paulmataruso/nextepc-oss
1
0
Fork 0
mirror of https://github.com/nextepc/nextepc-oss.git synced 2025-10-23 04:52:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
nextepc-oss/misc/make-certs.sh
Sukchan Lee 79d46be086 Introduced Subscription identifier de-concealing 
o Generate the private key as below.
   $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
   $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key

 o The private and public keys can be viewed with the command.
   The public key is used when creating the SIM.
   $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
   $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text

In ausf/udm.yaml

 hnet:
    o Home network public key identifier(PKI) value : 1
      Protection scheme identifier : ECIES scheme profile A
    - id: 1
      scheme: 1
      key: /etc/open5gs/hnet/curve25519-1.key

    o Home network public key identifier(PKI) value : 2
      Protection scheme identifier : ECIES scheme profile B
    - id: 2
      scheme: 2
      key: /etc/open5gs/hnet/secp256r1-2.key

    o Home network public key identifier(PKI) value : 3
      Protection scheme identifier : ECIES scheme profile A
    - id: 3
      scheme: 1
      key: /etc/open5gs/hnet/curve25519-1.key

    o Home network public key identifier(PKI) value : 4
      Protection scheme identifier : ECIES scheme profile B
    - id: 4
      scheme: 2
      key: /etc/open5gs/hnet/secp256r1-2.key

Related to #1779
2022-12-24 20:22:45 +09:00

31 lines
831 B
Bash
Executable File
Raw Permalink Blame History

#!/bin/sh
if [ 1 -ne $# ]
then
echo You must specify output directory : ./make-certs.sh ../config/open5gs/tls
exit;
fi
rm -rf demoCA
mkdir demoCA
echo 01 > demoCA/serial
touch demoCA/index.txt
# CA self certificate
openssl req -new -x509 -days 3650 -newkey rsa:2048 -nodes -keyout $1/ca.key -out $1/ca.crt \
-subj /CN=ca.localdomain/C=KO/ST=Seoul/O=NeoPlane
for i in amf ausf bsf hss mme nrf nssf pcf pcrf scp smf udm udr testserver testclient
do
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 \
-out $1/$i.key
openssl req -new -key $1/$i.key -out $1/$i.csr \
-subj /CN=$i.localdomain/C=KO/ST=Seoul/O=NeoPlane
openssl ca -batch -notext -days 3650 \
-keyfile $1/ca.key -cert $1/ca.crt \
-in $1/$i.csr -out $1/$i.crt -outdir .
done
rm -rf demoCA
rm -f *.pem
Reference in New Issue View Git Blame Copy Permalink