From e19f78e89aaa94bbf3e0c612314d48c9672ad5c3 Mon Sep 17 00:00:00 2001 From: Kiran Kamineni Date: Wed, 26 Sep 2018 12:48:34 -0700 Subject: Update location of passphrase in distcenter Location for passphrase needed to be updated in scenarios where tpm is not available P2: Add more changes to get the passphrase to be passed correctly Issue-ID: AAF-521 Change-Id: Ibf022e05489e77cdcec642a543abf5cec3c21e53 Signed-off-by: Kiran Kamineni --- bin/caservicecontainer/application.sh | 2 +- bin/caservicecontainer/import.sh | 4 +--- bin/distcenter/entrypoint.sh | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/bin/caservicecontainer/application.sh b/bin/caservicecontainer/application.sh index a7c864d..da4d2d8 100755 --- a/bin/caservicecontainer/application.sh +++ b/bin/caservicecontainer/application.sh @@ -12,7 +12,7 @@ applicationlibrary="/usr/local/lib/softhsm/libsofthsm2.so" # Setting up the java application and running the application # 1. Create the configuration pkcs11.cfg for the application # Remove any existing cfg file first from the CWD -rm pkcs11.cfg +rm -f pkcs11.cfg touch pkcs11.cfg chmod 755 pkcs11.cfg echo "name = ${key_label}" >> pkcs11.cfg diff --git a/bin/caservicecontainer/import.sh b/bin/caservicecontainer/import.sh index 7fa8909..e8ead2e 100755 --- a/bin/caservicecontainer/import.sh +++ b/bin/caservicecontainer/import.sh @@ -60,9 +60,7 @@ else cd ${DATA_FOLDER} # 3.a Extract the Private key using passphrase - passphrase="$(cat passphrase)" - echo "${passphrase}" - echo "${passphrase}" | gpg --batch --yes --passphrase-fd 0 privkey.pem.gpg + cat passphrase | gpg --batch --yes --passphrase-fd 0 privkey.pem.gpg # 3.b Convert the Private key pem into der format openssl rsa -in ./privkey.pem -outform DER -out privatekey.der diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh index 6aac3ca..92778f7 100755 --- a/bin/distcenter/entrypoint.sh +++ b/bin/distcenter/entrypoint.sh @@ -19,7 +19,7 @@ then done else cd /distcenter/ca - cat /distcenter/passphrase/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \ + cat /distcenter/data/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \ --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \ --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \ --passphrase-fd 0 privkey.pem -- cgit 1.2.3-korg