Skip to content

Commit

Permalink
samples: Use new pwd format option for secretly passing passwords
Browse files Browse the repository at this point in the history 
Use the swtpm_cert --signkey-pwd and --parentkey-pwd to pass key passwords
using files rather than using the command line options.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
  • Loading branch information
@stefanberger
stefanberger committed Jan 30, 2020
1 parent b35eb9f commit 961bb82
Showing 1 changed file with 2 additions and 8 deletions.
10 changes: 2 additions & 8 deletions samples/swtpm-localca.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,14 +203,6 @@ create_cert() {
options=$(cat "${LOCALCA_OPTIONS}")
fi

if [ -n "${SIGNKEY_PASSWORD}" ]; then
options="$options --signkey-password \"${SIGNKEY_PASSWORD}\""
fi

if [ -n "${PARENTKEY_PASSWORD}" ]; then
options="$options --parentkey-password ${PARENTKEY_PASSWORD}"
fi

if [ -n "$vmid" ]; then
options="$options --subject \"CN=$vmid\""
else
Expand Down Expand Up @@ -258,6 +250,8 @@ create_cert() {
else
eval swtpm_cert \
$options \
${SIGNKEY_PASSWORD:+--signkey-pwd file:<(echo -en "$SIGNKEY_PASSWORD")} \
${PARENTKEY_PASSWORD:+--parentkey-pwd file:<(echo -en "$PARENTKEY_PASSWORD")} \
$tpm_spec_params \
$tpm_attr_params \
${skpkcs:+--signkey "$skpkcs"} \
Expand Down

0 comments on commit 961bb82

Please sign in to comment.