Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Various nits trying SoftHSM #217

Merged
merged 1 commit into from
Oct 29, 2021
Merged

Conversation

mattmoor
Copy link
Member

This incorporates a variety of nits I found trying out SoftHSM, including things like how to actually get the necessary tooling installed.

Signed-off-by: Matt Moore mattomata@gmail.com

Ticket Link

N/A

Release Note


This incorporates a variety of nits I found trying out SoftHSM, including things like how to actually get the necessary tooling installed.

Signed-off-by: Matt Moore <mattomata@gmail.com>
@mattmoor
Copy link
Member Author

cc @lukehinds

"Path" : "/usr/lib64/softhsm/libsofthsm.so",
"TokenLabel": "test",
"Path" : "/usr/lib/softhsm/libsofthsm2.so",
"TokenLabel": "fulcio",
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This mismatch was an annoying diff from the README

@mattmoor
Copy link
Member Author

So with these tweaks, I reached the point of fulcio createca, but that's seg faulting on this line:

pubKey := privKey.Public()

Presumably because privKey is nil because the lookup didn't find anything, but there's nothing in the instructions about creating a key-pair.

```
apt-get install softhsm2 opensc
```

To configure a SoftHSM:

Create a `config/crypto11.conf` file:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line 43 uses .cfg, which way do you want it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two configs 😅

Copy link

@abhadfield abhadfield Oct 29, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default location of the config file is /etc/softhsm2.conf. This location can be change by setting the environment variable.

export SOFTHSM2_CONF=/home/user/config.file
Details on the configuration can be found in "man softhsm2.conf".

decent walk through here (although looks like you don't need to build from source in your case):
https://wiki.opendnssec.org/plugins/servlet/mobile?contentId=3211298#content/view/3211298

@lukehinds
Copy link
Member

lukehinds commented Oct 28, 2021

I am back tomorrow and will take a look first thing. Did you manage to install and use the pkcs11tool?

@mattmoor
Copy link
Member Author

@lukehinds Yeah, I also added the apt-get commands I found to install the softhsm and pkcs11-tool stuff.

Copy link
Member

@lukehinds lukehinds left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lukehinds lukehinds merged commit 2a4aecc into sigstore:main Oct 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants