This project should be an useful example of using OpenSSL to manipulate X.509 certificates and CSRs using custom extensions.
The included tools, commitment_req and commitment_chk,
implement the Pedersen commitment scheme in this way:
- commitment_req calculates and inserts into a CSR the "commitment" value
- commitment_chk verifies the commitment value inserted into a CSR or a signed certificate, when the CA accepts the CSR and releases it
The entire process, including the CA setup, can be tested with the included bash
script testing.sh.
You obviously need the OpenSSL libraries and the openssl utility installed on your
system to compile the sources and run the script.
Source code is available for download:
source code archive source code repository