Changes to encrypt and copy out private key

Using the given passphrase, encrypt the private key and copy out.
Use the public key from the mount for generating out files.

Change-Id: I5de42ad4c8a781201ed559b04b1457fe9e661e42
Issue-ID: AAF-376
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>

1 files changed, 11 insertions, 1 deletions

diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh
index 85cdf52..641c529 100755
--- a/bin/distcenter/entrypoint.sh
+++ b/bin/distcenter/entrypoint.sh
@@ -2,11 +2,21 @@
 set -e
 cd /createca
 /createca/create_ca.sh
+cd /createca/ca
+cat /volume/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \
+  --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \
+  --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \
+  --passphrase-fd 0 privkey.pem
+cp /createca/ca/privkey.pem.gpg /volume
+cp /createca/ca/ca.cert /volume
+
 cd /volume
 DLIST=`ls -d host_*`
 for DIR in $DLIST; do
   echo $DIR
   cp /createca/ca/ca.cert /volume/$DIR
   cd /volume/$DIR
-  /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem  -parentPub /dup/database/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey
+  /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem  -parentPub \
+  /volume/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed \
+  dupSymseed -dupEncKey dupEncKey
 done