diff options
Diffstat (limited to 'create-keys.sh')
-rwxr-xr-x | create-keys.sh | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/create-keys.sh b/create-keys.sh index 5cfda45..e3630d9 100755 --- a/create-keys.sh +++ b/create-keys.sh @@ -1,11 +1,17 @@ #!/bin/sh - -. ./environment.sh +# pkcs11-tool's naming scheme for key types is buried in code. +# The useful choices in our case appear to be: +# +# rsa:1024 +# rsa:2048 +# EC:prime256v1 +# EC:prime384v1 + +: ${key_type='EC:prime256v1'} -# Not really sure which silly name to use for the EC curve, doc is not great. prime256v1? ansiX9p256r1? secp256r1? -# If I had to guess, ansiX9p256r1, so try that: --key-type EC:ansiX9p256r1 -# Still having trouble with OpenSSL using this key, so revert to RSA for now, try ECDSA again later. +. ./environment.sh -pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 1 --label leader --key-type rsa:2048 -pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 2 --label boris --key-type rsa:2048 -pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 3 --label natasha --key-type rsa:2848 +pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 1 --label leader --key-type "$key_type" +pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 2 --label boris --key-type "$key_type" +pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 3 --label natasha --key-type "$key_type" |