source: examples/passphrase_tests/creddy_prover/acme_rockets_rt0/README @ d0efdec

#!/bin/sh
#
# The example makes use of 2 principals, Acme and Coyote.
#
# This example shows a very simple delegation of roles by Acme.  Acme's
# buy_rockets role includes all of Acme's preferred customers.  The example
# creates the principals and 2 credentials.  Credential 1 encodes the policy
# that all of Acme's preferred customers can buy rockets from Acme and
# Credential 2 defines the Coyote as an Acme preferred customer.
#
# In addition, Acme principal credential is base on a private key that is
# encrypted with a passphrase (this is made by using an externally generated
# private key using openssl)
# 

# The ./run_query script issues queries to show that the Coyote is both a preferred
# customer and can buy rockets.  Two invalid queries are also made, checking if
# Acme is the Coyote's friend, which it isn't and whether a query about
# something other than a principal works (it doesn't).

# acme_rockets_rt0

creddy --generate --cn Acme --key Acme_private.pem --p=pfile
creddy --generate --cn Coyote

#[keyid:Acme].role:buy_rockets <- [keyid:Acme].role:preferred_customer 
# Credential 1
creddy --attribute \
       --issuer Acme_ID.pem --key Acme_private.pem --p=pfile --role buy_rockets \
       --subject-cert Acme_ID.pem --subject-role preferred_customer \
       --out Acme_buy_rockets__Acme_preferred_customer_attr.der

#[keyid:Acme].role:preferred_customer <- [keyid:Coyote]
# Credential 2
creddy --attribute \
       --issuer Acme_ID.pem --key Acme_private.pem  --p=pfile --role preferred_customer \
       --subject-cert Coyote_ID.pem \
       --out Acme_preferred_customer__Coyote_attr.der