diff options
Diffstat (limited to 'bin/distcenter')
-rw-r--r-- | bin/distcenter/Dockerfile | 3 | ||||
-rw-r--r-- | bin/distcenter/README.md | 17 | ||||
-rw-r--r-- | bin/distcenter/README.txt | 33 | ||||
-rwxr-xr-x | bin/distcenter/entrypoint.sh | 12 |
4 files changed, 44 insertions, 21 deletions
diff --git a/bin/distcenter/Dockerfile b/bin/distcenter/Dockerfile index f79c7ef..afa5b7d 100644 --- a/bin/distcenter/Dockerfile +++ b/bin/distcenter/Dockerfile @@ -9,12 +9,9 @@ RUN cd sshsm && \ RUN mkdir /createca COPY ./create_ca.sh /createca/ RUN mkdir /dup -RUN mkdir /dup/database -RUN mkdir /dup/database/host_sample RUN mkdir /dup/bin RUN cp sshsm/tpm-util/duplicate/ossl_tpm_duplicate /dup/bin -RUN cp sshsm/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public /dup/database/host_sample ADD entrypoint.sh /entrypoint.sh ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/bin/distcenter/README.md b/bin/distcenter/README.md deleted file mode 100644 index 973cbf9..0000000 --- a/bin/distcenter/README.md +++ /dev/null @@ -1,17 +0,0 @@ -Create folder under /tmp/volume/host_sample on host. This will be mounted into the container as shared volume for now. - -Build the container using - - docker build --no-cache -t dist-center . - -Run it mounting the volume - - docker run -v /tmp/volume:/volume dist-center - -This will output the following files in /tmp/volume/host_sample - - ca.cert - dupEncKey - dupPriv - dupPub - dupSymseed diff --git a/bin/distcenter/README.txt b/bin/distcenter/README.txt new file mode 100644 index 0000000..fe39395 --- /dev/null +++ b/bin/distcenter/README.txt @@ -0,0 +1,33 @@ +Create folder under /tmp/volume/host_<host name> for each host (example +host_sample where sample is the name of the tpm capable host). +This folder will be mounted into the container as shared volume for now. + +Expects the input SRK pulic key "out_parent_public" for each host under +the corresponding host directory and file "passphrase" under /tmp/volume/ +containing the passphrase to encrypt the key. + +example + + /tmp/volume/host_sample/out_parent_public + /tmp/volume/passphrase + +Build the container using + + docker build --no-cache -t dist-center . + +Run it mounting the volume + + docker run -v /tmp/volume:/volume dist-center + +This will output the following files in /tmp/volume/host_<host name> + + ca.cert + dupEncKey + dupPriv + dupPub + dupSymseed + +Encrypted private key and certificate under /tmp/volume + + ca.cert + privkey.pem.gpg diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh index 85cdf52..641c529 100755 --- a/bin/distcenter/entrypoint.sh +++ b/bin/distcenter/entrypoint.sh @@ -2,11 +2,21 @@ set -e cd /createca /createca/create_ca.sh +cd /createca/ca +cat /volume/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \ + --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \ + --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \ + --passphrase-fd 0 privkey.pem +cp /createca/ca/privkey.pem.gpg /volume +cp /createca/ca/ca.cert /volume + cd /volume DLIST=`ls -d host_*` for DIR in $DLIST; do echo $DIR cp /createca/ca/ca.cert /volume/$DIR cd /volume/$DIR - /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem -parentPub /dup/database/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey + /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem -parentPub \ + /volume/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed \ + dupSymseed -dupEncKey dupEncKey done |