Skip to content

a bunch of quick and dirty scripts that were written to meet very specific needs during the course of developing secure embedded projects.

Notifications You must be signed in to change notification settings

vppillai/cryptoScript

Repository files navigation

Online Tools

Sl Description Link
1. Convert your PEM encoded files into DER encoded header files to use in embedded systems https://vppillai.github.io/cryptoScript/CryptoHeaderGen.html
2 Generate an ECC key pair and perform ECDSA signature generation and verification using webcrypto APIs https://vppillai.github.io/cryptoScript/FileSigner.html

Security test Scripts

This repo contains a bunch of quick and dirty scripts that were written to meet very specific needs during the course of developing embedded projects. A lot of the code is a result of advanced google-fu and stack-overflow-ology. So, no copyrights or guarantees.

Some of the items below are sample commands that can be issued with existing programs.

Script Name Function
cert2header.py Convert a certificate in PEM format into C header for use with embedded TLS stacks. Usage: python cert2header.py rootCert.cer
cert2header_multi.py Similar to cert2header.py above, but accepts mulriple certificates as input. Usage: python cert2header.py CA1.cer CA2.cer CA3.cer
cert2header_chain.py Generate a PEM certificate chain C array. The script auto detects the certificate chain of the provided certificate from root and intermdiate certificates present in the CA_dir folder passed as the second argument to the script. Usage: python cert2header_chain.py cert.cer CA_dir
key2header.py Convert a key in PEM format into C header for use with embedded TLS stacks. Usage: python key2header.py privateKey.key
createCert.py Generate a self-signed certificate and key in PEM, DER and a C header file format.Can be used to spin up a local server for test.
httpsServer A simple python script that can be used as a test HTTPs server
ecdsaSign.py A tool to generate and verify ECDSA signatures. Signatures are generated in raw (r
genEcdsaKey.py Generate an ecdsa keypair and store them in PEM format

Demo Scripts

Script Name Function
ecdh_demo.py A demo script to demonstrate ECDH key exchange and subsequent use of the shared secret to generate session keys for symmetric encryption
Readme with details: ecdh_demo.md

Commands and one-liners

Creating self signed test certificates

For ECC keys & Certs

openssl ecparam -genkey -name prime256v1 -noout -out ECC_prime256v1.key
MSYS_NO_PATHCONV=1 openssl req -new -x509 -key ECC_prime256v1.key -out ECC_prime256v1.cer -days 900000 -subj "/C=IN/ST=Kerala/L=Kollam/O=embeddedinn/CN=embeddedinn"

Curves can be listed with openssl ecparam --list_curves

The Above command generates a PKCS#1 key. To convert it into a more generic PKCS#8 key, use:

openssl pkcs8 -topk8 -in ECC_prime256v1.key -out ECC_prime256v1_pkcs8.key  -nocrypt

You can extract the public key from the certificate using one of the following :

openssl.exe ec -in ECC_prime256v1.key -pubout -out ECC_prime256v1.pub

OR

openssl x509 -pubkey -noout -in ECC_prime256v1.cer

For RSA keys & Certs

openssl genrsa -out RSA-private-key.pem 2048
MSYS_NO_PATHCONV=1 openssl req -new -x509 -key RSA-private-key.pem -out RSA_Cert.cer -days 900000 -subj "/C=IN/ST=Kerala/L=Kollam/O=embeddedinn/CN=embeddedinn"

You can extract the public key from the certificate using:

openssl rsa -in private-key.pem -pubout -out public-key.pem

Note: MSYS_NO_PATHCONV is set to prevent gitbash from covnerting /C to path

signing a file

You can geneate a signature using:

openssl dgst -sha256 -sign ECC_prime256v1.key -out sign.sha256 hello.txt

Note: The signature is generated in PEM format. (base64 of ASN.1 encoded r and s values). You might have to convert this into base64 encoded raw signatures (r|s format) depending on where you plan to use it.

And, verify with

openssl dgst -sha256 -verify ECC_prime256v1.pub -signature sign.sha256 hello.txt

openssl test server with debug

openssl s_server -key ECC_prime256v1.key -cert ECC_prime256v1.cer -verify 2 -accept 8883 -debug -msg -CApath capath/ -state

scaning cipher suites supported by a server

pysslscan scan --scan=server.ciphers --ssl2 --ssl3 --tls10 --tls11 --tls12 test.mosquitto.org:8883

Crypto Scripts | ക്രിപ്റ്റോ സ്ക്രിപ്റ്റ്സ്

About

a bunch of quick and dirty scripts that were written to meet very specific needs during the course of developing secure embedded projects.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages