diff options
Diffstat (limited to 'contrib/pkcs11-keygen/writekey.sh')
-rwxr-xr-x | contrib/pkcs11-keygen/writekey.sh | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/contrib/pkcs11-keygen/writekey.sh b/contrib/pkcs11-keygen/writekey.sh new file mode 100755 index 0000000..9b235d0 --- /dev/null +++ b/contrib/pkcs11-keygen/writekey.sh @@ -0,0 +1,73 @@ +#!/bin/bash --debug + +usage="Usage: $0 -x ext -p pin -f keyrootname" +tmp_file=/tmp/cur_pem.$$ +while getopts ":x:p:f:" opt; do + case $opt in + x ) ext=$OPTARG ;; + p ) pin=$OPTARG ;; + f ) root=$OPTARG ;; + \? ) echo $usage + exit 1 ;; + esac +done +shift $(($OPTIND -1)) + +if [ ! "$ext" -o ! "$pin" -o ! "$root" ] ; then + echo $usage + exit 1 +fi + +keyfile=${root}.key +privfile=${root}.private +file=`basename $root | sed 's/^K//'` +zone=`echo $file | awk -F+ '{ print $1 }' | sed 's/\.$//'` +algo=`echo $file | awk -F+ '{ print $2 }'` +tag=`echo $file | awk -F+ '{ print $3 }'` + +# debug +echo 'zone: ' $zone +echo 'algo: ' $algo +echo 'tag: ' $tag + +if [ ! -r "$keyfile" ] ; then + echo "can't read " $keyfile + exit 1 +fi +if [ ! -r "$privfile" ] ; then + echo "can't read " $privfile + exit 1 +fi + +if [ "$algo" != "005" ] ; then + echo 'algorithm must be 005' + exit 1 +fi + +# for testing +mypath=. + +echo 'Reading key files' +flag=`$mypath/keydump.pl -k $keyfile -p $privfile -o $tmp_file` + +if [ "$flag" = "256" ] ; then + label=$zone,zsk,$ext +elif [ "$flag" = "257" ] ; then + label=$zone,ksk,$ext +else + echo 'flag must be 256 or 257' + rm $tmp_file + exit 1 +fi + +echo "Label will be '"$label"'" +$mypath/writekey -p $pin -l $label -i $tag -f $tmp_file + +rm $tmp_file + +echo 'Now you can add at the end of ' $privfile +/usr/bin/perl <<EOF +use MIME::Base64; +print "Engine: ", encode_base64("pkcs11\0",""), "\n"; +print "Label: ", encode_base64("pkcs11:"."$label"."\0",""), "\n"; +EOF |