certgen
Quick and dirty utility for generating artifacts for the IETF 115 PQC hackathon.
This tool uses a PQC-focused branch of a fork of the RustCrypto formats repo that includes support for PQ-related structures and a branch with PQ-focused changes for the certval library and pittv3 utility.
The pqtests.sh script can be used to generate artifacts or to verify artifacts that follow the format defined for the IETF 115 PQC hackathon repo.
For artifact collections that lack (current) revocation information, place a file named default.json
containing the following JSON at the root of the folder containing the artifacts.
{"psCheckRevocationStatus":{"Bool":false}}
The script assumes certgen
is located in the ./target/release
folder and that pittv3
is located in the ../rust-pki/target/release/
folder.
If the binaries are located elsewhere edit lines 35 and/or 36 the script accordingly.
To generate artifacts, run the script with no parameters. A folder named artifacts
will be generated and populated. To verify artifacts,
run the script with the path to the folder containing the artifacts as a parameter. Note, pittv3 will attempt to verify all
files with a .der extension in the artifacts folder. Unfortunately, the naming scheme features private key files named
with .der. For best results, delete files with "_priv.oak" or "_priv.pem" before validating a folder containing artifacts.
The default log.yaml
file writes a large volume of data to the console. Edit it to avoid this. See log4rs
documentation for details on the file format.
Note, the tool does very little error handling.
License
All crates licensed under either of
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.