From 961bb827a42f59a69ab056167787950e510d7bb8 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Sat, 25 Jan 2020 22:38:50 -0500
Subject: [PATCH] samples: Use new pwd format option for secretly passing
 passwords

Use the swtpm_cert --signkey-pwd and --parentkey-pwd to pass key passwords
using files rather than using the command line options.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 samples/swtpm-localca.in | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/samples/swtpm-localca.in b/samples/swtpm-localca.in
index 12359a2..5275b15 100755
--- a/samples/swtpm-localca.in
+++ b/samples/swtpm-localca.in
@@ -203,14 +203,6 @@ create_cert() {
 		options=$(cat "${LOCALCA_OPTIONS}")
 	fi
 
-	if [ -n "${SIGNKEY_PASSWORD}" ]; then
-		options="$options --signkey-password \"${SIGNKEY_PASSWORD}\""
-	fi
-
-	if [ -n "${PARENTKEY_PASSWORD}" ]; then
-		options="$options --parentkey-password ${PARENTKEY_PASSWORD}"
-	fi
-
 	if [ -n "$vmid" ]; then
 		options="$options --subject \"CN=$vmid\""
 	else
@@ -258,6 +250,8 @@ create_cert() {
 		else
 			eval swtpm_cert \
 			$options \
+			${SIGNKEY_PASSWORD:+--signkey-pwd file:<(echo -en "$SIGNKEY_PASSWORD")} \
+			${PARENTKEY_PASSWORD:+--parentkey-pwd file:<(echo -en "$PARENTKEY_PASSWORD")} \
 			$tpm_spec_params \
 			$tpm_attr_params \
 			${skpkcs:+--signkey "$skpkcs"} \