Hi there,
Attached are:
1) getKeyReq.tk:
expectk source which I request openssl to generate a RSA:1024 bit key
pair
and a certificate request. Please read the header as the scripts two
environment
variables. One can change the key type to DSA:nnn and extend the gui to
handle more req options.
2) getKey.ps:
to see the lookandfeel of the GUI, you can view this ps file via
ghostview
I hope this helps,
[EMAIL PROTECTED] wrote:
> Fine !
> Can you send the part of the sourcecode which you make the client req.
>
> Lot of thanks,
>
> hirntod
>
> On Mon, 10 Jul 2000, Wendy Breu wrote:
>
> > Hi there,
> >
> > I did something similar via a tk/expect script to generate a certificate
> > request.
> > A user would enter all necessary info for a Distinguished Name in the
> > "tk "gui,
> > then the script extracts the pieces of info and feed it to the "expect"
> > portion of the
> > script in the backgroud.
> >
> > I reckon you can do something similar by using perl/tk CGI script.
> >
> > --
> > ******
> > -- Wendy | mailto:[EMAIL PROTECTED] | http://www.vovida.com |
> > | phone : 1-408-383-1026 |
> >
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
******
-- Wendy | mailto:[EMAIL PROTECTED] | http://www.vovida.com |
| phone : 1-408-383-1026 |
#!/usr/bin/expectk -f
## *********************************************************************
##
## $Id$
##
## *********************************************************************
##
## This library is free software; you can redistribute it and/or modify
## it under the terms of the GNU Lesser General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## This library is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## Lesser General Public License for more details.
##
## You should have received a copy of the GNU Lesser General Public
## License along with this library; if not; write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 345, Boston, MA 02111-1457
## USA.
##
## Copyright 1999-2000 Vovida Networks, Inc. All Rights Reserved.
##
## *********************************************************************
##
## $Log$
## Revision 1.2 2000/07/05 22:59:32 hyu
## Merging BRANCH_CURD into HEAD.
##
## Revision 1.1.2.1 2000/06/27 23:13:02 wbreu
## Tk/expect scripts to do device enrollment
##
##
## *********************************************************************
## expecttk gui spawns the openssl application to obtain
## public/ private key pair, and also to generate a certicate request
## (in base 64 encoding). It also converts the key (B64) to a DER
## format ready to be used by the OSP client.
##
## Requirements: user needs to set up following Environment Variables:
## OPENSSL_PATH and MY_TCLTK_PATH
##
## Output files:
## pkey_00001.dat - key file in DER format
## CertReqB64.dat - certificate request message in PEM format
##
# set window title "." is the main window
wm title . "Openssl key / certificate request"
global timeout
set timeout 30
frame .overframe -borderwidth 0
set f [frame .overframe.controlbutton -borderwidth 5]
pack $f -side left -ipadx 50
set but [button $f.run -text "Run" -command Run]
button $f.help -text "Help" -command Help
button $f.quit -text "Quit" -command Quit
pack $f.quit $f.help $f.run -ipadx 30 -side right
# proc CommandEntry { name label width command args } {
proc CommandEntry { name label width1 width2 args } {
frame $name -borderwidth 10
label $name.label -text $label -width $width1 -anchor w
eval { entry $name.entry -width $width2 -relief sunken } $args
pack $name.label -side left
pack $name.entry -side left -fill x -expand true
bind $name.entry <Control-c> Stop
# bind $name.entry <Return>
return $name.entry
}
# Let CommandEntry to create a frame for each label/entry
label .prompt1 -text "Enter key information:" -padx 20 -width 20 -anchor w
global keyfile certreqfile
set keyfile "pkey_00001.dat"
set certreqfile "CertReqB64.dat"
# key information:
CommandEntry .keytype KeyType 20 45 -textvariable keytype
#CommandEntry .keyfile KeyFile 20 45 -textvariable keyfile
label .prompt2 -text "Enter information for a Distinguished Name:" \
-padx 20 -width 40 -anchor w
# Information needed to form a Distinguished Name (DN):
CommandEntry .passphrase PassPhrase 20 45 -textvariable passphrase
CommandEntry .country CountryName 20 45 -textvariable country
CommandEntry .state State 20 45 -textvariable state
CommandEntry .city City 20 45 -textvariable city
CommandEntry .org Organization 20 45 -textvariable org
CommandEntry .unit DepartmentUnit 20 45 -textvariable unit
CommandEntry .name Name 20 45 -textvariable name
CommandEntry .email Email 20 45 -textvariable email
label .info1 -text "key is stored in file ./$keyfile" \
-padx 20 -width 40 -anchor w
label .info2 -text "certificate request is stored in file ./$certreqfile" \
-padx 20 -width 40 -anchor w
# set default parameters:
set keytype "rsa:1024"
set passphrase "abcdefg"
set country "US"
set state "California"
set city "San Jose"
set org "Vovida Networks"
set unit "Technology"
set name "Wendy"
set email "[EMAIL PROTECTED]"
pack .prompt1 -side left -ipadx 165 -side top
pack .keytype -side top
pack .prompt2 -side left -ipadx 90 -side top
pack .passphrase .country .state \
.city .org .unit .name .email .overframe -side top
pack .info1 -side left -ipadx 90 -side top
pack .info2 -side left -ipadx 90 -side top
# create a text widget to log the output
frame .t
set log [text .t.log -width 80 -height 10 \
-borderwidth 2 -relief raised -setgrid true \
-yscrollcommand {.t.scroll set}]
scrollbar .t.scroll -command {.t.log yview}
pack .t.scroll -side right -fill y
pack .t.log -side left -fill both -expand true
pack .t -side top -fill both -expand true
# get path to the tcl/tk script
global myscript_path
if [info exists env(MY_TCLTK_PATH)] {
set myscript_path "$env(MY_TCLTK_PATH)"
} else {
set myscript_path "./"
$log insert end "default env(MY_TCLTK_PATH) to ./\n"
}
# get path to access openssl
global myssl_path
if [info exists env(OPENSSL_PATH)] {
set myssl_path "$env(OPENSSL_PATH)"
} else {
$log insert end "default env(OPENSSL_PATH) to ./\n"
set myssl_path "./"
}
proc Help {} {
global log
set helpTxt \
"Click on the Run button to send a key request and a certificate\nrequest to
Openssl.\nN.B. This script assumes that OPENSSL_PATH and MY_TCKTK_PATH \nenvironment
variables are set up.\n"
$log insert end $helpTxt\n
}
# run the program and arrange to read its input
proc Run {} {
global keytype keyfile certreqfile passphrase country
global state city org unit name email log but
global myscript_path myssl_path
set parms "$keytype $keyfile $passphrase $country $state $city $org $unit $name
$email"
if [ catch [set pid "spawn $myssl_path/openssl"] reason ] {
$log insert end "failed to spawn openssl: $reason\n"
return
}
expect {
timeout { puts "openssl timed out"; exit 1 }
"OpenSSL>" { $log insert end $expect_out(buffer) }
}
exp_send "req -newkey $keytype -keyout $keyfile -out $certreqfile -outform PEM
-config $myssl_path/openssl.cnf\r"
# enter pass phrase:
expect "Enter PEM pass phrase" { exp_send "$passphrase\r"
$log insert end $expect_out(buffer) }
expect "Verifying password *:" { exp_send "$passphrase\r"
$log insert end $expect_out(buffer) }
# submit fields for a Distinguished Name (DN):
expect "Country Name *:" { exp_send "$country\r"
$log insert end $expect_out(buffer)}
expect "State *:" { exp_send "$state\r"
$log insert end $expect_out(buffer)}
expect "Locality *:" { exp_send "$city\r"
$log insert end $expect_out(buffer)}
expect "Organization Name *:" { exp_send "$org\r"
$log insert end $expect_out(buffer)}
expect "Organizational Unit *:" { exp_send "$unit\r"
$log insert end $expect_out(buffer)}
expect "Common Name *:" { exp_send "$name\r"
$log insert end $expect_out(buffer)}
expect "Email Address *:" { exp_send "$email\r"
$log insert end $expect_out(buffer)}
# just carriage return for extra attributes:
expect "A challenge password *:" { exp_send "\r"
$log insert end $expect_out(buffer)}
expect "An optional company *:" { exp_send "\r"
$log insert end $expect_out(buffer)}
# Certificate request is generated, convert key to DER format:
expect "OpenSSL>" {
$log insert end $expect_out(buffer)
$log see end
exp_send "rsa -in $keyfile -outform DER -out $keyfile\r"
}
expect "*Enter PEM pass phrase:" {
$log insert end $expect_out(buffer) }
exp_send "$passphrase\r"
expect "*OpenSSL>" {
$log insert end $expect_out(buffer)
$log insert end "\nrequest completes\n"
$log see end
exp_send "quit\r"
return
}
expect {
timeout { $log insert end "openssl timeout\n" }
eof { $log insert end "output exhausted\n"
$log see end }
}
}
# stop the program and fix up the radiobutton
proc Stop {} {
global input but
catch {close $input}
$but config -text "Run" -command Run
}
proc Quit {} {
exit
}
# end of getKeyReq.tcl
getKey.ps
