/* Generate a 1024 bit RSA key, and then create a PKCS #10 certificate request for that key. The private key will be stored as an encrypted PKCS #8 object, and stored in another file. Written by Jack Lloyd (lloyd@randombit.net), April 7, 2003 This file is in the public domain */ #include #include #include #include #include using namespace Botan; #include #include int main(int argc, char* argv[]) { if(argc != 6) { std::cout << "Usage: " << argv[0] << " passphrase name country_code organization email" << std::endl; return 1; } try { RSA_PrivateKey priv_key(1024, global_state().prng_reference()); // If you want a DSA key instead of RSA, comment out the above line and // uncomment this one: //DSA_PrivateKey priv_key(DL_Group("dsa/jce/1024")); std::ofstream key_file("private.pem"); key_file << PKCS8::PEM_encode(priv_key, argv[1]); X509_Cert_Options opts; opts.common_name = argv[2]; opts.country = argv[3]; opts.organization = argv[4]; opts.email = argv[5]; /* Some hard-coded options, just to give you an idea of what's there */ opts.challenge = "a fixed challenge passphrase"; opts.locality = "Baltimore"; opts.state = "MD"; opts.org_unit = "Testing"; opts.add_ex_constraint("PKIX.ClientAuth"); opts.add_ex_constraint("PKIX.IPsecUser"); opts.add_ex_constraint("PKIX.EmailProtection"); opts.xmpp = "someid@xmpp.org"; PKCS10_Request req = X509::create_cert_req(opts, priv_key); std::ofstream req_file("req.pem"); req_file << req.PEM_encode(); } catch(std::exception& e) { std::cout << e.what() << std::endl; return 1; } return 0; }