This tools in this repo can be used to:
- pqsetup.sh
Can be used to install LibOQS and the accompanying OpenSSL fork, typically for research & testing with post-quantum cryptographic algorithms. - mkcerts.sh
Can be used to quickly create CA infrastructure & accompanying certificates:- Root CA
- Intermediate CA
- OCSP signing
- TLS Server
- TLS Client
For several different algorithms: - RSA
- ECDSA
- EdDSA
- Falcon512
- Falcon1024
- Dilithium2
- Dilithium3
- Dilithium5
- SPHINCS+-Haraka
- SPHINCS+-SHA256
- SPHINCS+-SHAKE256
- openssl.cnf
Is the accompanying config file for proper execution of #2. You can modify as needed if necessary. Key sections are listed below:[RootCA]
[InterCA]
[v3_ca]
[v3_ocsp]
[v3_server]*
[v3_client]*
* - It is particularly important to edit the authorityInfoAccess attribute under these sections, as this defines the OCSP URL for certs signed with these extensions.
pqsetup.sh is written only for the Ubuntu operating system, and will likely fail on any other OS. It should be fairly simple to manipulate the script to consider other OSes though, as the restriction is primarily due to the use of the apt package manager for installing packages. There is also a version check at the beginning of the main function that will need to be omitted to facilitate this bypass.
mkcerts.sh should work fine on any Linux OS, provided the variables have been appropriately configured.
BEFORE running anything, open the script in your editor of choice, look for the below section at the top of the script:
############################################################################### ################################## IMPORTANT ################################## ###############################################################################
This section has parameters that MUST be appropriately set for proper execution. The default values should work fine, but you will likely want to customize certain attributes, such as the certificate subject details, passphrase, etc.
Once you are satisfied with the configuration, simply ./<script name> to run the script
- The scripts in this repo may not be executable by default. This is intentional to maybe stop people from just running things without reading first, and is fixable with the standard
chmod +x <script name>