Merge pull request #13 from mode51software/develop

Updated setup
mode51software · Mar 22, 2021 · 59546d5 · 59546d5
2 parents 14fdc0f + ae5a2df
commit 59546d5
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 14 deletions.
diff --git a/SETUP.md b/SETUP.md
@@ -237,6 +237,7 @@ MODULE_PATH = /yoursafenetpath/libs/64/libCryptoki2.so
 #### Commands
 
 ##### List Keys
+
 `pkcs11-tool --module=/opt/apps/safenet/dpod/current/libs/64/libCryptoki2.so --login --login-type user --slot 3 -O`
 
 ##### Signing
@@ -332,6 +333,10 @@ This is because the corresponding PKCS#11 "CKA_ID" object attribute can contain
 
 ### Entrust nShield
 
+#### Configuration 
+
+##### OpenSSL Engine Configuration
+
 ```
 openssl_conf = openssl_init
 
@@ -344,25 +349,50 @@ pkcs11 = pkcs11_section
 [pkcs11_section]
 engine_id = pkcs11
 dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/libpkcs11.so
-MODULE_PATH = /opt/apps/nfast/20201219/bin/libcknfast.so
+MODULE_PATH = /opt/apps/nfast/current/bin/libcknfast.so
 ```
 
 #### Commands
 
-##### nCipher Encryption Test
-`openssl pkeyutl -encrypt -engine pkcs11 -keyform engine -inkey "pkcs11:id=%61%02%1f%1f%ed%1e%fc%39%f9%d6%0f%28%9b%d5%5f%e9%78%91%6c%e9;type=public;" -in ./test.txt -out ./testncipher.enc`
+##### List Keys
+
+`cklist`
+
+##### Create Key
+
+`generatekey -m 1 pkcs11 plainname=RSATestKey01 nvram=no protect=module type=RSA size=4096 pubexp=`
+
+##### Signing
+
+###### Gen Root and Intermediate CA RSA Keys
+
+`generatekey -m 1 pkcs11 plainname=RSARootKey01 nvram=no protect=module type=RSA size=4096 pubexp=`
+
+`generatekey -m 1 pkcs11 plainname=RSAInterKey02 nvram=no protect=module type=RSA size=2048 pubexp=`
+
+###### Gen Root CA Cert
+
+`openssl req -new -x509 -days 7300 -sha512 -extensions v3_ca -engine pkcs11 -keyform engine -key "pkcs11:object=RSARootKey01" -out ncipher-root-01.ca.cert.pem -set_serial 5004`
+
+###### Gen Intermediate CA CSR
+
+`openssl req -new -sha512 -engine pkcs11 -keyform engine -key "pkcs11:object=RSAInterKey02" -out ncipher-inter-02.ca.csr.pem`
+
+###### Sign Intermediate CA CSR
+
+`openssl ca -days 3650 -md sha512 -notext -extensions v3_intermediate_ca -engine pkcs11 -keyform engine -keyfile "pkcs11:object=RSARootKey01" -in ncipher-inter-02.ca.csr.pem -out ncipher-inter-02.ca.cert.pem -cert ncipher-root-01.ca.cert.pem -noemailDN`
+
+###### Extract the Intermediate CA's public key
+
+`pkcs11-tool --module=/opt/apps/nfast/20201219/bin/libcknfast.so --label "RSAInterKey02" --type pubkey -r -o ncipher-inter.ca.pub.der`
+
+##### Encryption
 
-##### nCipher Decryption Test
-`openssl pkeyutl -decrypt -engine pkcs11 -keyform engine -inkey "pkcs11:id=%61%02%1f%1f%ed%1e%fc%39%f9%d6%0f%28%9b%d5%5f%e9%78%91%6c%e9;type=public;" -in ./testncipher.enc -out ./testncipher.dec`
+###### Encryption Test
 
-##### OpenSSL Gen Root CA Cert
-`openssl req -new -x509 -days 7300 -sha512 -extensions v3_ca -engine pkcs11 -keyform engine -key "pkcs11:id=%61%02%1f%1f%ed%1e%fc%39%f9%d6%0f%28%9b%d5%5f%e9%78%91%6c%e9;type=public;" -out ncipher-root-0005.ca.cert.pem -set_serial 5001`
+`openssl pkeyutl -encrypt -engine pkcs11 -keyform engine -inkey "pkcs11:object=RSATestKey01;type=public;" -in ./test.txt -out ./testncipher.enc`
 
-##### OpenSSL Gen Intermediate CA CSR
-`openssl req -new -sha512 -engine pkcs11 -keyform engine -key "pkcs11:id=%88%d8%42%c8%6f%7a%49%ae%92%be%d6%0f%3b%e7%41%51%94%27%69%86" -out ncipher-inter-0006.ca.csr.pem`
+###### Decryption Test
 
-##### OpenSSL Sign Intermediate CA CSR
-`openssl ca -days 3650 -md sha512 -notext -extensions v3_intermediate_ca -engine pkcs11 -keyform engine -keyfile "pkcs11:id=%61%02%1f%1f%ed%1e%fc%39%f9%d6%0f%28%9b%d5%5f%e9%78%91%6c%e9" -in ncipher-inter-0006.ca.csr.pem -out ncipher-inter-0006.ca.cert.pem -cert ncipher-root-0005.ca.cert.pem -noemailDN`
+`openssl pkeyutl -decrypt -engine pkcs11 -keyform engine -inkey "pkcs11:object=RSATestKey01;type=private;" -in ./testncipher.enc -out ./testncipher.dec`
 
-##### Extract the Intermediate CA's public key
-`pkcs11-tool --module=/opt/apps/nfast/20201219/bin/libcknfast.so --id "61021f1fed1efc39f9d60f289bd55fe978916ce9" --type pubkey -r -o /tmp/ncipher-inter.ca.pub.der`
diff --git a/pkg/pkcs11client/pkcs11client.go b/pkg/pkcs11client/pkcs11client.go
@@ -389,7 +389,6 @@ func (p *Pkcs11Client) FindObjects(attribs []*pkcs11.Attribute, max int) (objHan
 }
 
 // https://stackoverflow.com/a/25181584/2002211
-
 func (p *Pkcs11Client) ReadRSAPublicKey(keyConfig *KeyConfig) (pubKey interface{}, err error) {
 	return p.ReadPublicKey(keyConfig, pkcs11.CKK_RSA)
 }
-Original file line number
+Diff line change
@@ Expand Up @@
     }
     // https://stackoverflow.com/a/25181584/2002211
     func (p *Pkcs11Client) ReadRSAPublicKey(keyConfig *KeyConfig) (pubKey interface{}, err error) {
     	return p.ReadPublicKey(keyConfig, pkcs11.CKK_RSA)
     }
@@ Expand Down @@