nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 09:08:04 -05:00
Code Issues Projects Releases Wiki Activity

documentation and sample pkcs11 token

Browse Source
This commit is contained in:
Leif Johansson 2015-02-26 14:18:00 +01:00
parent 89af05898e
commit 67ef46984f
5 changed files with 75 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
misc/softhsm-example-token/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
softhsm.conf
test.*
openssl.conf
config.py
softhsm.*

17
misc/softhsm-example-token/README Normal file
View File

@ -0,0 +1,17 @@
This directory contains a basic setup for testing pkcs11-support. If you get
this to work you have a decent chance of using your real HSM or hardware token.
You need the following packages (ubuntu/debian names):
- libengine-pkcs11-openssl
- softhsm
Type 'make' to generate a softhsm token with a test-key on id a1b2 with PIN-code
"secret1". To use this token with osslsigncode try something like this (from this
directory):
env SOFTHSM_CONF=`pwd`/softhsm.conf ../../osslsigncode sign \
-pkcs11 /usr/lib/softhsm/libsofthsm.so -key a1b2 -certs test.crt ...
Use 'secret1' as the password at the prompt.

0
README → misc/softhsm-example-token/README-PKCS11
View File

46
misc/softhsm-example-token/gen-token.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
P11_ENGINE=/usr/lib/engines/engine_pkcs11.so
P11_MODULE=/usr/lib/softhsm/libsofthsm.so
##
export SOFTHSM_CONF=softhsm.conf
cat>config.py<<EOF
DEBUG = True
SECRET = "secret1"
PKCS11MODULE = "$P11_MODULE"
PKCS11PIN = "secret1"
EOF
cat>softhsm.conf<<EOF
0: softhsm.db
EOF
cat>openssl.conf<<EOF
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = $P11_ENGINE
MODULE_PATH = $P11_MODULE
PIN = secret1
init = 0
[req]
distinguished_name = req_distinguished_name
[req_distinguished_name]
EOF
export SOFTHSM_CONF=softhsm.conf
softhsm --slot 0 --label test --init-token --pin secret1 --so-pin secret2
pkcs11-tool --module $P11_MODULE -l -k --key-type rsa:2048 --slot 0 --id a1b2 --label test --pin secret1
pkcs11-tool --module $P11_MODULE -l --pin secret1 -O
openssl req -new -x509 -subj "/cn=TEST" -engine pkcs11 -config openssl.conf -keyform engine -key a1b2 -passin pass:secret1 -out test.crt
openssl x509 -inform PEM -outform DER -in test.crt -out test.der
pkcs11-tool --module $P11_MODULE -l --slot 0 --id a1b2 --label test -y cert -w test.der --pin secret1

7
misc/softhsm-example-token/makefile Normal file
View File

@ -0,0 +1,7 @@
all: clean token
clean:
@rm -f softhsm.* test.* openssl.conf config.py
token:
./gen-token.sh