Remove the secure_messaging description for 3.0.1 build

secure_messaging/pki/generate_ca.sh

@@ -1,29 +0,0 @@
-#!/bin/bash
-
-CURVE=secp521r1
-DAYS=1825
-
-######
-
-DIR=PKI
-
-######
-
-set -e -u
-
-if [[ -e "$DIR/private/ca.key.pem" ]] ; then
-    echo "CA already exists, please remove it manually if you want to generate a new one" 1>&2
-    exit 2
-fi
-
-mkdir -p "$DIR/private" "$DIR/certs"
-
-openssl ecparam -name "$CURVE" -genkey -check -noout -outform pem -out "$DIR/private/ca.key.pem"
-
-openssl req -config openssl.cnf -extensions v3_ca -days $DAYS -new -x509 -sha256 -keyform pem -key "$DIR/private/ca.key.pem" -outform pem -out "$DIR/certs/ca.cert.pem"
-
-touch $DIR/index.txt
-
-echo 1000 > $DIR/serial
-
-echo 1000 > $DIR/crlnumber

secure_messaging/pki/generate_token.sh

@@ -1,42 +0,0 @@
-#!/bin/bash
-
-CURVE=secp256r1
-DAYS=730
-
-######
-
-DIR=PKI
-
-######
-
-set -e  -u
-
-if [[ $# -lt 1 ]] ; then
-    echo "Missing card certificate identifier" 1>&2
-    exit 1
-fi
-if [[ $# -gt 1 ]] ; then
-    echo "Too many parameters" 1>&2
-    exit 2
-fi
-
-if [[ ! -e "$DIR/private/ca.key.pem" ]] ; then
-    echo "Missing CA (please execute generate_ca.sh)" 1>&2
-    exit 2
-fi
-
-
-NAME="$1"
-
-mkdir -p "$DIR/csr"
-
-openssl ecparam -name "$CURVE" -genkey -check -noout -outform der -out "$DIR/private/$NAME.key.der"
-
-openssl req -config openssl.cnf -new -sha256 -keyform der -key "$DIR/private/$NAME.key.der" -outform pem -out "$DIR/csr/$NAME.csr.pem"
-
-openssl ca -config openssl.cnf -extensions card_cert -days $DAYS -md sha256 -in "$DIR/csr/$NAME.csr.pem" -out "$DIR/certs/$NAME.cert.pem"
-
-openssl x509 -inform pem -in "$DIR/certs/$NAME.cert.pem" -outform der -out "$DIR/certs/$NAME.cert.der"
-
-rm "$DIR/certs/$NAME.cert.pem"
-

secure_messaging/pki/openssl.cnf

@@ -1,91 +0,0 @@
-
-[ ca ]
-default_ca = CA_default
-
-[ CA_default ]
-# Directory and file locations.
-dir               = ./PKI/
-certs             = $dir/certs
-crl_dir           = $dir/crl
-new_certs_dir     = $dir/certs
-database          = $dir/index.txt
-serial            = $dir/serial
-RANDFILE          = $dir/private/.rand
-
-# The root key and root certificate.
-private_key       = $dir/private/ca.key.pem
-certificate       = $dir/certs/ca.cert.pem
-
-# For certificate revocation lists.
-crlnumber         = $dir/crlnumber
-crl               = $dir/crl/ca.crl.pem
-crl_extensions    = crl_ext
-default_crl_days  = 30
-
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md        = sha256
-
-name_opt          = ca_default
-cert_opt          = ca_default
-default_days      = 730
-preserve          = no
-policy            = policy_loose
-
-[ policy_loose ]
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-[ req ]
-# Options for the `req` tool (`man req`).
-default_bits        = 2048
-distinguished_name  = req_distinguished_name
-string_mask         = utf8only
-
-# SHA-1 is deprecated, so use SHA-2 instead.
-default_md          = sha256
-
-# Extension to add when the -x509 option is used.
-x509_extensions     = v3_ca
-
-[ req_distinguished_name ]
-# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
-countryName                     = Country Name (2 letter code)
-stateOrProvinceName             = State or Province Name
-localityName                    = Locality Name
-0.organizationName              = Organization Name
-organizationalUnitName          = Organizational Unit Name
-commonName                      = Common Name
-emailAddress                    = Email Address
-
-# Optionally, specify some defaults.
-countryName_default             = 
-stateOrProvinceName_default     = 
-localityName_default            =
-0.organizationName_default      = 
-organizationalUnitName_default  =
-emailAddress_default            =
-
-[ v3_ca ]
-# Extensions for a typical CA (`man x509v3_config`).
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer
-basicConstraints = critical, CA:true, pathlen:1
-keyUsage = critical, digitalSignature, cRLSign, keyCertSign
-
-[ card_cert ]
-# Extensions for client certificates (`man x509v3_config`).
-basicConstraints = CA:FALSE
-nsCertType = client
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid,issuer
-keyUsage = critical, nonRepudiation
-
-[ crl_ext ]
-# Extension for CRLs (`man x509v3_config`).
-authorityKeyIdentifier=keyid:always
-