nmav pushed to caml-crush (f22). "updated README"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 2 11:02:50 UTC 2015
>From 97a0f6b1f07b816d74a71c42ced83c7e2d3bf25b Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Thu, 2 Apr 2015 11:56:25 +0200
Subject: updated README
diff --git a/README.fedora b/README.fedora
index be934b4..91bd505 100644
--- a/README.fedora
+++ b/README.fedora
@@ -23,10 +23,14 @@ Initialize using pkcs11-tool
============================
To write a private key and certificate (must be provided in DER format):
+ # cat /etc/pkcs11proxyd/pins.txt
+ # pkcs11proxyd-softhsm-ctl unlock
+ $ newgrp pkcs11proxy
$ pkcs11-tool --module /usr/lib64/pkcs11/libp11clientsofthsm.so -y privkey -w ./key-rsa.der -l --label server-key --usage-sign --usage-decrypt -d 000102030405
$ pkcs11-tool --module /usr/lib64/pkcs11/libp11clientsofthsm.so -y cert -w ./cert-rsa.der -l --label server-cert -d 000102030405
$ openssl x509 -inform der -pubkey -in cert-rsa.der | openssl pkey -pubin -inform pem -outform der -out pub-rsa.der
$ pkcs11-tool --module /usr/lib64/pkcs11/libp11clientsofthsm.so -y pubkey -w ./pub-rsa.der -l --label server-pubkey -d 000102030405
+ # pkcs11proxyd-softhsm-ctl lock
To list all objects:
@@ -46,13 +50,12 @@ Initialize using p11tool
========================
If you already have a key/certificate pair you can copy them to the HSM
- $ sudo cat /etc/pkcs11proxyd/pins.txt
+ # cat /etc/pkcs11proxyd/pins.txt
+ # pkcs11proxyd-softhsm-ctl unlock
+ $ newgrp pkcs11proxy
$ p11tool --write --load-privkey key.pem --label server-key "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken" --login
$ p11tool --write --load-certificate cert.pem --label server-cert "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken" --login
-
-Or you can generate the key inside the module:
- $ p11tool --generate-rsa "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken" --login --outfile pubkey.pem --label server-key
- $ certtool --generate-request --load-pubkey pubkey.pem --load-privkey "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=System%20softtoken;object=server-key;type=private" --outfile request.pem
+ # pkcs11proxyd-softhsm-ctl lock
You can now list them. You should have 2 objects, the private key, and the certificate.
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/caml-crush.git/commit/?h=f22&id=97a0f6b1f07b816d74a71c42ced83c7e2d3bf25b
More information about the scm-commits
mailing list