Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2025-08-22 19:04:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

samples: Use new pwd format option for secretly passing passwords

Browse Source 
Use the swtpm_cert --signkey-pwd and --parentkey-pwd to pass key passwords
using files rather than using the command line options.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger 2020-01-25 22:38:50 -05:00 committed by Stefan Berger
parent b35eb9fcd5
commit 961bb827a4
1 changed files with 2 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
samples/swtpm-localca.in
View File

@ -203,14 +203,6 @@ create_cert() {
options=$(cat "${LOCALCA_OPTIONS}") options=$(cat "${LOCALCA_OPTIONS}")
fi fi
if [ -n "${SIGNKEY_PASSWORD}" ]; then
options="$options --signkey-password \"${SIGNKEY_PASSWORD}\""
fi
if [ -n "${PARENTKEY_PASSWORD}" ]; then
options="$options --parentkey-password ${PARENTKEY_PASSWORD}"
fi
if [ -n "$vmid" ]; then if [ -n "$vmid" ]; then
options="$options --subject \"CN=$vmid\"" options="$options --subject \"CN=$vmid\""
else else
@ -258,6 +250,8 @@ create_cert() {
else else
eval swtpm_cert \ eval swtpm_cert \
$options \ $options \
${SIGNKEY_PASSWORD:+--signkey-pwd file:<(echo -en "$SIGNKEY_PASSWORD")} \
${PARENTKEY_PASSWORD:+--parentkey-pwd file:<(echo -en "$PARENTKEY_PASSWORD")} \
$tpm_spec_params \ $tpm_spec_params \
$tpm_attr_params \ $tpm_attr_params \
${skpkcs:+--signkey "$skpkcs"} \ ${skpkcs:+--signkey "$skpkcs"} \