Skip to content

Instantly share code, notes, and snippets.

@diracdeltas

diracdeltas/first-time-sign.sh Secret

Created July 7, 2014 14:24
Show Gist options
  • Save diracdeltas/39d48e315d4ce1a67b83 to your computer and use it in GitHub Desktop.
Save diracdeltas/39d48e315d4ce1a67b83 to your computer and use it in GitHub Desktop.
Download ZIP
making https everywhere signature with NSS
Raw
first-time-sign.sh
# install nss-tools
sudo apt-get install libnss3-tools
# make nss keyring directory
mkdir nssdb
# initialize keyring
certutil -N -d nssdb/
# generate 2048-bit self-signed object signing cert, nickname "httpse"
certutil -S -n httpse -g 2048 -d nssdb -t "p,p,u" -s "CN=EFF" -x
# sign data.txt
pk1sign -i data.txt -k httpse -d nssdb
# output signature:
MIIBFDANBgkqhkiG9w0BAQUFAAOCAQEAwAaU2WVosmCEtmAhSs9YEQj5s04Vyi0dqKImQBer9nCOtCZRNl8+rTkctxuMR8Y4z4K5iG+a6eA6m7HoiqSIc0fwUSZXEHE8BjIKDXVSnpL6Bl4rP5Ymuw0FazSRx8nu/R9ReIXAFcMnzKMNn8vVtRv2JjQqZH2RhC7B/yH9Z5BQCZpa1rRJc2uEJ0H8d0aUeh8Nz+VJnT2w4YO41xlJBsC50IB8R1bpUMvHCCVGUk+M8SrUS+0JPDURdfvTcTU30GBPVUTYlgLmvNeEKF4ITXb35NfdVgA0ZtVUe2eo0Ur6putPlhtYq/8zc+cJ+kD/E+e1MOC+NGCukWnL2cmCVw==
# output pubkey:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMH3pA27nFhz6BpLFB6BwtuRPrfGVIlZ6R9gprfTUJEcZxqC0T2tzxBgQqjEJPeL61YIuXOqXNMsTmHjooxWqeUPUiBqTeXuM3dz+XgL6sxfydN1IwiWYsdD0bQmN9/ixgOamzBKTYxAx+g5TalDDv+xeHcBpf0Htu0JZPTaZZtmclxS4LvZXlYJYkcnv04jP/nRd0W/u/d8SYFvayldsaSiV00+AuHeQwWM5fmMK7t8OlQzXWp7TwqyzFaSaRZnKtzMBdWxK4IzIMYg3T5hYY76I3E0t9s2eqFOH9b4cVvsEFzJl9QOXRPeSGLoF1mTsdLKw1BK+7l7/gUd8ZbIbwIDAQAB
@diracdeltas
Copy link
Author

To sign a string instead of a file:
echo -n '9234260c8285fcd940a74a58078985d09b74f4bf97b77ae36f8f6c6fbd774282' | pk1sign -k httpse -d nssdb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment