  basicConstraints = critical,CA:FALSE
     9  keyUsage = critical, digitalSignature, keyEncipherment
    10  extendedKeyUsage=codeSigning
    11  subjectKeyIdentifier=hash
    12  EOL
    13  
    14          openssl x509 -req -days 3560 -in "${selfsigned}.csr" -signkey "${selfsigned}.key" -sha256 \
    15                  -out "${selfsigned}.crt" -extfile "${selfsigned}.cnf" -extensions selfsigned
    16  
    17          rm "${selfsigned}.cnf" "${selfsigned}.csr"
    18  done