blob: 5080813dd55aa24725edec72fc79cad9b203d666 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
TEXT = "A foo is a bar"
SOFTHSM = /usr/bin/softhsm2-util
direct-softhsm: testsig.hsm.pem
( \
OPENSSL_CONF=./openssl.cnf; \
tokenurl=$$(p11tool --login --provider=/usr/lib/softhsm/libsofthsm2.so --list-token-urls); \
echo $(TEXT) | openssl dgst -sha256 -engine pkcs11 -keyform ENGINE -prverify $$tokenurl -signature $< | egrep "^Verified OK$$"; \
)
softhsm-token-setup: softhsm-token-setup.stamp
softhsm-token-setup.stamp: softhsm/tokens testkey.pkcs8
test -x $(SOFTHSM)
( \
BASEDIR=$$(pwd); \
export SOFTHSM2_CONF=$$BASEDIR/softhsm/softhsm2.conf; \
echo "directories.tokendir = $$BASEDIR/softhsm/tokens/" > $$SOFTHSM2_CONF; \
${SOFTHSM} --init-token --free --label mytoken --so-pin ffffff --pin ffff; \
${SOFTHSM} --import testkey.pkcs8 --token mytoken --label mykey --id 00 --pin ffff; \
)
touch $@
softhsm/tokens:
mkdir -p $@
testkey.pkcs8: testkey.pem
openssl pkey -in $< -outform pem -out $@
testkey.pem:
openssl genrsa -out $@ 2048
testsig.local.pem: testkey.pem
echo $(TEXT) | openssl dgst -sha256 -sign testkey.pem -out $@
testsig.hsm.pem: softhsm-token-setup openssl.cnf
( \
OPENSSL_CONF=./openssl.cnf; \
tokenurl=$$(p11tool --login --provider=/usr/lib/softhsm/libsofthsm2.so --list-token-urls); \
echo $(TEXT) | openssl dgst -sha256 -engine pkcs11 -keyform ENGINE -sign $$tokenurl -out $@; \
)
clean:
[ -d softhsm ] && rm -r softhsm
-rm testkey.pem testkey.pkcs8
-rm testsig.*.pem
.PHONY: clean
|
