GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-09 16:26:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added test for group selection when having a certificate.

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2014-05-20 15:11:30 +02:00
parent 2969d37298
commit 5d0bdf2966
9 changed files with 687 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/Makefile.am
View File

@@ -2,13 +2,13 @@ EXTRA_DIST = ca-key.pem ca.pem common.sh server-cert.pem server-key.pem test1.co
test1.passwd test-user-cert.config user-cert.pem user-key.pem test3.config test-iroute.config \
user-config/test test-pass-script.config test-multi-cookie.config test-pam.config \
test-stress.config user-cert-wrong.pem connect-script kill-parent.sh test-group-pass.passwd \
test-group-pass.config
test-group-pass.config user-group-cert.pem user-group-key.pem test-user-group-cert.config
dist_check_SCRIPTS = test-pass test-pass-cert test-cert test-iroute test-pass-script \
test-multi-cookie test-pam test-stress full-test test-group-pass
test-multi-cookie test-pam test-stress full-test test-group-pass test-pass-group-cert
TESTS = test-pass test-pass-cert test-cert test-iroute test-pass-script \
test-multi-cookie full-test test-group-pass
test-multi-cookie full-test test-group-pass test-pass-group-cert
TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
top_builddir="$(top_builddir)"

66
tests/test-group-cert Normal file
View File

@@ -0,0 +1,66 @@
#!/bin/sh
#
# Copyright (C) 2013 Nikos Mavrogiannopoulos
#
# This file is part of ocserv.
#
# ocserv is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# ocserv is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=6550
. `dirname $0`/common.sh
echo "Testing local backend with certificate... "
launch_server -d 1 -f -c test-group-cert.config & PID=$!
wait_server $PID
echo -n "Connecting to obtain cookie (without certificate)... "
( echo "test" | openconnect --authgroup group1 -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
fail $PID "Connected without certificate!"
echo ok
echo -n "Connecting to obtain cookie - group1 (with certificate)... "
( echo "test" | openconnect --authgroup group1 -q localhost:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
fail $PID "Could not connect with certificate!"
echo ok
echo -n "Connecting to obtain cookie - group2 (with certificate)... "
( echo "test" | openconnect --authgroup group2 -q localhost:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
fail $PID "Could not connect with certificate!"
echo ok
echo -n "Connecting to obtain cookie - group3 (hidden) (with certificate)... "
( echo "test" | openconnect --authgroup group3 -q localhost:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
fail $PID "Could not connect with certificate!"
echo ok
echo -n "Connecting to obtain cookie - group4 (with certificate)... "
( echo "test" | openconnect --authgroup group4 -q localhost:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
fail $PID "Could not connect with certificate!"
echo ok
kill $PID
wait
exit 0

191
tests/test-group-cert.config Normal file
View File

@@ -0,0 +1,191 @@
# User authentication method. Could be set multiple times and in that case
# all should succeed.
# Options: certificate, pam.
auth = "certificate"
#auth = "plain[./test-group.passwd]"
#auth = "pam"
select-group = group1
select-group = group2
# The name of the group that if selected it would allow to use
# the assigned by default group.
default-select-group = DEFAULT
# A banner to be displayed on clients
#banner = "Welcome"
# Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
#listen-host = [IP|HOSTNAME]
use-dbus = no
# Limit the number of clients. Unset or set to zero for unlimited.
#max-clients = 1024
max-clients = 16
# Limit the number of client connections to one every X milliseconds
# (X is the provided value). Set to zero for no limit.
#rate-limit-ms = 100
# Limit the number of identical clients (i.e., users connecting multiple times)
# Unset or set to zero for unlimited.
max-same-clients = 2
# TCP and UDP port number
tcp-port = 6550
udp-port = 6550
# Keepalive in seconds
keepalive = 32400
# Dead peer detection in seconds
dpd = 440
# MTU discovery (DPD must be enabled)
try-mtu-discovery = false
# The key and the certificates of the server
# The key may be a file, or any URL supported by GnuTLS (e.g.,
# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
# or pkcs11:object=my-vpn-key;object-type=private)
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./server-cert.pem
server-key = ./server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
# Can be generated using:
# certtool --generate-dh-params --outfile /path/to/dh.pem
#dh-params = /path/to/dh.pem
# If you have a certificate from a CA that provides an OCSP
# service you may provide a fresh OCSP status response within
# the TLS handshake. That will prevent the client from connecting
# independently on the OCSP server.
# You can update this response periodically using:
# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response
# Make sure that you replace the following file in an atomic way.
#ocsp-response = /path/to/ocsp.der
# In case PKCS #11 or TPM keys are used the PINs should be available
# in files. The srk-pin-file is applicable to TPM keys only (It's the storage
# root key).
#pin-file = /path/to/pin.txt
#srk-pin-file = /path/to/srkpin.txt
# The Certificate Authority that will be used
# to verify clients if certificate authentication
# is set.
ca-cert = ./ca.pem
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
# Useful OIDs are:
# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1
cert-user-oid = 0.9.2342.19200300.100.1.1
# The object identifier that will be used to read the user group in the client
# certificate. The object identifier should be part of the certificate's DN
# Useful OIDs are:
# OU (organizational unit) = 2.5.4.11
cert-group-oid = 2.5.4.11
# A revocation list of ca-cert is set
#crl = /path/to/crl.pem
# GnuTLS priority string
tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# To enforce perfect forward secrecy (PFS) on the main channel.
#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA"
# The time (in seconds) that a client is allowed to stay connected prior
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Cookie validity time (in seconds)
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. This option sets the maximum lifetime
# of that cookie.
cookie-validity = 172800
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
#connect-script = /usr/bin/myscript
#disconnect-script = /usr/bin/myscript
# UTMP
use-utmp = true
# PID file
pid-file = /var/run/ocserv.pid
# The default server directory. Does not require any devices present.
#chroot-dir = /path/to/chroot
# socket file used for IPC, will be appended with .PID
# It must be accessible within the chroot environment (if any)
socket-file = /var/run/ocserv-socket
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = nobody
run-as-group = daemon
# Network settings
device = vpns
# The default domain to be advertised
default-domain = example.com
ipv4-network = 192.168.1.0
ipv4-netmask = 255.255.255.0
# Use the keywork local to advertize the local P-t-P address as DNS server
ipv4-dns = 192.168.1.1
# The NBNS server (if any)
#ipv4-nbns = 192.168.2.3
#ipv6-address =
#ipv6-mask =
#ipv6-dns =
# Prior to leasing any IP from the pool ping it to verify that
# it is not in use by another (unrelated to this server) host.
ping-leases = false
# Leave empty to assign the default MTU of the device
# mtu =
route = 192.168.1.0/255.255.255.0
#route = 192.168.5.0/255.255.255.0
#
# The following options are for (experimental) AnyConnect client
# compatibility. They are only available if the server is built
# with --enable-anyconnect
#
# Client profile xml. A sample file exists in doc/profile.xml.
# This file must be accessible from inside the worker's chroot.
# The profile is ignored by the openconnect client.
#user-profile = profile.xml
# Unless set to false it is required for clients to present their
# certificate even if they are authenticating via a previously granted
# cookie. Legacy CISCO clients do not do that, and thus this option
# should be set for them.
cisco-client-compat = true

2
tests/test-group-pass
View File

@@ -20,7 +20,7 @@
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=4444
PORT=6552
. `dirname $0`/common.sh

4
tests/test-group-pass.config
View File

@@ -26,8 +26,8 @@ max-clients = 16
max-same-clients = 2
# TCP and UDP port number
tcp-port = 4444
udp-port = 4444
tcp-port = 6552
udp-port = 6552
# Keepalive in seconds
keepalive = 32400

66
tests/test-pass-group-cert Executable file
View File

@@ -0,0 +1,66 @@
#!/bin/sh
#
# Copyright (C) 2013 Nikos Mavrogiannopoulos
#
# This file is part of ocserv.
#
# ocserv is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# ocserv is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
SERV="${SERV:-../src/ocserv}"
srcdir=${srcdir:-.}
PORT=6551
. `dirname $0`/common.sh
echo "Testing local backend with username-password and certificate... "
launch_server -d 1 -f -c test-user-group-cert.config & PID=$!
wait_server $PID
echo -n "Connecting to obtain cookie (without certificate)... "
( echo "test" | openconnect --authgroup group1 -q localhost:$PORT -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
fail $PID "Connected without certificate!"
echo ok
echo -n "Connecting to obtain cookie - group1 (with certificate)... "
( echo "test" | openconnect --authgroup group1 -q localhost:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
fail $PID "Could not connect with certificate!"
echo ok
echo -n "Connecting to obtain cookie - group2 (with certificate)... "
( echo "test" | openconnect --authgroup group2 -q localhost:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
fail $PID "Could not connect with certificate!"
echo ok
echo -n "Connecting to obtain cookie - group3 (hidden) (with certificate)... "
( echo "test" | openconnect --authgroup group3 -q localhost:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) ||
fail $PID "Could not connect with certificate!"
echo ok
echo -n "Connecting to obtain cookie - group4 (with certificate)... "
( echo "test" | openconnect --authgroup group4 -q localhost:$PORT --sslkey ./user-group-key.pem -c ./user-group-cert.pem -u test --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly >/dev/null 2>&1 ) &&
fail $PID "Got cookie when it shouldn't!"
echo ok
kill $PID
wait
exit 0

191
tests/test-user-group-cert.config Normal file
View File

@@ -0,0 +1,191 @@
# User authentication method. Could be set multiple times and in that case
# all should succeed.
# Options: certificate, pam.
auth = "certificate"
auth = "plain[./test-group.passwd]"
#auth = "pam"
select-group = group1
select-group = group2
# The name of the group that if selected it would allow to use
# the assigned by default group.
default-select-group = DEFAULT
# A banner to be displayed on clients
#banner = "Welcome"
# Use listen-host to limit to specific IPs or to the IPs of a provided hostname.
#listen-host = [IP|HOSTNAME]
use-dbus = no
# Limit the number of clients. Unset or set to zero for unlimited.
#max-clients = 1024
max-clients = 16
# Limit the number of client connections to one every X milliseconds
# (X is the provided value). Set to zero for no limit.
#rate-limit-ms = 100
# Limit the number of identical clients (i.e., users connecting multiple times)
# Unset or set to zero for unlimited.
max-same-clients = 2
# TCP and UDP port number
tcp-port = 6551
udp-port = 6551
# Keepalive in seconds
keepalive = 32400
# Dead peer detection in seconds
dpd = 440
# MTU discovery (DPD must be enabled)
try-mtu-discovery = false
# The key and the certificates of the server
# The key may be a file, or any URL supported by GnuTLS (e.g.,
# tpmkey:uuid=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx;storage=user
# or pkcs11:object=my-vpn-key;object-type=private)
#
# There may be multiple certificate and key pairs and each key
# should correspond to the preceding certificate.
server-cert = ./server-cert.pem
server-key = ./server-key.pem
# Diffie-Hellman parameters. Only needed if you require support
# for the DHE ciphersuites (by default this server supports ECDHE).
# Can be generated using:
# certtool --generate-dh-params --outfile /path/to/dh.pem
#dh-params = /path/to/dh.pem
# If you have a certificate from a CA that provides an OCSP
# service you may provide a fresh OCSP status response within
# the TLS handshake. That will prevent the client from connecting
# independently on the OCSP server.
# You can update this response periodically using:
# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response
# Make sure that you replace the following file in an atomic way.
#ocsp-response = /path/to/ocsp.der
# In case PKCS #11 or TPM keys are used the PINs should be available
# in files. The srk-pin-file is applicable to TPM keys only (It's the storage
# root key).
#pin-file = /path/to/pin.txt
#srk-pin-file = /path/to/srkpin.txt
# The Certificate Authority that will be used
# to verify clients if certificate authentication
# is set.
ca-cert = ./ca.pem
# The object identifier that will be used to read the user ID in the client certificate.
# The object identifier should be part of the certificate's DN
# Useful OIDs are:
# CN = 2.5.4.3, UID = 0.9.2342.19200300.100.1.1
cert-user-oid = 0.9.2342.19200300.100.1.1
# The object identifier that will be used to read the user group in the client
# certificate. The object identifier should be part of the certificate's DN
# Useful OIDs are:
# OU (organizational unit) = 2.5.4.11
cert-group-oid = 2.5.4.11
# A revocation list of ca-cert is set
#crl = /path/to/crl.pem
# GnuTLS priority string
tls-priorities = "PERFORMANCE:%SERVER_PRECEDENCE:%COMPAT"
# To enforce perfect forward secrecy (PFS) on the main channel.
#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA"
# The time (in seconds) that a client is allowed to stay connected prior
# to authentication
auth-timeout = 40
# The time (in seconds) that a client is not allowed to reconnect after
# a failed authentication attempt.
#min-reauth-time = 2
# Cookie validity time (in seconds)
# Once a client is authenticated he's provided a cookie with
# which he can reconnect. This option sets the maximum lifetime
# of that cookie.
cookie-validity = 172800
# Script to call when a client connects and obtains an IP
# Parameters are passed on the environment.
# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client),
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client). REASON
# may be "connect" or "disconnect".
#connect-script = /usr/bin/myscript
#disconnect-script = /usr/bin/myscript
# UTMP
use-utmp = true
# PID file
pid-file = /var/run/ocserv.pid
# The default server directory. Does not require any devices present.
#chroot-dir = /path/to/chroot
# socket file used for IPC, will be appended with .PID
# It must be accessible within the chroot environment (if any)
socket-file = /var/run/ocserv-socket
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = nobody
run-as-group = daemon
# Network settings
device = vpns
# The default domain to be advertised
default-domain = example.com
ipv4-network = 192.168.1.0
ipv4-netmask = 255.255.255.0
# Use the keywork local to advertize the local P-t-P address as DNS server
ipv4-dns = 192.168.1.1
# The NBNS server (if any)
#ipv4-nbns = 192.168.2.3
#ipv6-address =
#ipv6-mask =
#ipv6-dns =
# Prior to leasing any IP from the pool ping it to verify that
# it is not in use by another (unrelated to this server) host.
ping-leases = false
# Leave empty to assign the default MTU of the device
# mtu =
route = 192.168.1.0/255.255.255.0
#route = 192.168.5.0/255.255.255.0
#
# The following options are for (experimental) AnyConnect client
# compatibility. They are only available if the server is built
# with --enable-anyconnect
#
# Client profile xml. A sample file exists in doc/profile.xml.
# This file must be accessible from inside the worker's chroot.
# The profile is ignored by the openconnect client.
#user-profile = profile.xml
# Unless set to false it is required for clients to present their
# certificate even if they are authenticating via a previously granted
# cookie. Legacy CISCO clients do not do that, and thus this option
# should be set for them.
cisco-client-compat = true

23
tests/user-group-cert.pem Normal file
View File

@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID3DCCApSgAwIBAgIMU3tU9RhMf+MbW2mxMA0GCSqGSIb3DQEBCwUAMA0xCzAJ
BgNVBAMTAkNBMCIYDzIwMTQwNTIwMTMxMzI1WhgPOTk5OTEyMzEyMzU5NTlaMIGe
MRQwEgYKCZImiZPyLGQBARMEdGVzdDEPMA0GA1UECxMGZ3JvdXAxMQ8wDQYDVQQL
EwZncm91cDIxDzANBgNVBAsTBmdyb3VwMzEPMA0GA1UECxMGZ3JvdXA0MQ8wDQYD
VQQKEwZncm91cDExDzANBgNVBAoTBmdyb3VwMjEPMA0GA1UEChMGZ3JvdXAzMQ8w
DQYDVQQKEwZncm91cDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe
qsNOIRSzgtjESfw/Pgo+S97fPvLw5T5EcMjXQBbmhxj5aMSvgIhRlzP7B+e/P0o6
IB9Rc33Clh9kV5bD2O1h+bGcusInzieL8SjHDysw10bj6fzX7Xt716Z7qExMKhxV
8I3YBW/0bIKUTyhckAAntEZgenBF5BZPZuZ81ml+dynH6GKvXX6EI0C6HTH+AoUt
CIORFjPvXrpCAApjepQMsZGdE+5ao/shBuAG/IVb61Nr9wNKJA538U2Eo2dhTjga
EZK7XUBqLA0nHziyhBsLR3zz9LX+XqXXQjIqsvayKoIVO08owUYs2mub9YW7Bxhv
zv6+G4QMDFt/O6tMsr/DAgMBAAGjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAww
CgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU1O0/KEuSG0y1
V8HL6oo44ui9WCowHwYDVR0jBBgwFoAUSCM0UwqJMThKWurKttKm3s4dKxgwDQYJ
KoZIhvcNAQELBQADggExADYzV03MSZgmg2EfTb/kv+AUtqM/+ue2JnBwiDaxqNxG
+tfJgf6pxKS2t4U9PT8PvfIq/QGlBtC+Kc7iTxCRy4LE53+VSe4tU3LOmeCRXQKr
jULyVU73+ls6xDUXGYGFs3IrzdCvu7wUO7T2sflKMfsKlDqd6iBM9fccbyh+WiFr
/EVfEVw37CYcH7cDXMpW8RRR+Tfxnn1dYymSDSSgH4aNgAHX91kGXYF2ow0pq3zq
GwDhvjCoqIVoFpFjF6hPSQOVNE6mW6SX7R+G+aWrmqDFdOiYH4I+gf8itCxRKShD
yBrEYJAUlAmoBCRGcim0vB/RdUxud1EHQdYCJoTyMB5HbIdNlr7PktKfvd1RWW+Y
8y26fO+DTJ4y5VZNT2cLWNcrrXeEASq/TYfxCuKoUnk=
-----END CERTIFICATE-----

144
tests/user-group-key.pem Normal file
View File

@@ -0,0 +1,144 @@
Public Key Info:
Public Key Algorithm: RSA
Key Security Level: Legacy (2048 bits)
modulus:
00:de:aa:c3:4e:21:14:b3:82:d8:c4:49:fc:3f:3e:
0a:3e:4b:de:df:3e:f2:f0:e5:3e:44:70:c8:d7:40:
16:e6:87:18:f9:68:c4:af:80:88:51:97:33:fb:07:
e7:bf:3f:4a:3a:20:1f:51:73:7d:c2:96:1f:64:57:
96:c3:d8:ed:61:f9:b1:9c:ba:c2:27:ce:27:8b:f1:
28:c7:0f:2b:30:d7:46:e3:e9:fc:d7:ed:7b:7b:d7:
a6:7b:a8:4c:4c:2a:1c:55:f0:8d:d8:05:6f:f4:6c:
82:94:4f:28:5c:90:00:27:b4:46:60:7a:70:45:e4:
16:4f:66:e6:7c:d6:69:7e:77:29:c7:e8:62:af:5d:
7e:84:23:40:ba:1d:31:fe:02:85:2d:08:83:91:16:
33:ef:5e:ba:42:00:0a:63:7a:94:0c:b1:91:9d:13:
ee:5a:a3:fb:21:06:e0:06:fc:85:5b:eb:53:6b:f7:
03:4a:24:0e:77:f1:4d:84:a3:67:61:4e:38:1a:11:
92:bb:5d:40:6a:2c:0d:27:1f:38:b2:84:1b:0b:47:
7c:f3:f4:b5:fe:5e:a5:d7:42:32:2a:b2:f6:b2:2a:
82:15:3b:4f:28:c1:46:2c:da:6b:9b:f5:85:bb:07:
18:6f:ce:fe:be:1b:84:0c:0c:5b:7f:3b:ab:4c:b2:
bf:c3:
public exponent:
01:00:01:
private exponent:
00:83:a8:d6:e8:b8:98:c3:f8:07:72:31:09:0c:e0:
03:30:88:ae:14:b4:e4:f3:59:a9:72:d0:79:81:05:
2d:45:4b:f6:91:6a:c8:79:b9:77:61:3f:15:86:46:
4b:5a:82:f2:c1:e1:c2:82:e7:d6:21:9b:a0:9e:35:
48:39:2f:68:55:79:4d:f3:0d:5e:c6:28:98:ab:9f:
81:ec:09:e5:10:f1:09:c2:b3:d5:44:5b:f0:9a:ee:
8d:4b:2a:dd:4a:5f:cf:f7:64:d0:8a:3d:d4:cf:e2:
e5:67:0a:53:24:40:25:47:54:ca:14:3b:f1:6c:f2:
0b:db:11:4e:11:dc:b9:ee:03:2f:04:5b:2f:b6:a2:
27:72:83:1a:d5:a7:a8:4f:1b:b8:73:fe:73:ce:a5:
cc:a9:15:5f:b7:ab:2f:50:86:89:5d:1e:a4:be:ed:
00:89:fb:fa:9b:f3:d4:ce:5f:37:b3:91:56:70:16:
cf:2e:75:20:23:c2:ad:9d:22:69:bf:fc:c0:08:08:
a5:57:d7:31:07:7d:47:81:3e:0a:af:91:8d:2e:f7:
5b:8b:58:2b:eb:50:d8:b0:ba:a3:cb:2d:76:0d:99:
c6:0a:e8:98:83:e3:7c:a6:c6:6b:12:ff:ba:b8:b1:
15:5e:33:f4:78:bd:d5:6f:d8:c4:b2:ae:8e:49:51:
db:59:
prime1:
00:e1:18:84:de:1d:2a:70:dc:23:eb:d4:6a:54:79:
5a:8f:4e:56:c7:76:55:ee:60:d9:fb:23:72:6d:9b:
bd:d8:76:0d:e0:18:d4:25:6f:0c:11:99:77:6b:d7:
d8:27:1d:d2:9d:15:c4:ee:df:37:dd:fd:c8:fc:e5:
16:f5:2e:b9:1e:27:2a:4d:f6:fe:8b:c0:e2:20:ad:
20:79:8c:8b:bd:c7:f1:eb:5d:e3:d9:2b:5c:b8:27:
cc:0c:3c:74:ef:9e:07:d0:6c:fc:8b:34:83:8e:70:
de:5a:6e:60:4d:8d:da:79:7d:34:9e:5a:61:d8:68:
03:92:a8:d7:c2:ca:71:15:8d:
prime2:
00:fd:3c:e1:77:55:52:cb:c6:25:12:2e:98:83:59:
c1:34:b7:a3:79:1f:6c:9e:f5:d5:7d:66:58:22:7a:
e4:da:7b:4f:27:5b:0d:d6:9a:1b:ad:5c:27:78:fa:
9d:88:90:56:7e:81:13:4a:ee:51:cb:ef:db:2f:23:
21:e1:84:73:65:5f:ca:4d:df:b9:17:fd:23:e7:95:
9e:74:38:f2:cd:af:6f:94:b3:20:f7:8b:1e:99:84:
7f:aa:13:c8:bb:4a:7e:3f:05:40:33:eb:b4:ac:67:
1e:b1:0d:cd:26:6a:7e:be:40:c0:d2:14:3c:8a:2b:
39:51:38:9e:0c:e2:42:0e:8f:
coefficient:
00:bb:09:3f:e0:20:32:d6:ec:d0:c0:3c:7f:f7:d8:
14:74:ec:8d:a0:95:05:bd:98:a8:4a:f2:fd:01:d2:
2a:80:0b:bb:3e:cd:18:ad:f5:5a:af:d6:14:24:72:
01:99:05:38:1e:c1:c2:37:ae:61:c6:72:dc:4b:f7:
d6:65:e3:0d:47:ac:51:89:6b:2a:14:d5:88:82:6f:
83:1e:1b:50:be:33:cc:43:d0:dd:e0:9c:a4:4c:30:
e7:02:f3:36:39:1a:51:a5:dc:db:33:4e:5b:9e:e9:
34:51:c0:70:76:f0:16:9f:d9:7f:42:9a:61:d1:68:
9b:7c:b9:09:d0:ad:ac:d2:5c:
exp1:
00:c9:39:9d:15:de:e6:e0:eb:bb:65:08:88:61:a9:
f6:ce:23:8f:2a:52:dc:70:f4:be:09:67:5f:d5:22:
a4:2d:8d:23:cc:51:05:dd:cd:0e:f1:f0:ca:b4:6a:
c9:bd:f6:48:20:cb:a4:38:92:ee:23:92:cb:89:60:
d7:0c:2a:4f:ac:e8:00:46:a0:66:5f:d2:f7:93:94:
91:72:77:b5:38:dc:34:a5:5f:52:e0:02:86:a9:ce:
51:f8:22:57:bb:1a:00:0c:50:51:d7:b4:03:63:63:
fd:32:c4:77:6c:fd:41:f0:d7:80:21:8b:d4:ea:9b:
d9:8d:d3:48:c6:c7:29:1e:c5:
exp2:
73:c8:3e:1d:dd:78:f9:8a:22:b0:e9:74:f9:b9:33:
c8:f2:9d:5f:67:aa:b6:13:18:05:39:a1:da:41:ee:
18:a6:80:4e:32:27:65:93:18:4c:6e:f1:ed:32:48:
8c:83:d1:c8:0d:23:d1:02:9d:8b:6c:a2:fe:2e:45:
f3:62:27:90:95:f7:5d:1b:88:f9:1a:d8:2b:ae:10:
c0:7a:b9:28:a9:a9:8e:87:47:ef:66:40:1b:58:a5:
36:11:cd:99:34:39:fc:7e:5e:18:5f:10:40:32:f5:
a9:65:f2:02:3a:76:b0:6d:d2:bb:3a:5d:63:9e:d7:
99:f7:14:ec:37:16:94:a9:
Public Key ID: D4:ED:3F:28:4B:92:1B:4C:B5:57:C1:CB:EA:8A:38:E2:E8:BD:58:2A
Public key's random art:
+--[ RSA 2048]----+
| .. |
| . . .. |
| . o .... |
| . . o .o |
| S . o. |
| o . ..o |
| . = o.. o |
|E *. .. * o. . |
| o=.+o..o o. |
+-----------------+
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA3qrDTiEUs4LYxEn8Pz4KPkve3z7y8OU+RHDI10AW5ocY+WjE
r4CIUZcz+wfnvz9KOiAfUXN9wpYfZFeWw9jtYfmxnLrCJ84ni/Eoxw8rMNdG4+n8
1+17e9eme6hMTCocVfCN2AVv9GyClE8oXJAAJ7RGYHpwReQWT2bmfNZpfncpx+hi
r11+hCNAuh0x/gKFLQiDkRYz7166QgAKY3qUDLGRnRPuWqP7IQbgBvyFW+tTa/cD
SiQOd/FNhKNnYU44GhGSu11AaiwNJx84soQbC0d88/S1/l6l10IyKrL2siqCFTtP
KMFGLNprm/WFuwcYb87+vhuEDAxbfzurTLK/wwIDAQABAoIBAQCDqNbouJjD+Ady
MQkM4AMwiK4UtOTzWaly0HmBBS1FS/aRash5uXdhPxWGRktagvLB4cKC59Yhm6Ce
NUg5L2hVeU3zDV7GKJirn4HsCeUQ8QnCs9VEW/Ca7o1LKt1KX8/3ZNCKPdTP4uVn
ClMkQCVHVMoUO/Fs8gvbEU4R3LnuAy8EWy+2oidygxrVp6hPG7hz/nPOpcypFV+3
qy9QholdHqS+7QCJ+/qb89TOXzezkVZwFs8udSAjwq2dImm//MAICKVX1zEHfUeB
PgqvkY0u91uLWCvrUNiwuqPLLXYNmcYK6JiD43ymxmsS/7q4sRVeM/R4vdVv2MSy
ro5JUdtZAoGBAOEYhN4dKnDcI+vUalR5Wo9OVsd2Ve5g2fsjcm2bvdh2DeAY1CVv
DBGZd2vX2Ccd0p0VxO7fN939yPzlFvUuuR4nKk32/ovA4iCtIHmMi73H8etd49kr
XLgnzAw8dO+eB9Bs/Is0g45w3lpuYE2N2nl9NJ5aYdhoA5Ko18LKcRWNAoGBAP08
4XdVUsvGJRIumINZwTS3o3kfbJ711X1mWCJ65Np7TydbDdaaG61cJ3j6nYiQVn6B
E0ruUcvv2y8jIeGEc2Vfyk3fuRf9I+eVnnQ48s2vb5SzIPeLHpmEf6oTyLtKfj8F
QDPrtKxnHrENzSZqfr5AwNIUPIorOVE4ngziQg6PAoGBAMk5nRXe5uDru2UIiGGp
9s4jjypS3HD0vglnX9UipC2NI8xRBd3NDvHwyrRqyb32SCDLpDiS7iOSy4lg1wwq
T6zoAEagZl/S95OUkXJ3tTjcNKVfUuAChqnOUfgiV7saAAxQUde0A2Nj/TLEd2z9
QfDXgCGL1Oqb2Y3TSMbHKR7FAoGAc8g+Hd14+YoisOl0+bkzyPKdX2eqthMYBTmh
2kHuGKaATjInZZMYTG7x7TJIjIPRyA0j0QKdi2yi/i5F82InkJX3XRuI+RrYK64Q
wHq5KKmpjodH72ZAG1ilNhHNmTQ5/H5eGF8QQDL1qWXyAjp2sG3SuzpdY57XmfcU
7DcWlKkCgYEAuwk/4CAy1uzQwDx/99gUdOyNoJUFvZioSvL9AdIqgAu7Ps0YrfVa
r9YUJHIBmQU4HsHCN65hxnLcS/fWZeMNR6xRiWsqFNWIgm+DHhtQvjPMQ9Dd4Jyk
TDDnAvM2ORpRpdzbM05bnuk0UcBwdvAWn9l/Qpph0WibfLkJ0K2s0lw=
-----END RSA PRIVATE KEY-----