cacert-gosigner/README.md

40 lines
1 KiB
Markdown
Raw Normal View History

# Running with softhsm2
## Setup HSM keys and certificates
```shell
sudo apt install softhsm2
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
cp docs/config.sample.yaml config.yaml
# modify config.yaml to fit your needs
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
# initialize the keys
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup
```
## Run the signer
```shell
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer
```
## Run the client simulator with socat
You may run the client simulator that sends commands via `stdout` and reads responses on `stdin` via `socat` to
simulate traffic on an emulated serial device:
```shell
sudo apt install socat
```
```shell
go build ./cmd/clientsim
socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer
```
You will need to configure `$(pwd)/testPty` as `serial`/`device` in your `config.yaml` to let the signer command find
the emulated serial device.