Scripts demonstrating the OpenSSL engine API with Cryptech Alpha HSM.

author: Rob Austein <sra@hactrn.net> 2016-08-21 12:17:19 -0400
committer: Rob Austein <sra@hactrn.net> 2016-08-21 12:17:19 -0400
commit: 3185360834dc9992c141c84517bdecd3a87312a1 (patch)
tree: 1946600f120465537c8234ad5b0c572e4af37f86 /create-keys.sh
1 files changed, 11 insertions, 0 deletions
diff --git a/create-keys.sh b/create-keys.sh
new file mode 100755
index 0000000..5cfda45
--- /dev/null
+++ b/create-keys.sh
@@ -0,0 +1,11 @@
+#!/bin/sh -
+
+. ./environment.sh
+
+# Not really sure which silly name to use for the EC curve, doc is not great.  prime256v1?  ansiX9p256r1?  secp256r1?
+# If I had to guess, ansiX9p256r1, so try that:   --key-type EC:ansiX9p256r1
+# Still having trouble with OpenSSL using this key, so revert to RSA for now, try ECDSA again later.
+
+pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 1 --label leader  --key-type rsa:2048
+pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 2 --label boris   --key-type rsa:2048
+pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 3 --label natasha --key-type rsa:2848
author	Rob Austein <sra@hactrn.net>	2016-08-21 12:17:19 -0400
committer	Rob Austein <sra@hactrn.net>	2016-08-21 12:17:19 -0400
commit	3185360834dc9992c141c84517bdecd3a87312a1 (patch)
tree	1946600f120465537c8234ad5b0c572e4af37f86 /create-keys.sh