From 9d9b6a8eb297e7e90a680730bfc5068deb19a138 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Wed, 27 Sep 2017 10:14:32 +0200 Subject: Support pkcs#11 in aktualizr and add softhsm token for testing --- recipes-support/softhsm-testtoken/files/createtoken.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'recipes-support') diff --git a/recipes-support/softhsm-testtoken/files/createtoken.sh b/recipes-support/softhsm-testtoken/files/createtoken.sh index a72ec34..b01db47 100644 --- a/recipes-support/softhsm-testtoken/files/createtoken.sh +++ b/recipes-support/softhsm-testtoken/files/createtoken.sh @@ -5,17 +5,22 @@ if pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O; then exit 0 fi -if ! ls /var/sota/token/pkey.pem /var/sota/token/client.pem; then +if ! ls /var/sota/token/pkey.pem /var/sota/token/client.pem /var/sota/token/pkey.pem; then # Key/certificate pair is not present, repeat - mkdir -p /var/sota/token exit 1 fi mkdir -p /var/lib/softhsm/tokens softhsm2-util --init-token --slot 0 --label "Virtual token" --pin 1234 --so-pin 1234 -pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/pkey.pem --type privkey --login --pin 1234 +softhsm2-util --import /var/sota/token/pkey.pem --label "pkey" --id 02 --token 'Virtual token' --pin 1234 openssl x509 -outform der -in /var/sota/token/client.pem -out /var/sota/token/client.der -pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --label 'Virtual token' --write-object /var/sota/token/client.der --type cert --login --pin 1234 +pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so --id 1 --write-object /var/sota/token/client.der --type cert --login --pin 1234 + +# Import UPTANE keypair if it exists +if [ -f /var/sota/token/ecukey.pem ]; then + openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in /var/sota/token/ecukey.pem -out /var/sota/token/ecukey.p8 + softhsm2-util --import /var/sota/token/ecukey.p8 --label "uptanekey" --id 03 --token 'Virtual token' --pin 1234 +fi exit 0 -- cgit v1.2.3-54-g00ecf