aboutsummaryrefslogtreecommitdiff
path: root/create-keys.sh
diff options
context:
space:
mode:
Diffstat (limited to 'create-keys.sh')
-rwxr-xr-xcreate-keys.sh20
1 files changed, 13 insertions, 7 deletions
diff --git a/create-keys.sh b/create-keys.sh
index 5cfda45..e3630d9 100755
--- a/create-keys.sh
+++ b/create-keys.sh
@@ -1,11 +1,17 @@
#!/bin/sh -
-. ./environment.sh
+# pkcs11-tool's naming scheme for key types is buried in code.
+# The useful choices in our case appear to be:
+#
+# rsa:1024
+# rsa:2048
+# EC:prime256v1
+# EC:prime384v1
+
+: ${key_type='EC:prime256v1'}
-# Not really sure which silly name to use for the EC curve, doc is not great. prime256v1? ansiX9p256r1? secp256r1?
-# If I had to guess, ansiX9p256r1, so try that: --key-type EC:ansiX9p256r1
-# Still having trouble with OpenSSL using this key, so revert to RSA for now, try ECDSA again later.
+. ./environment.sh
-pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 1 --label leader --key-type rsa:2048
-pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 2 --label boris --key-type rsa:2048
-pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 3 --label natasha --key-type rsa:2848
+pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 1 --label leader --key-type "$key_type"
+pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 2 --label boris --key-type "$key_type"
+pkcs11-tool --module ${PKCS11_MODULE} --login --pin ${PKCS11_PIN} --keypairgen --id 3 --label natasha --key-type "$key_type"
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 17:43:54 +0000