samples: Use new pwd format option for secretly passing passwords

Use the swtpm_cert --signkey-pwd and --parentkey-pwd to pass key passwords using files rather than using the command line options. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2025-08-22 19:04:35 +00:00 · 2020-01-25 22:38:50 -05:00 · 2020-01-25 22:38:50 -05:00 · 961bb827a4
commit 961bb827a4
parent b35eb9fcd5
1 changed files with 2 additions and 8 deletions
--- a/samples/swtpm-localca.in
+++ b/samples/swtpm-localca.in
@ -203,14 +203,6 @@ create_cert() {
 		options=$(cat "${LOCALCA_OPTIONS}")
 	fi

-	if [ -n "${SIGNKEY_PASSWORD}" ]; then
-		options="$options --signkey-password \"${SIGNKEY_PASSWORD}\""
-	fi
-
-	if [ -n "${PARENTKEY_PASSWORD}" ]; then
-		options="$options --parentkey-password ${PARENTKEY_PASSWORD}"
-	fi
-
 	if [ -n "$vmid" ]; then
 		options="$options --subject \"CN=$vmid\""
 	else
@ -258,6 +250,8 @@ create_cert() {
 		else
 			eval swtpm_cert \
 			$options \
+			${SIGNKEY_PASSWORD:+--signkey-pwd file:<(echo -en "$SIGNKEY_PASSWORD")} \
+			${PARENTKEY_PASSWORD:+--parentkey-pwd file:<(echo -en "$PARENTKEY_PASSWORD")} \
 			$tpm_spec_params \
 			$tpm_attr_params \
 			${skpkcs:+--signkey "$skpkcs"} \