diff options
| author | Linus Nordberg <linus@sunet.se> | 2020-01-03 06:18:22 +0100 |
|---|---|---|
| committer | Linus Nordberg <linus@sunet.se> | 2020-01-03 06:18:22 +0100 |
| commit | be403310650fdb0d9d84b9561dfb469bc3d3f43f (patch) | |
| tree | 065f845f055b32f8b8df082661a704b735523e37 | |
| parent | 13689b468cc6ed0514dd0c5864223238f26fb979 (diff) | |
clean up the README's some
| -rw-r--r-- | README.md | 20 | ||||
| -rw-r--r-- | p11p-daemon/README.md | 49 |
2 files changed, 35 insertions, 34 deletions
@@ -31,7 +31,7 @@ devices. ## Goals * Detect when a Cryptoki library operation fails and retry the - operation, possibly on another cryptographic device. + operation, possibly targeting another cryptographic device. * Provide failover and load balancing between cryptographic devices. @@ -54,16 +54,24 @@ devices. messing with TCP sessions, catch the failure (f.ex. by timing out) and retry the operation behind the back of the application. -- Migrating from one kind of HSM to another kind of HSM. p11p-daemon - can be configured to use more than one HSM. As long as they provide - the same functions using the same key(s), p11p-daemon can provide - fallback functionality for certain operations between different HSM's - from different vendors. +- When migrating from one kind of HSM to another kind of HSM. + p11p-daemon can be configured to use more than one HSM. As long as + they provide the same functions using the same key(s), p11p-daemon + can provide fallback functionality for certain operations between + different HSM's from different vendors. ## Inspiration - [p11-kit https://github.com/p11-glue/p11-kit/] +## Running automatic tests + +This should be enough to verify that all the necessary parts are in +place on your system, before getting p11p-daemon running. + + $ sudo apt install softhsm2 gnutls-bin libengine-pkcs11-openssl + $ make -C tests + ## Compiling, configuring and running p11p-daemon See p11p-daemon/README.md. diff --git a/p11p-daemon/README.md b/p11p-daemon/README.md index 8c7e7b9..84c339f 100644 --- a/p11p-daemon/README.md +++ b/p11p-daemon/README.md @@ -1,6 +1,6 @@ # p11p-daemon is a PKCS #11 proxy -## Install dependencies +## Installing dependencies ### p11-kit @@ -19,7 +19,7 @@ Or, if your p11-kit package is too old (<0.23.15): ### Erlang/OTP 19 -Ideally, your OS distribution has Erlang/OTP 19.x: +Ideally, your OS distribution has Erlang/OTP 19 or newer: $ sudo apt install erlang @@ -35,7 +35,7 @@ would be: $ ./kerl install 19.2 ~/kerl/19.2 $ . ~/kerl/19.2/activate -## Compile p11p-daemon +## Compiling p11p-daemon If you don't have rebar3 installed, install it. See https://www.rebar3.org/docs/ . @@ -51,36 +51,21 @@ Compile: $ cd p11p-daemon $ make -## Configure p11p-daemon +## Configuring p11p-daemon For now, see config/sys.config for how to configure virtual tokens, -each with one or more PKCS #11 modules, i.e. shared libraries. +each with one or more PKCS #11 module, i.e. shared library. -## Run tests +## Running p11p-daemon - $ sudo apt install softhsm2 gnutls-bin libengine-pkcs11-openssl - $ make -C tests - -# Manual testing - - $ make -C p11p-daemon start - - -To start an Erlang shell running the p11p application: - - $ make shell - -Quit by typing in "q()." in the shell. - -To start a "release", running in the background and logging to files -under _build/default/rel/p11p/log: +To start p11p-daemon, running in the background and logging to files +under _build/default/rel/p11p/log/: $ make start -A socket per configured token, /run/user/$EUID/p11p/$TOKEN-$PID, can -now be used by a client. - -Example using p11tool: +A socket per configured token, /run/user/$EUID/p11p/$TOKEN-$PID, is +made available and can now be used by a client. Example usage using +p11tool: $ P11_KIT_SERVER_ADDRESS=unix:path=/run/user/1000/p11p/vtoken0-26585 P11_KIT_DEBUG=none p11tool --provider /usr/lib/pkcs11/p11-kit-client.so --list-tokens Token 0: @@ -92,10 +77,18 @@ Example using p11tool: Serial: b4a861d362dbd386 Module: (null) -To stop the Erlang shell: +To stop p11p-daemon: $ make stop +## Debugging p11p-daemon + +To start an Erlang shell running the p11p application: + + $ make shell + +Quit by entering "q()." in the Erlang shell. + ## Known bugs and limitations - Multiple p11 applications using the same vtoken in a given @@ -104,6 +97,6 @@ To stop the Erlang shell: TODO: Make this work, or prohibit it by rejecting a second user of the same vtoken. -## Bug reports, questions, comments +## Contact linus+p11p@sunet.se |