|
Petr Menšík |
9647ab |
#!/bin/sh
|
|
Petr Menšík |
9647ab |
#
|
|
Petr Menšík |
9647ab |
# This script will initialise token storage of softhsm PKCS11 provider
|
|
Petr Menšík |
9647ab |
# in custom location. Is useful to store tokens in non-standard location.
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
SOFTHSM2_CONF="$1"
|
|
Petr Menšík |
9647ab |
TOKENPATH="$2"
|
|
Petr Menšík |
9647ab |
GROUPNAME="$3"
|
|
Petr Menšík |
9647ab |
# Do not use this script for real keys worth protection
|
|
Petr Menšík |
9647ab |
# This is intended for crypto accelerators using PKCS11 interface.
|
|
Petr Menšík |
9647ab |
# Uninitialized token would fail any crypto operation.
|
|
Petr Menšík |
9647ab |
PIN=1234
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
set -e
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
if [ -z "$SOFTHSM2_CONF" -o -z "$TOKENPATH" ]; then
|
|
Petr Menšík |
9647ab |
echo "Usage: $0 <config file> <token directory> [group]" >&2
|
|
Petr Menšík |
9647ab |
exit 1
|
|
Petr Menšík |
9647ab |
fi
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
if ! [ -f "$SOFTHSM2_CONF" ]; then
|
|
Petr Menšík |
9647ab |
cat << SED > "$SOFTHSM2_CONF"
|
|
Petr Menšík |
9647ab |
# SoftHSM v2 configuration file
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
directories.tokendir = ${TOKENPATH}
|
|
Petr Menšík |
9647ab |
objectstore.backend = file
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
# ERROR, WARNING, INFO, DEBUG
|
|
Petr Menšík |
9647ab |
log.level = ERROR
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
# If CKF_REMOVABLE_DEVICE flag should be set
|
|
Petr Menšík |
9647ab |
slots.removable = false
|
|
Petr Menšík |
9647ab |
SED
|
|
Petr Menšík |
9647ab |
else
|
|
Petr Menšík |
9647ab |
echo "Config file $SOFTHSM2_CONF already exists" >&2
|
|
Petr Menšík |
9647ab |
fi
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
[ -d "$TOKENPATH" ] || mkdir -p "$TOKENPATH"
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
export SOFTHSM2_CONF
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
if softhsm2-util --show-slots | grep 'Initialized:[[:space:]]*yes' > /dev/null
|
|
Petr Menšík |
9647ab |
then
|
|
Petr Menšík |
9647ab |
echo "Token in ${TOKENPATH} is already initialized" >&2
|
|
Petr Menšík |
9647ab |
else
|
|
Petr Menšík |
9647ab |
echo "Initializing tokens to ${TOKENPATH}..."
|
|
Petr Menšík |
9647ab |
softhsm2-util --init-token --free --label rpm --pin $PIN --so-pin $PIN
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
if [ -n "$GROUPNAME" ]; then
|
|
Petr Menšík |
9647ab |
chgrp -R -- "$GROUPNAME" "$TOKENPATH"
|
|
Petr Menšík |
9647ab |
chmod -R -- g=rX,o= "$TOKENPATH"
|
|
Petr Menšík |
9647ab |
fi
|
|
Petr Menšík |
9647ab |
fi
|
|
Petr Menšík |
9647ab |
|
|
Petr Menšík |
9647ab |
echo "export SOFTHSM2_CONF=\"$SOFTHSM2_CONF\""
|