Updated demo for certificate free scheme

2024-04-24 20:03:05 +08:00 · 2024-04-24 20:03:05 +08:00 · c643c35959
parent 53b4b70ed7
commit c643c35959
38 changed files with 426 additions and 578 deletions
--- a/blockDB_1408/000025.log
+++ b/blockDB_1408/000025.log
--- a/blockDB_1408/000027.ldb
+++ b/blockDB_1408/000027.ldb
--- a/blockDB_1408/000066.ldb
+++ b/blockDB_1408/000066.ldb
--- a/blockDB_1408/000067.ldb
+++ b/blockDB_1408/000067.ldb
--- a/blockDB_1408/000070.ldb
+++ b/blockDB_1408/000070.ldb
--- a/blockDB_1408/000071.log
+++ b/blockDB_1408/000071.log
--- a/blockDB_1408/CURRENT
+++ b/blockDB_1408/CURRENT
@ -1 +1 @@
-MANIFEST-000026
+MANIFEST-000072
--- a/blockDB_1408/CURRENT.bak
+++ b/blockDB_1408/CURRENT.bak
@ -1 +1 @@
-MANIFEST-000023
+MANIFEST-000069
--- a/blockDB_1408/LOG
+++ b/blockDB_1408/LOG
@ -119,3 +119,198 @@
 17:03:47.581763 table@remove removed @14
 17:03:47.659984 db@close closing
 17:03:47.659984 db@close done T·0s
 =============== Apr 24, 2024 (CST) ===============
 17:09:09.011462 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 17:09:09.012460 version@stat F·[0 1] S·68KiB[0B 68KiB] Sc·[0.00 0.00]
 17:09:09.012460 db@open opening
 17:09:09.013458 journal@recovery F·1
 17:09:09.013458 journal@recovery recovering @25
 17:09:09.019458 memdb@flush created L0@28 N·16 S·67KiB "blo..\xe3\x12},v152":"blo..n\x01\x03,d148"
 17:09:09.020457 version@stat F·[1 1] S·136KiB[67KiB 68KiB] Sc·[0.25 0.00]
 17:09:09.034593 db@janitor F·4 G·0
 17:09:09.034593 db@open done T·22.1328ms
 17:09:09.961728 db@close closing
 17:09:09.961728 db@close done T·0s
 =============== Apr 24, 2024 (CST) ===============
 17:09:27.104288 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 17:09:27.104288 version@stat F·[1 1] S·136KiB[67KiB 68KiB] Sc·[0.25 0.00]
 17:09:27.104288 db@open opening
 17:09:27.105307 journal@recovery F·1
 17:09:27.105307 journal@recovery recovering @29
 17:09:27.111293 memdb@flush created L0@31 N·18 S·75KiB "blo..\xe3\x12},d158":"blo..n\x01\x04,v174"
 17:09:27.112284 version@stat F·[2 1] S·212KiB[143KiB 68KiB] Sc·[0.50 0.00]
 17:09:27.128890 db@janitor F·5 G·0
 17:09:27.128890 db@open done T·23.583ms
 17:09:27.807201 db@close closing
 17:09:27.807201 db@close done T·0s
 =============== Apr 24, 2024 (CST) ===============
 17:09:56.641158 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 17:09:56.642191 version@stat F·[2 1] S·212KiB[143KiB 68KiB] Sc·[0.50 0.00]
 17:09:56.642191 db@open opening
 17:09:56.642191 journal@recovery F·1
 17:09:56.642709 journal@recovery recovering @32
 17:09:56.648645 memdb@flush created L0@34 N·18 S·71KiB "blo..\xc2~\x17,v190":"blo..n\x01\x04,d186"
 17:09:56.649171 version@stat F·[3 1] S·283KiB[214KiB 68KiB] Sc·[0.75 0.00]
 17:09:56.662903 db@janitor F·6 G·0
 17:09:56.662903 db@open done T·20.7126ms
 17:09:57.364677 db@close closing
 17:09:57.364677 db@close done T·0s
 =============== Apr 24, 2024 (CST) ===============
 17:10:26.012152 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 17:10:26.013152 version@stat F·[3 1] S·283KiB[214KiB 68KiB] Sc·[0.75 0.00]
 17:10:26.013152 db@open opening
 17:10:26.013152 journal@recovery F·1
 17:10:26.013152 journal@recovery recovering @35
 17:10:26.018226 memdb@flush created L0@37 N·16 S·62KiB "blo..\xc2~\x17,d196":"blo..n\x01\x03,d203"
 17:10:26.019153 version@stat F·[4 1] S·345KiB[276KiB 68KiB] Sc·[1.00 0.00]
 17:10:26.032151 db@janitor F·7 G·0
 17:10:26.032151 db@open done T·18.999ms
 17:10:26.032151 table@compaction L0·4 -> L1·1 S·345KiB Q·212
 17:10:26.038263 table@build created L1@40 N·8 S·61KiB "blo..\xfai\x9f,v205":"blo..n\x01\x03,v210"
 17:10:26.038263 version@stat F·[0 1] S·61KiB[0B 61KiB] Sc·[0.00 0.00]
 17:10:26.043269 table@compaction committed F-4 S-283KiB Ke·0 D·68 T·11.1186ms
 17:10:26.043269 table@remove removed @37
 17:10:26.043269 table@remove removed @34
 17:10:26.044270 table@remove removed @31
 17:10:26.044270 table@remove removed @28
 17:10:26.044270 table@remove removed @27
 17:10:26.124762 db@close closing
 17:10:26.124762 db@close done T·0s
 =============== Apr 24, 2024 (CST) ===============
 17:17:45.763187 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 17:17:45.763187 version@stat F·[0 1] S·61KiB[0B 61KiB] Sc·[0.00 0.00]
 17:17:45.763187 db@open opening
 17:17:45.764184 journal@recovery F·1
 17:17:45.764184 journal@recovery recovering @38
 17:17:45.770184 memdb@flush created L0@41 N·16 S·65KiB "blo..rD2,v228":"blo..n\x01\x03,d220"
 17:17:45.770184 version@stat F·[1 1] S·127KiB[65KiB 61KiB] Sc·[0.25 0.00]
 17:17:45.782298 db@janitor F·4 G·0
 17:17:45.782298 db@open done T·19.1116ms
 17:17:46.502609 db@close closing
 17:17:46.503125 db@close done T·516.6µs
 =============== Apr 24, 2024 (CST) ===============
 17:18:00.236070 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 17:18:00.240071 version@stat F·[1 1] S·127KiB[65KiB 61KiB] Sc·[0.25 0.00]
 17:18:00.240071 db@open opening
 17:18:00.241069 journal@recovery F·1
 17:18:00.241069 journal@recovery recovering @42
 17:18:00.247082 memdb@flush created L0@44 N·18 S·73KiB "blo..\xbfl9,v245":"blo..n\x01\x04,v246"
 17:18:00.247082 version@stat F·[2 1] S·200KiB[139KiB 61KiB] Sc·[0.50 0.00]
 17:18:00.262002 db@janitor F·5 G·0
 17:18:00.262002 db@open done T·21.9309ms
 17:18:01.046339 db@close closing
 17:18:01.046359 db@close done T·20.6µs
 =============== Apr 24, 2024 (CST) ===============
 17:18:06.080866 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 17:18:06.081874 version@stat F·[2 1] S·200KiB[139KiB 61KiB] Sc·[0.50 0.00]
 17:18:06.081874 db@open opening
 17:18:06.082876 journal@recovery F·1
 17:18:06.083867 journal@recovery recovering @45
 17:18:06.089950 memdb@flush created L0@47 N·18 S·66KiB "blo..\xbfl9,d249":"blo..n\x01\x04,d258"
 17:18:06.089950 version@stat F·[3 1] S·267KiB[205KiB 61KiB] Sc·[0.75 0.00]
 17:18:06.104660 db@janitor F·6 G·0
 17:18:06.104660 db@open done T·22.7862ms
 17:18:06.878774 db@close closing
 17:18:06.878774 db@close done T·0s
 =============== Apr 24, 2024 (CST) ===============
 17:18:13.274556 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 17:18:13.275625 version@stat F·[3 1] S·267KiB[205KiB 61KiB] Sc·[0.75 0.00]
 17:18:13.275625 db@open opening
 17:18:13.275625 journal@recovery F·1
 17:18:13.277563 journal@recovery recovering @48
 17:18:13.282557 memdb@flush created L0@50 N·18 S·72KiB "blo..z\x1a\a,v285":"blo..n\x01\x04,v284"
 17:18:13.282557 version@stat F·[4 1] S·339KiB[278KiB 61KiB] Sc·[1.00 0.00]
 17:18:13.296389 db@janitor F·7 G·0
 17:18:13.296389 db@open done T·20.7636ms
 17:18:13.296389 table@compaction L0·4 -> L1·1 S·339KiB Q·286
 17:18:13.306110 table@build created L1@53 N·10 S·72KiB "blo..z\x1a\a,v285":"blo..n\x01\x04,v284"
 17:18:13.306632 version@stat F·[0 1] S·72KiB[0B 72KiB] Sc·[0.00 0.00]
 17:18:13.312772 table@compaction committed F-4 S-267KiB Ke·0 D·68 T·16.3828ms
 17:18:13.313291 table@remove removed @50
 17:18:13.313291 table@remove removed @47
 17:18:13.313967 table@remove removed @44
 17:18:13.314517 table@remove removed @41
 17:18:13.315068 table@remove removed @40
 17:18:14.055220 db@close closing
 17:18:14.055220 db@close done T·0s
 =============== Apr 24, 2024 (CST) ===============
 19:54:20.229269 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 19:54:20.231394 version@stat F·[0 1] S·72KiB[0B 72KiB] Sc·[0.00 0.00]
 19:54:20.231394 db@open opening
 19:54:20.231911 journal@recovery F·1
 19:54:20.232433 journal@recovery recovering @51
 19:54:20.237479 memdb@flush created L0@54 N·18 S·66KiB "blo..z\x1a\a,d287":"blo..n\x01\x04,d296"
 19:54:20.238010 version@stat F·[1 1] S·138KiB[66KiB 72KiB] Sc·[0.25 0.00]
 19:54:20.252522 db@janitor F·4 G·0
 19:54:20.252522 db@open done T·21.1286ms
 19:54:20.928773 db@close closing
 19:54:20.929279 db@close done T·505.8µs
 =============== Apr 24, 2024 (CST) ===============
 19:54:31.119695 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 19:54:31.120697 version@stat F·[1 1] S·138KiB[66KiB 72KiB] Sc·[0.25 0.00]
 19:54:31.120697 db@open opening
 19:54:31.121692 journal@recovery F·1
 19:54:31.121692 journal@recovery recovering @55
 19:54:31.126713 memdb@flush created L0@57 N·18 S·51KiB "blo..\x1d\"\n,d306":"blo..n\x01\x04,v322"
 19:54:31.128805 version@stat F·[2 1] S·189KiB[117KiB 72KiB] Sc·[0.50 0.00]
 19:54:31.143830 db@janitor F·5 G·0
 19:54:31.144354 db@open done T·23.6573ms
 19:54:31.864438 db@close closing
 19:54:31.864958 db@close done T·520.5µs
 =============== Apr 24, 2024 (CST) ===============
 19:55:26.323881 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 19:55:26.324880 version@stat F·[2 1] S·189KiB[117KiB 72KiB] Sc·[0.50 0.00]
 19:55:26.324880 db@open opening
 19:55:26.324880 journal@recovery F·1
 19:55:26.325881 journal@recovery recovering @58
 19:55:26.330881 memdb@flush created L0@60 N·20 S·50KiB "blo..d)\",v344":"blo..n\x01\x04,d334"
 19:55:26.331882 version@stat F·[3 1] S·239KiB[167KiB 72KiB] Sc·[0.75 0.00]
 19:55:26.344884 db@janitor F·6 G·0
 19:55:26.345696 db@open done T·20.0031ms
 19:55:27.102793 db@close closing
 19:55:27.102793 db@close done T·0s
 =============== Apr 24, 2024 (CST) ===============
 19:57:45.814044 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 19:57:45.815129 version@stat F·[3 1] S·239KiB[167KiB 72KiB] Sc·[0.75 0.00]
 19:57:45.815129 db@open opening
 19:57:45.815129 journal@recovery F·1
 19:57:45.815655 journal@recovery recovering @61
 19:57:45.820025 memdb@flush created L0@63 N·20 S·52KiB "blo..®L,v359":"blo..n\x01\x04,d355"
 19:57:45.821083 version@stat F·[4 1] S·292KiB[219KiB 72KiB] Sc·[1.00 0.00]
 19:57:45.835150 db@janitor F·7 G·0
 19:57:45.835150 db@open done T·20.021ms
 19:57:45.835150 table@compaction L0·4 -> L1·1 S·292KiB Q·366
 19:57:45.842602 table@build created L1@66 N·10 S·51KiB "blo..®L,v359":"blo..n\x01\x04,v364"
 19:57:45.842602 version@stat F·[0 1] S·51KiB[0B 51KiB] Sc·[0.00 0.00]
 19:57:45.848596 table@compaction committed F-4 S-240KiB Ke·0 D·76 T·13.4461ms
 19:57:45.857776 table@remove removed @63
 19:57:45.860782 table@remove removed @60
 19:57:45.862452 table@remove removed @57
 19:57:45.862961 table@remove removed @54
 19:57:45.862961 table@remove removed @53
 19:57:46.565770 db@close closing
 19:57:46.565770 db@close done T·0s
 =============== Apr 24, 2024 (CST) ===============
 19:57:53.449209 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 19:57:53.450209 version@stat F·[0 1] S·51KiB[0B 51KiB] Sc·[0.00 0.00]
 19:57:53.450209 db@open opening
 19:57:53.450209 journal@recovery F·1
 19:57:53.451210 journal@recovery recovering @64
 19:57:53.456210 memdb@flush created L0@67 N·20 S·53KiB "blo..®L,d367":"blo..n\x01\x04,d376"
 19:57:53.456210 version@stat F·[1 1] S·104KiB[53KiB 51KiB] Sc·[0.25 0.00]
 19:57:53.471209 db@janitor F·4 G·0
 19:57:53.471209 db@open done T·21.0005ms
 19:57:54.209030 db@close closing
 19:57:54.209552 db@close done T·522.3µs
 =============== Apr 24, 2024 (CST) ===============
 20:00:01.493972 log@legend F·NumFile S·FileSize N·Entry C·BadEntry B·BadBlock Ke·KeyError D·DroppedEntry L·Level Q·SeqNum T·TimeElapsed
 20:00:01.496111 version@stat F·[1 1] S·104KiB[53KiB 51KiB] Sc·[0.25 0.00]
 20:00:01.496728 db@open opening
 20:00:01.497884 journal@recovery F·1
 20:00:01.500072 journal@recovery recovering @68
 20:00:01.504961 memdb@flush created L0@70 N·20 S·54KiB "blo..\x85\x7f\xd9,d388":"blo..n\x01\x04,d397"
 20:00:01.505478 version@stat F·[2 1] S·159KiB[107KiB 51KiB] Sc·[0.50 0.00]
 20:00:01.520372 db@janitor F·5 G·0
 20:00:01.520372 db@open done T·23.644ms
 20:00:02.325750 db@close closing
 20:00:02.326281 db@close done T·530.5µs
--- a/blockDB_1408/MANIFEST-000026
+++ b/blockDB_1408/MANIFEST-000026
--- a/blockDB_1408/MANIFEST-000072
+++ b/blockDB_1408/MANIFEST-000072
--- a/cert/ca.crt
+++ b/cert/ca.crt
@ -1,20 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDMTCCAhkCFHzFTRahViooKMdq5muZolMXXgx0MA0GCSqGSIb3DQEBCwUAMFUx
 CzAJBgNVBAYTAmNuMQswCQYDVQQIDAJqeDELMAkGA1UEBwwCbmMxDDAKBgNVBAoM
 A2xrcTEMMAoGA1UECwwDbGtxMRAwDgYDVQQDDAdsa3EuY29tMB4XDTIzMDQyMDEx
 MzcyOVoXDTI0MDQxOTExMzcyOVowVTELMAkGA1UEBhMCY24xCzAJBgNVBAgMAmp4
 MQswCQYDVQQHDAJuYzEMMAoGA1UECgwDbGtxMQwwCgYDVQQLDANsa3ExEDAOBgNV
 BAMMB2xrcS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw8am5
 yyW8kWzJ4ib3wUQecDctXWaTLBC2Gry6ygaRIWSEgSIB7skoXET7a5hJ87S8sKj9
 3P+OKiLIYntHEW1jXxH9jlUiJV73jhD+4LguVXrHZgFF0e3JoGG4P5SR3jHfU/aj
 JRryltvSLR5ZMSGvac2AyQLiAA2OaLipQIeYkVCHhuMsBE7nGaEIlyu43Q6njfwp
 /QkeJ7zz3TQduP8zICR/4HGksa/bkA7JzSlmvGsjgAtD8/gXvZhKfRYEdD/1Xy/R
 GjBTWSDyr0HyH9/iP25AiL28fPdQe0FZZVbicE3lX873ya1whQQZCjepMz3bEG6g
 ydq+MJIRFq19qt0hAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC1LvQ9ly5aOMCDd
 TBYd1AYjWyKKEJw5B76+eN+eIxNhkpPlLV0GBY8vrwPf+2utXUm9WuRWOnie8hVP
 yTVvk998/gY+LJRalDs9oK5mD7o06FsZe6QPtg75kqTYTPSgSRBd7rKcIOdRx1l6
 IRM2uK5VjkwdP58GRhkcU6mg2HAWw5m8CYleFC/E0CLnoBxEp6gNJrWkja3yhWjg
 1RphpPCA8edeCSMcAXg7WzDq/4aUAtE0JlK3gU/FEzhjYlsXsk97twJvg49GR0fG
 qPpYw5jcWXvopPBgTq0s/l9wNREvDAhvW8Je/VaOTwrcIO7D7hWDS40p/EQdK+Gw
 oD8gNK0=
 -----END CERTIFICATE-----
--- a/cert/ca.csr
+++ b/cert/ca.csr
@ -1,16 +0,0 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIICmjCCAYICAQAwVTELMAkGA1UEBhMCY24xCzAJBgNVBAgMAmp4MQswCQYDVQQH
 DAJuYzEMMAoGA1UECgwDbGtxMQwwCgYDVQQLDANsa3ExEDAOBgNVBAMMB2xrcS5j
 b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw8am5yyW8kWzJ4ib3
 wUQecDctXWaTLBC2Gry6ygaRIWSEgSIB7skoXET7a5hJ87S8sKj93P+OKiLIYntH
 EW1jXxH9jlUiJV73jhD+4LguVXrHZgFF0e3JoGG4P5SR3jHfU/ajJRryltvSLR5Z
 MSGvac2AyQLiAA2OaLipQIeYkVCHhuMsBE7nGaEIlyu43Q6njfwp/QkeJ7zz3TQd
 uP8zICR/4HGksa/bkA7JzSlmvGsjgAtD8/gXvZhKfRYEdD/1Xy/RGjBTWSDyr0Hy
 H9/iP25AiL28fPdQe0FZZVbicE3lX873ya1whQQZCjepMz3bEG6gydq+MJIRFq19
 qt0hAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAYIBaAB/Uh1KX90MWUEUOO6/q
 aYWMJvNEOISzOiMwHOl9yGlfvW2Uk0FvqEhYP/j7Zdr0LJLenC72ThD6Dj1jYdUd
 J2VwOCgJyVJapHu7nXakpULdSLCx8X1WYZttjwaB602W8pykA8832BsEANeKfOoR
 j8v1E2ZetZeXIu/zxRcAkok++owF3JiDH2s+q6qfTkXkSIZD1o+ELN31pCfYdlCC
 w96FkAxO8chTeR9D0mq9aHXDSd9yhI5iIMImd+zmkGF7JqAartXlKadQpcDaDU4v
 af17yavUxpXIrXYqeh+TW4J31BCkFBgW2rdxlP+OYwy5prswxNqDn2+pKRgYfw==
 -----END CERTIFICATE REQUEST-----
--- a/cert/ca.key
+++ b/cert/ca.key
@ -1,30 +0,0 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
 MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIpxv3A9x12nMCAggA
 MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJGP0xkXZMLsBIIEyBnyKoNreuKI
 Qqn1w8kUC5WgRghNa4lC5yC1//EoIvH2oYx+K4thNAgkC/d27CpAoVAFaSiv5XJ+
 p7Qfm4s4JZPm3vJeQSg7TtE5sf35G87zW0CboTEkxX5cYlIgDXv0EPrGqgdMRY20
 wCxJp/YSGRBBgPuUk/rmsBmnALux5lMFuCsPgO898TcoS8mL/5STh3gbJqGLGnMZ
 Vk8OmKh8JRtwQT50VLf4nzug2Ro2yVbSp4dm7f/H5wSYZhfnI1oNDNOar4bHqhwn
 KZeSSQuW9afdUUl00LKTUM5Mh4QyC9Qr8dnkulz9vVQGHbybpga56o/5QA9oxZuF
 8lgsm8KnOR31r8wnrYW7igp2bW2S9rhaQooc8ltRF1WbCSJvM5pKu9+ta0DSyVs1
 gWaMyxSceieQwdvXuhW2s6ZuwpzvXB5uAr/spKO8lSOxwSD7qdHfUDUj4M6Go+d8
 jKD1T9xS4v4bmRyaYtNwvb9EESHZJJ/Y5qA6oDGCSe2uNp//T8VJ63RIBBoi742K
 La43Iwoe33fSpZ8334YUike260949HPUiXgNbueGT/ID+ggZcU/cTjbWVzfUSZfM
 bJ3fr6h5Q+0J5iQfddr/YDwS2Raa3tgmkZ0JNg6K3WfUlDwgV6G70V8HDmSP1oKc
 piLzCLkqfW1/deVdoBHOvBm52zhl4tu3cfoAZhVT8J4iyzecDfr01ZPqYx0WreFH
 j5/WBKqODUNUYJDlW7DLrSlOxAeO85Wj+sqQpb+B9d4lYuTAHRtmAjwkiBX3sM3A
 8bMh43EgH36aavXn+ep93CDGZTJ37sHsuVH+eCy/ZotyKYUI2V9on8zpNeDZgmxP
 l6W8Js97n0zG4/abaGpts8vECVFcQrqWMBVAAjDMoAETFvBYbsYxQ/VoHTrmgmxI
 WxrIINi4limhet/x+UZRSmxhoy6J3HNB7tiIgMwyPP9vfwpLAJtMEZuM2x/aZcPj
 +cV6MG/9rLod/HqAPknG5Rn9vWCSzZrssYsnioEDCyF7aYBoUuNAaGpaNHI/JGHY
 HpakLkHnOmIczM/h6h8n7VB5pu62MIibvzbos6O05mnkhMuGUTVXEWcbwqWG65dr
 N17yRQUNZpd72UmhRLXH5AyTZMYyFckJyVHrcrBkAyGqN8pm5o9SVyvkJ5Tj03fr
 FfLSmrFkEJvq5zrwhattOJZ8zxxiTikHauSXpf99iclE23dIpaxtMfDtBXUsprWT
 RDUMgrqWMrjjVe6fejIqJdaTaiJfMiikKbEHrgJ/7Lfsu4ebqpy5XT7L+OlILzK8
 TEHbJoPuqp6V+f++Jh09me003RtEnyYKyXu/5dVbfVkspy3jsKjfxkFV46nBaGyh
 ZhrZ/GvLA6VcxUlkPYzK01pecuuk48+gWvJJGv7acYJ58DmtvvWxPdvtuylo/4gW
 H7a44mRxWEk70dh/NBUFxVYzkvvRSaYALPvl9XNFEZYhugVH9wd96iVimArg0mM1
 Io3oddWdBNTQjkEDn2McWpvkM3yliMbVUxPK9uawMatPbk6G/j/LebRgV+oMLSt1
 IWXvQ3vD1TfagfpknsrnGoChdRaiO2bhv6mBht90eGuriJyglJzEu/WbFahivCv2
 KIVePL1gGC817GHUjXXtVg==
 -----END ENCRYPTED PRIVATE KEY-----
--- a/cert/ca.srl
+++ b/cert/ca.srl
@ -1 +0,0 @@
 60C8840AB8EBA6989ED40D19ADD86852083D427F
--- a/cert/client.key
+++ b/cert/client.key
@ -1,5 +0,0 @@
 -----BEGIN PRIVATE KEY-----
 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg1fh58x4bws3t1TFN
 0GcADksdwO1l1s1kwK3IFUWjjLqhRANCAAQPGF/kRKeQWAfvMjQWouotiPUtON4U
 nms74/jTGXfq26TkuQdZQt6NCYiOMH+vKnBnQh5oRh67iiRlJIGFiM4h
 -----END PRIVATE KEY-----
--- a/cert/client.pem
+++ b/cert/client.pem
@ -1,20 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDOjCCAiKgAwIBAgIUZK9fVbUhDMEXSzRMt6J6qphmL6MwDQYJKoZIhvcNAQEL
 BQAwVTELMAkGA1UEBhMCY24xCzAJBgNVBAgMAmp4MQswCQYDVQQHDAJuYzEMMAoG
 A1UECgwDbGtxMQwwCgYDVQQLDANsa3ExEDAOBgNVBAMMB2xrcS5jb20wHhcNMjMw
 NDIxMDY0MzMzWhcNMjQwNDIwMDY0MzMzWjBVMQswCQYDVQQGEwJjbjELMAkGA1UE
 CAwCangxCzAJBgNVBAcMAm5jMQwwCgYDVQQKDANsa3ExDDAKBgNVBAsMA2xrcTEQ
 MA4GA1UEAwwHbGtxLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA8YX+RE
 p5BYB+8yNBai6i2I9S043hSeazvj+NMZd+rbpOS5B1lC3o0JiI4wf68qcGdCHmhG
 HruKJGUkgYWIziGjgcwwgckwFAYDVR0RBA0wC4IJKi5sa3EuY29tMAkGA1UdEwQC
 MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSwqmiRumIWLB/Pt1m4NwNZj787PDB6
 BgNVHSMEczBxoVmkVzBVMQswCQYDVQQGEwJjbjELMAkGA1UECAwCangxCzAJBgNV
 BAcMAm5jMQwwCgYDVQQKDANsa3ExDDAKBgNVBAsMA2xrcTEQMA4GA1UEAwwHbGtx
 LmNvbYIUfMVNFqFWKigox2rma5miUxdeDHQwDQYJKoZIhvcNAQELBQADggEBAH5W
 8x6bxo3Z6ufOjwEmMWv+yZQO4vWY79dLcP+Hfo0r6cKW7wDcgvr6Jr8X2c3UY1At
 AzgND+ogJMiFenhpPhxEDg4dknDLD4I5eDNA0NB3pZOdZupX2WKnm6U3LUvvUA9p
 6Q7OZAaPatTDfzBzZ7U0CZUkDGntBf11rTQ6hE2ynHOXTXeLPcFBYgMe4/YPILc5
 L4pr2Oa6yefG71LqOY0HibCUWXwWASHDbox58jsZ5NJE4mDPFoMPhnCWeFitDw3J
 21Fn4LO94skfLjhSoUPgsoCcT0nWgG1B5NYHftXQWEMVf30EVAULhL9Ysc8wJp6V
 yuq0foxCk0N8wvNCjKE=
 -----END CERTIFICATE-----
--- a/cert/client_prikey.txt
+++ b/cert/client_prikey.txt
@ -0,0 +1 @@
 client123
--- a/cert/client_pubkey.txt
+++ b/cert/client_pubkey.txt
@ -0,0 +1 @@
 client123
--- a/cert/openssl.cnf
+++ b/cert/openssl.cnf
@ -1,396 +0,0 @@
 #
 # OpenSSL example configuration file.
 # See doc/man5/config.pod for more info.
 #
 # This is mostly being used for generation of certificate requests,
 # but may be used for auto loading of providers
 # Note that you can include other files from the main configuration
 # file using the .include directive.
 #.include filename
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 # Use this in order to automatically load providers.
 openssl_conf = openssl_init
 # Comment out the next line to ignore configuration errors
 config_diagnostics = 1
 # Extra OBJECT IDENTIFIER info:
 # oid_file       = $ENV::HOME/.oid
 oid_section = new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
 # extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [ new_oids ]
 # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
 # Add a simple OID like this:
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
 # Policies used by the TSA examples.
 tsa_policy1 = 1.2.3.4.1
 tsa_policy2 = 1.2.3.4.5.6
 tsa_policy3 = 1.2.3.4.5.7
 # For FIPS
 # Optionally include a file that is generated by the OpenSSL fipsinstall
 # application. This file contains configuration data required by the OpenSSL
 # fips provider. It contains a named section e.g. [fips_sect] which is
 # referenced from the [provider_sect] below.
 # Refer to the OpenSSL security policy for more information.
 # .include fipsmodule.cnf
 [openssl_init]
 providers = provider_sect
 # List of providers to load
 [provider_sect]
 default = default_sect
 # The fips section name should match the section name inside the
 # included fipsmodule.cnf.
 # fips = fips_sect
 # If no providers are activated explicitly, the default one is activated implicitly.
 # See man 7 OSSL_PROVIDER-default for more details.
 #
 # If you add a section explicitly activating any other provider(s), you most
 # probably need to explicitly activate the default provider, otherwise it
 # becomes unavailable in openssl.  As a consequence applications depending on
 # OpenSSL may not work correctly which could lead to significant system
 # problems including inability to remotely access the system.
 [default_sect]
 # activate = 1
 ####################################################################
 [ ca ]
 default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 dir		= ./demoCA		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
 #unique_subject	= no			# Set to 'no' to allow creation of
 					# several certs with same subject.
 new_certs_dir	= $dir/newcerts		# default place for new certs.
 certificate	= $dir/cacert.pem 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
 crlnumber	= $dir/crlnumber	# the current crl number
 					# must be commented out to leave a V1 CRL
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 x509_extensions	= usr_cert		# The extensions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
 name_opt 	= ca_default		# Subject Name options
 cert_opt 	= ca_default		# Certificate field options
 # Extension copying option: use with caution.
 copy_extensions = copy
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
 # crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= default		# use public key default MD
 preserve	= no			# keep passed DN ordering
 # A few difference way of specifying how similar the request should look
 # For type CA, the listed attributes must be the same, and the optional
 # and supplied fields are just that :-)
 policy		= policy_match
 # For the CA policy
 [ policy_match ]
 countryName		= match
 stateOrProvinceName	= match
 organizationName	= match
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional
 # For the 'anything' policy
 # At this point in time, you must list all acceptable 'object'
 # types.
 [ policy_anything ]
 countryName		= optional
 stateOrProvinceName	= optional
 localityName		= optional
 organizationName	= optional
 organizationalUnitName	= optional
 commonName		= supplied
 emailAddress		= optional
 ####################################################################
 [ req ]
 default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
 # output_password = secret
 # This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
 # MASK:XXXX a literal mask value.
 # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
 string_mask = utf8only
 req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 countryName_default		= AU
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 stateOrProvinceName_default	= Some-State
 localityName			= Locality Name (eg, city)
 0.organizationName		= Organization Name (eg, company)
 0.organizationName_default	= Internet Widgits Pty Ltd
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
 #1.organizationName_default	= World Wide Web Pty Ltd
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 commonName			= Common Name (e.g. server FQDN or YOUR name)
 commonName_max			= 64
 emailAddress			= Email Address
 emailAddress_max		= 64
 # SET-ex3			= SET extension number 3
 [ req_attributes ]
 challengePassword		= A challenge password
 challengePassword_min		= 4
 challengePassword_max		= 20
 unstructuredName		= An optional company name
 [ usr_cert ]
 # These extensions are added when 'ca' signs a request.
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
 # This is required for TSA certificates.
 # extendedKeyUsage = critical,timeStamping
 [ v3_req ]
 subjectAltName = @alt_names
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 [ alt_names ]
 DNS.1 = *.lkq.com
 [ v3_ca ]
 # Extensions for a typical CA
 # PKIX recommendation.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer
 basicConstraints = critical,CA:true
 # Key usage: this is typical for a CA certificate. However since it will
 # prevent it being used as an test self-signed certificate it is best
 # left out by default.
 # keyUsage = cRLSign, keyCertSign
 # Include email address in subject alt name: another PKIX recommendation
 # subjectAltName=email:copy
 # Copy issuer details
 # issuerAltName=issuer:copy
 # DER hex encoding of an extension: beware experts only!
 # obj=DER:02:03
 # Where 'obj' is a standard or added object
 # You can even override a supported extension:
 # basicConstraints= critical, DER:30:03:01:01:FF
 [ crl_ext ]
 # CRL extensions.
 # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always
 [ proxy_cert_ext ]
 # These extensions should be added when creating a proxy certificate
 # This goes against PKIX guidelines but some CAs do it and some software
 # requires this to avoid interpreting an end user certificate as a CA.
 basicConstraints=CA:FALSE
 # This is typical in keyUsage for a client certificate.
 # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
 # This really needs to be in place for it to be a proxy certificate.
 proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
 ####################################################################
 [ tsa ]
 default_tsa = tsa_config1	# the default TSA section
 [ tsa_config1 ]
 # These are used by the TSA reply generation only.
 dir		= ./demoCA		# TSA root directory
 serial		= $dir/tsaserial	# The current serial number (mandatory)
 crypto_device	= builtin		# OpenSSL engine to use for signing
 signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
 					# (optional)
 certs		= $dir/cacert.pem	# Certificate chain to include in reply
 					# (optional)
 signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
 signer_digest  = sha256			# Signing digest to use. (Optional)
 default_policy	= tsa_policy1		# Policy if request did not specify it
 					# (optional)
 other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
 digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
 accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
 clock_precision_digits  = 0	# number of digits after dot. (optional)
 ordering		= yes	# Is ordering defined for timestamps?
 				# (optional, default: no)
 tsa_name		= yes	# Must the TSA name be included in the reply?
 				# (optional, default: no)
 ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
 				# (optional, default: no)
 ess_cert_id_alg		= sha1	# algorithm to compute certificate
 				# identifier (optional, default: sha1)
 [insta] # CMP using Insta Demo CA
 # Message transfer
 server = pki.certificate.fi:8700
 # proxy = # set this as far as needed, e.g., http://192.168.1.1:8080
 # tls_use = 0
 path = pkix/
 # Server authentication
 recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer
 ignore_keyusage = 1 # potentially needed quirk
 unprotected_errors = 1 # potentially needed quirk
 extracertsout = insta.extracerts.pem
 # Client authentication
 ref = 3078 # user identification
 secret = pass:insta # can be used for both client and server side
 # Generic message options
 cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
 # Certificate enrollment
 subject = "/CN=openssl-cmp-test"
 newkey = insta.priv.pem
 out_trusted = insta.ca.crt
 certout = insta.cert.pem
 [pbm] # Password-based protection for Insta CA
 # Server and client authentication
 ref = $insta::ref # 3078
 secret = $insta::secret # pass:insta
 [signature] # Signature-based protection for Insta CA
 # Server authentication
 trusted = insta.ca.crt # does not include keyUsage digitalSignature
 # Client authentication
 secret = # disable PBM
 key = $insta::newkey # insta.priv.pem
 cert = $insta::certout # insta.cert.pem
 [ir]
 cmd = ir
 [cr]
 cmd = cr
 [kur]
 # Certificate update
 cmd = kur
 oldcert = $insta::certout # insta.cert.pem
 [rr]
 # Certificate revocation
 cmd = rr
 oldcert = $insta::certout # insta.cert.pem
--- a/cert/order.key
+++ b/cert/order.key
@ -1,5 +0,0 @@
 -----BEGIN PRIVATE KEY-----
 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgERNVfrHYBvEo7cyr
 1ecjo69iC+1TaeDZMTqsJfanN0WhRANCAAT1SidjZizkN8UvqtD0v4uaU6D1ah9S
 Opw7P+iFkmTEWDDizgnC63BAZm6ktiBfGKyKxoe7Itt7JbMOmvzhPHuo
 -----END PRIVATE KEY-----
--- a/cert/order.pem
+++ b/cert/order.pem
@ -1,20 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDOjCCAiKgAwIBAgIUYMiECrjrppie1A0ZrdhoUgg9Qn8wDQYJKoZIhvcNAQEL
 BQAwVTELMAkGA1UEBhMCY24xCzAJBgNVBAgMAmp4MQswCQYDVQQHDAJuYzEMMAoG
 A1UECgwDbGtxMQwwCgYDVQQLDANsa3ExEDAOBgNVBAMMB2xrcS5jb20wHhcNMjMw
 NTA2MTAyNDU2WhcNMjQwNTA1MTAyNDU2WjBVMQswCQYDVQQGEwJjbjELMAkGA1UE
 CAwCangxCzAJBgNVBAcMAm5jMQwwCgYDVQQKDANsa3ExDDAKBgNVBAsMA2xrcTEQ
 MA4GA1UEAwwHbGtxLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPVKJ2Nm
 LOQ3xS+q0PS/i5pToPVqH1I6nDs/6IWSZMRYMOLOCcLrcEBmbqS2IF8YrIrGh7si
 23slsw6a/OE8e6ijgcwwgckwFAYDVR0RBA0wC4IJKi5sa3EuY29tMAkGA1UdEwQC
 MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQi8uNBmiX8UnnPuzMmUuC+DjWwuzB6
 BgNVHSMEczBxoVmkVzBVMQswCQYDVQQGEwJjbjELMAkGA1UECAwCangxCzAJBgNV
 BAcMAm5jMQwwCgYDVQQKDANsa3ExDDAKBgNVBAsMA2xrcTEQMA4GA1UEAwwHbGtx
 LmNvbYIUfMVNFqFWKigox2rma5miUxdeDHQwDQYJKoZIhvcNAQELBQADggEBACLj
 GyEREOa2XXmlDaBdxc8MV/nS3+frM2s2Dgh9c2ps65fDWPwh1fww8CGa4346i7Kq
 Nl+auJ9yI35qcKwh6qXT5av9jqyEKYkixGmHoJ2DmwZoMPF2kfwihJvYOrP91mpr
 2zns2T658LlmgSnYvL2TdfyHmOea+VMNnCD+bD9fe/NLMDcxOOhG5aQ9AyI6LiXu
 2rVHqZmBgQ4xLyw5NTanavFvzn+A9qDElfnHbcOqiezBxp11cnQw0kLUxNt6/Zte
 DBMyrEHUowaFGB59nIVo/uPBw/4LHRRxH48mQWVD03sP5LLVQ9G6XO8ZJIBdS/1I
 8+Np8mrJ7by/H2ZLWpY=
 -----END CERTIFICATE-----
--- a/cert/order_prikey.txt
+++ b/cert/order_prikey.txt
--- a/cert/order_pubkey.txt
+++ b/cert/order_pubkey.txt
@ -0,0 +1 @@
 order123
--- a/cert/peer.key
+++ b/cert/peer.key
@ -1,5 +0,0 @@
 -----BEGIN PRIVATE KEY-----
 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgd29Vz1rvQL3wcU5K
 REu+DuvRnBmKg4hDaFxDWx3UIsGhRANCAASfaFMEhvnjNfxV8DKe5jrcunMXtpPI
 DTyBmfB5OuQllvxBrVgbr8U0q7w8XgFgtvPaGAyKTsng0bXPBpIZbsZK
 -----END PRIVATE KEY-----
--- a/cert/peer.pem
+++ b/cert/peer.pem
@ -1,20 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIDOjCCAiKgAwIBAgIUZK9fVbUhDMEXSzRMt6J6qphmL6QwDQYJKoZIhvcNAQEL
 BQAwVTELMAkGA1UEBhMCY24xCzAJBgNVBAgMAmp4MQswCQYDVQQHDAJuYzEMMAoG
 A1UECgwDbGtxMQwwCgYDVQQLDANsa3ExEDAOBgNVBAMMB2xrcS5jb20wHhcNMjMw
 NDIxMTAyODUyWhcNMjQwNDIwMTAyODUyWjBVMQswCQYDVQQGEwJjbjELMAkGA1UE
 CAwCangxCzAJBgNVBAcMAm5jMQwwCgYDVQQKDANsa3ExDDAKBgNVBAsMA2xrcTEQ
 MA4GA1UEAwwHbGtxLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJ9oUwSG
 +eM1/FXwMp7mOty6cxe2k8gNPIGZ8Hk65CWW/EGtWBuvxTSrvDxeAWC289oYDIpO
 yeDRtc8GkhluxkqjgcwwgckwFAYDVR0RBA0wC4IJKi5sa3EuY29tMAkGA1UdEwQC
 MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTYvjZd9vUb4QyBwz2ZpQqPC43/TTB6
 BgNVHSMEczBxoVmkVzBVMQswCQYDVQQGEwJjbjELMAkGA1UECAwCangxCzAJBgNV
 BAcMAm5jMQwwCgYDVQQKDANsa3ExDDAKBgNVBAsMA2xrcTEQMA4GA1UEAwwHbGtx
 LmNvbYIUfMVNFqFWKigox2rma5miUxdeDHQwDQYJKoZIhvcNAQELBQADggEBACGG
 rIrE8V9v5MHlrPhjIgsggpAuYHHkg9ktY3ME4owa0NIZfr8P8DGuZVWzPXkLh6Ur
 7xd3iWPvEQenYSmyWeavqYsgvJlcK8A322qbF3Ma34yJL073pGGqfOnqAxvf20y1
 eZOJ/39xwAeBiZOu90AewgpVpDUa7dlggNBlBRsw3vfQPYqUqxdVoykVVtcidfbJ
 1hhz2Y/q13Kj6Bfb54/rso3PFNUeiOZpBeBZ67y+hKdcADnHKkisxzlFBndZ7s3T
 aDQgLaAWp2zE/5IjpxYLK26++JMg9LYiWIt/T6UPI4/3djUHfTts867+KEKMUD/A
 4e1rBNd2+MY2zkO7i8g=
 -----END CERTIFICATE-----
--- a/cert/peer_prikey.txt
+++ b/cert/peer_prikey.txt
--- a/cert/peer_pubkey.txt
+++ b/cert/peer_pubkey.txt
@ -0,0 +1 @@
 peer123
--- a/common/kgc/sign.go
+++ b/common/kgc/sign.go
@ -0,0 +1,7 @@
 package kgc
 func Certificateless_Sign(pri_key []byte, digest []byte) (signature []byte, err error) {
 	signed_data := append(pri_key, digest...)
 	return signed_data, nil
 }
--- a/common/kgc/util.go
+++ b/common/kgc/util.go
@ -0,0 +1,51 @@
 package kgc
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
 	pb "schain/proto"
 	"schain/proto/util"
 )
 func readTxtFile(filePath string) ([]byte, error) {
 	// 打开文件
 	file, err := os.Open(filePath)
 	if err != nil {
 		return nil, err
 	}
 	defer file.Close()
 	// 读取文件内容
 	content, err := ioutil.ReadAll(file)
 	if err != nil {
 		return nil, err
 	}
 	return content, nil
 }
 func LoadPriKey(file string) []byte {
 	content, err := readTxtFile(file)
 	if err != nil {
 		fmt.Println("load privatekey error")
 	}
 	return content
 }
 func LoadPubKey(file string) []byte {
 	content, err := readTxtFile(file)
 	if err != nil {
 		fmt.Println("load publickey error")
 	}
 	return content
 }
 func InitIdentity(IdentityPath string, mspID string) ([]byte, error) {
 	pubkey, _ := readTxtFile(IdentityPath)
 	sId := &pb.Creator{
 		Mspid:   mspID,
 		IdBytes: pubkey,
 	}
 	return util.MarshalOrPanic(sId), nil
 }
--- a/common/kgc/verify.go
+++ b/common/kgc/verify.go
@ -0,0 +1,28 @@
 package kgc
 import (
 	"bytes"
 	"crypto/sha256"
 	"schain/proto/util"
 )
 func Certificateless_Verify(creatorBytes []byte, signature, msg []byte) error {
 	creator, err := util.UnmarshalCreator(creatorBytes)
 	if err != nil {
 		return err
 	}
 	publicKey := creator.IdBytes
 	digest := sha256.Sum256(msg)
 	data := append(publicKey, digest[:]...)
 	if equal := bytes.Equal(data, signature); equal {
 		return nil
 	}
 	return err
 }
--- a/common/signer/signer.go
+++ b/common/signer/signer.go
@ -1,9 +1,8 @@
 package signer
 import (
-	"crypto"
+	"bytes"
 	"crypto/ecdsa"
 	"crypto/rand"
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/asn1"
@ -12,6 +11,7 @@ import (
 	"os"
 	"strings"
 	kgc "schain/common/kgc"
 	pb "schain/proto"
 	"schain/proto/util"
@ -27,9 +27,9 @@ type Config struct {
 // Signer 用户的签名，包含公钥、私钥和用户的身份
 type Signer struct {
-	privateKey   *ecdsa.PrivateKey
+	privateKey []byte
-	publicKeyKey *ecdsa.PublicKey
+	publicKey  []byte
-	creator      []byte
+	creator    []byte
 }
 type ECDSASignature struct {
@ -38,26 +38,27 @@ type ECDSASignature struct {
 // NewSigner 根据配置创建一个用户签名
 func NewSigner(conf *Config) (*Signer, error) {
-	sId, err := serializeIdentity(conf.IdentityPath, conf.MSPID)
+	sId, err := kgc.InitIdentity(conf.IdentityPath, conf.MSPID)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 	//加载私钥
-	privateKey, err := loadPrivateKey(conf.KeyPath)
+	privateKey := kgc.LoadPriKey(conf.KeyPath)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 	//加载公钥，需要先调取用户证书，再从证书中获取公钥
-	publicKey, err := loadPublicKey(conf.IdentityPath)
+	//无证书方案直接调取公钥即可
 	publicKey := kgc.LoadPubKey(conf.IdentityPath)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}
 	return &Signer{
-		creator:      sId,
+		creator:    sId,
-		privateKey:   privateKey,
+		privateKey: privateKey,
-		publicKeyKey: publicKey,
+		publicKey:  publicKey,
 	}, nil
 }
@ -166,16 +167,33 @@ func (si *Signer) Serialize() ([]byte, error) {
 // 返回一个长度为 32 的字节数组，表示计算得到的 SHA256 校验和
 func (si *Signer) Sign(msg []byte) ([]byte, error) {
 	digest := sha256.Sum256(msg)
-	return signECDSA(si.privateKey, digest[:])
+	return kgc.Certificateless_Sign(si.privateKey, digest[:])
 	//return signECDSA(si.privateKey, digest[:])
 }
-// 验证 ECDSA 签名
+// 验证 ECDSA 签名，此处用不到
 func (si *Signer) Verify(signature, msg []byte) bool {
 	//计算消息的哈希值
 	digest := sha256.Sum256(msg)
-	return verifyECDSA(si.publicKeyKey, signature, digest[:])
+	key := ecdsa.PublicKey{}
 	return verifyECDSA(&key, signature, digest[:])
 }
 func verifyECDSA(pubKey *ecdsa.PublicKey, signature, digest []byte) bool {
 	// 解析 ASN.1 编码的签名数据
 	var sig ECDSASignature
 	_, err := asn1.Unmarshal(signature, &sig)
 	if err != nil {
 		return false
 	}
 	// 使用 ECDSA 签名算法对消息的哈希值进行验证
 	return ecdsa.Verify(pubKey, digest, sig.R, sig.S)
 }
 /*
 // Verify 验证签名是否正确
 func Verify(creatorBytes []byte, signature, msg []byte) error {
 	creator, err := util.UnmarshalCreator(creatorBytes)
@ -195,7 +213,30 @@ func Verify(creatorBytes []byte, signature, msg []byte) error {
 	return nil
 }
 */
 func Verify(creatorBytes []byte, signature, msg []byte) error {
 	creator, err := util.UnmarshalCreator(creatorBytes)
 	if err != nil {
 		return err
 	}
 	publicKey := creator.IdBytes
 	digest := sha256.Sum256(msg)
 	data := append(publicKey, digest[:]...)
 	if equal := bytes.Equal(data, signature); equal {
 		return nil
 	}
 	return err
 }
 /*
 // 根据文件加载用户的私钥
 func loadPrivateKey(file string) (*ecdsa.PrivateKey, error) {
 	b, err := os.ReadFile(file)
@ -260,16 +301,4 @@ func signECDSA(k *ecdsa.PrivateKey, digest []byte) (signature []byte, err error)
 	return asn1.Marshal(ECDSASignature{R: r, S: s})
 }
-
+*/
 func verifyECDSA(pubKey *ecdsa.PublicKey, signature, digest []byte) bool {
 	// 解析 ASN.1 编码的签名数据
 	var sig ECDSASignature
 	_, err := asn1.Unmarshal(signature, &sig)
 	if err != nil {
 		return false
 	}
 	// 使用 ECDSA 签名算法对消息的哈希值进行验证
 	return ecdsa.Verify(pubKey, digest, sig.R, sig.S)
 }
--- a/config/config.go
+++ b/config/config.go
@ -9,7 +9,7 @@ import (
 // GetClientConf 获取客户端的信息配置
 func GetClientConf() (*signer.Config, error) {
-	viper.SetDefault("client.MSPID", "*.lkq.com")
+	viper.SetDefault("client.MSPID", "*.wxy.com")
 	viper.SetDefault("client.IdentityPath", "cert/client.pem")
 	viper.SetDefault("client.KeyPath", "cert/client.key")
@ -28,7 +28,7 @@ func GetClientConf() (*signer.Config, error) {
 // GetPeerConf 获取Peer节点的信息配置
 func GetPeerConf() (*signer.Config, error) {
-	viper.SetDefault("peer.MSPID", "*.lkq.com")
+	viper.SetDefault("peer.MSPID", "*.wxy.com")
 	viper.SetDefault("peer.IdentityPath", "cert/peer.pem")
 	viper.SetDefault("peer.KeyPath", "cert/peer.key")
@ -47,7 +47,7 @@ func GetPeerConf() (*signer.Config, error) {
 // GetOrderConf 获取Order节点的配置信息
 func GetOrderConf() (*signer.Config, error) {
-	viper.SetDefault("order.MSPID", "*.lkq.com")
+	viper.SetDefault("order.MSPID", "*.wxy.com")
 	viper.SetDefault("order.IdentityPath", "cert/order.pem")
 	viper.SetDefault("order.KeyPath", "cert/order.key")
--- a/config/config.yaml
+++ b/config/config.yaml
@ -37,18 +37,24 @@ client:
  MSPID: "*.wxy.com"
  IdentityPath: "cert/client.pem"
  KeyPath: "cert/client.key"
  ClientPubPath: "cert/client_pubkey.txt"
  ClientPriPath: "cert/client_prikey.txt"
 peer:
  address: ":1408"
  MSPID: "*.wxy.com"
  IdentityPath: "cert/peer.pem"
  KeyPath: "cert/peer.key"
  PeerPubPath: "cert/peer_pubkey.txt"
  PeerPriPath: "cert/peer_prikey.txt"
 order:
  address: ":1409"
  MSPID: "*.wxy.com"
  IdentityPath: "cert/order.pem"
  KeyPath: "cert/order.key"
  OrderPubPath: "cert/order_pubkey.txt"
  OrderPriPath: "cert/order_prikey.txt"
-ca:
+#ca:
-  crt: "cert/ca.crt"
+#  crt: "cert/ca.crt"
--- a/config/context.go
+++ b/config/context.go
@ -24,7 +24,7 @@ var OrderAddress string
 // OrderConf Order节点签名配置
 var OrderConf *signer.Config
-// CaCrt 根证书地址
+// CaCrt 根证书地址(无证书模式下禁用)
 var CaCrt string
 type Organization struct {
@ -77,17 +77,17 @@ func init() {
 	ProjectPath = pwd + "/"
 	configFilePath = pwd + "/config/"
-	ClientConf, err = GetClientConf()
+	ClientConf, err = KGCClientConf()
 	if err != nil {
 		panic(errors.New("client conf acquisition failed"))
 	}
-	PeerConf, err = GetPeerConf()
+	PeerConf, err = KGCPeerConf()
 	if err != nil {
 		panic(errors.New("peer conf acquisition failed"))
 	}
-	OrderConf, err = GetOrderConf()
+	OrderConf, err = KGCOrderConf()
 	if err != nil {
 		panic(errors.New("order conf acquisition failed"))
 	}
@ -110,7 +110,7 @@ func init() {
 	OrderAddress = viper.GetString("order.address")
 	// GetCaCrt 获取ca节点的ca.crt
-	CaCrt = ProjectPath + viper.GetString("ca.crt")
+	//CaCrt = ProjectPath + viper.GetString("ca.crt")
 	Organizations, err = GetOrganizations()
 	if err != nil {
--- a/config/kgc_config.go
+++ b/config/kgc_config.go
@ -0,0 +1,64 @@
 package config
 import (
 	"schain/common/signer"
 	"github.com/spf13/viper"
 )
 // GetClientConf 获取客户端的信息配置
 func KGCClientConf() (*signer.Config, error) {
 	viper.SetDefault("client.MSPID", "*.wxy.com")
 	viper.SetDefault("client.ClientPubPath", "cert/client_pubkey.txt")
 	viper.SetDefault("client.ClientPriPath", "cert/client_prikey.txt")
 	viper.AddConfigPath(configFilePath)
 	viper.SetConfigName("config")
 	if err := viper.ReadInConfig(); err != nil {
 		panic(err)
 	}
 	return &signer.Config{
 		MSPID:        viper.GetString("client.MSPID"),
 		IdentityPath: ProjectPath + viper.GetString("client.ClientPubPath"),
 		KeyPath:      ProjectPath + viper.GetString("client.ClientPriPath"),
 	}, nil
 }
 // GetPeerConf 获取Peer节点的信息配置
 func KGCPeerConf() (*signer.Config, error) {
 	viper.SetDefault("peer.MSPID", "*.wxy.com")
 	viper.SetDefault("peer.PeerPubPath", "cert/peer_pubkey.txt")
 	viper.SetDefault("peer.PeerPriPath", "cert/peer_prikey.txt")
 	viper.AddConfigPath(configFilePath)
 	viper.SetConfigName("config")
 	if err := viper.ReadInConfig(); err != nil {
 		return nil, err
 	}
 	return &signer.Config{
 		MSPID:        viper.GetString("peer.MSPID"),
 		IdentityPath: ProjectPath + viper.GetString("peer.PeerPubPath"),
 		KeyPath:      ProjectPath + viper.GetString("peer.PeerPriPath"),
 	}, nil
 }
 // GetOrderConf 获取Order节点的配置信息
 func KGCOrderConf() (*signer.Config, error) {
 	viper.SetDefault("order.MSPID", "*.wxy.com")
 	viper.SetDefault("order.OrderPubPath", "cert/order_pubkey.txt")
 	viper.SetDefault("order.OrderPriPath", "cert/order_prikey.txt")
 	viper.AddConfigPath(configFilePath)
 	viper.SetConfigName("config")
 	if err := viper.ReadInConfig(); err != nil {
 		return nil, err
 	}
 	return &signer.Config{
 		MSPID:        viper.GetString("order.MSPID"),
 		IdentityPath: ProjectPath + viper.GetString("order.OrderPubPath"),
 		KeyPath:      ProjectPath + viper.GetString("order.OrderPriPath"),
 	}, nil
 }
--- a/proto/util/txutils.go
+++ b/proto/util/txutils.go
@ -118,6 +118,8 @@ func CreateSignedTx(
 	}
 	// check that the signer is the same that is referenced in the header
 	// 验证了一次签名
 	signerBytes, err := signer.Serialize()
 	if err != nil {
 		return nil, err