You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 lines
1.3 KiB
55 lines
1.3 KiB
#!/bin/sh |
|
# |
|
# This script will initialise token storage of softhsm PKCS11 provider |
|
# in custom location. Is useful to store tokens in non-standard location. |
|
|
|
SOFTHSM2_CONF="$1" |
|
TOKENPATH="$2" |
|
GROUPNAME="$3" |
|
# Do not use this script for real keys worth protection |
|
# This is intended for crypto accelerators using PKCS11 interface. |
|
# Uninitialized token would fail any crypto operation. |
|
PIN=1234 |
|
|
|
set -e |
|
|
|
if [ -z "$SOFTHSM2_CONF" -o -z "$TOKENPATH" ]; then |
|
echo "Usage: $0 <config file> <token directory> [group]" >&2 |
|
exit 1 |
|
fi |
|
|
|
if ! [ -f "$SOFTHSM2_CONF" ]; then |
|
cat << SED > "$SOFTHSM2_CONF" |
|
# SoftHSM v2 configuration file |
|
|
|
directories.tokendir = ${TOKENPATH} |
|
objectstore.backend = file |
|
|
|
# ERROR, WARNING, INFO, DEBUG |
|
log.level = ERROR |
|
|
|
# If CKF_REMOVABLE_DEVICE flag should be set |
|
slots.removable = false |
|
SED |
|
else |
|
echo "Config file $SOFTHSM2_CONF already exists" >&2 |
|
fi |
|
|
|
[ -d "$TOKENPATH" ] || mkdir -p "$TOKENPATH" |
|
|
|
export SOFTHSM2_CONF |
|
|
|
if softhsm2-util --show-slots | grep 'Initialized:[[:space:]]*yes' > /dev/null |
|
then |
|
echo "Token in ${TOKENPATH} is already initialized" >&2 |
|
else |
|
echo "Initializing tokens to ${TOKENPATH}..." |
|
softhsm2-util --init-token --free --label rpm --pin $PIN --so-pin $PIN |
|
|
|
if [ -n "$GROUPNAME" ]; then |
|
chgrp -R -- "$GROUPNAME" "$TOKENPATH" |
|
chmod -R -- g=rX,o= "$TOKENPATH" |
|
fi |
|
fi |
|
|
|
echo "export SOFTHSM2_CONF=\"$SOFTHSM2_CONF\""
|
|
|