#!/bin/sh

# BUG: Cannot create 32768 bit RSA key signed certificates

# OpenSSL 1.1.0j  20 Nov 2018
openssl version

# Create KEY: Does work
# Use this file if you don't want to generate it yourself: https://www.viathinksoft.de/~daniel-marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/private.key
#openssl genrsa -out "private.key" 32768

# Create CSR: Does work
# Use this file if you don't want to generate it yourself: https://www.viathinksoft.de/~daniel-marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/root-ca.csr
openssl req -out root-ca.csr -extensions v3_ca_root -new -key private.key -sha1 -config openssl.cnf -subj "/O=ViaThinkSoft/OU=Research/C=DE/emailAddress=daniel-marschall@viathinksoft.de/CN=ViaThinkSoft RSA-Size Test Certificate (32768 bits)"
openssl req -in root-ca.csr -noout -text > csr_dump.txt

# Sign CSR: ERROR
# Output:
#             Using configuration from openssl.cnf
#             Check that the request matches the signature
#             Certificate request and CA private key do not match
#             140355982610496:error:04067069:rsa routines:rsa_ossl_public_decrypt:modulus too large:../crypto/rsa/rsa_ossl.c:496:
#             140355982610496:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../crypto/asn1/a_verify.c:171:
openssl ca -extensions v3_ca_root -days 1 -notext -out ca_root/certs/cacert.pem -in root-ca.csr -config openssl.cnf -name CA_root -selfsign -batch