1 files changed, 73 insertions, 0 deletions

diff --git a/contrib/pkcs11-keygen/writekey.sh b/contrib/pkcs11-keygen/writekey.sh
new file mode 100755
index 0000000..9b235d0
--- /dev/null
+++ b/contrib/pkcs11-keygen/writekey.sh
@@ -0,0 +1,73 @@
+#!/bin/bash --debug
+
+usage="Usage: $0 -x ext -p pin -f keyrootname"
+tmp_file=/tmp/cur_pem.$$
+while getopts ":x:p:f:" opt; do
+  case $opt in
+    x  ) ext=$OPTARG ;;
+    p  ) pin=$OPTARG ;;
+    f  ) root=$OPTARG ;;
+    \? ) echo $usage 
+	 exit 1 ;;
+   esac
+done
+shift $(($OPTIND -1))
+
+if [ ! "$ext" -o ! "$pin" -o ! "$root" ] ; then
+  echo $usage
+  exit 1
+fi
+
+keyfile=${root}.key
+privfile=${root}.private
+file=`basename $root | sed 's/^K//'`
+zone=`echo $file | awk -F+ '{ print $1 }' | sed 's/\.$//'`
+algo=`echo $file | awk -F+ '{ print $2 }'`
+tag=`echo $file | awk -F+ '{ print $3 }'`
+
+# debug
+echo 'zone: ' $zone
+echo 'algo: ' $algo
+echo 'tag: ' $tag
+
+if [ ! -r "$keyfile" ] ; then
+  echo "can't read " $keyfile
+  exit 1
+fi
+if [ ! -r "$privfile" ] ; then
+  echo "can't read " $privfile
+  exit 1
+fi
+
+if [ "$algo" != "005" ] ; then
+  echo 'algorithm must be 005'
+  exit 1
+fi
+
+# for testing
+mypath=.
+
+echo 'Reading key files'
+flag=`$mypath/keydump.pl -k $keyfile -p $privfile -o $tmp_file`
+
+if [ "$flag" = "256" ] ; then
+  label=$zone,zsk,$ext
+elif [ "$flag" = "257" ] ; then
+  label=$zone,ksk,$ext
+else
+  echo 'flag must be 256 or 257'
+  rm $tmp_file
+  exit 1
+fi
+
+echo "Label will be '"$label"'"
+$mypath/writekey -p $pin -l $label -i $tag -f $tmp_file
+
+rm $tmp_file
+
+echo 'Now you can add at the end of ' $privfile
+/usr/bin/perl <<EOF
+use MIME::Base64;
+print "Engine: ", encode_base64("pkcs11\0",""), "\n";
+print "Label: ", encode_base64("pkcs11:"."$label"."\0",""), "\n";
+EOF