Update README to reflect setup

Key setup can now be done by the signer, p11tool is no longer needed for
key generation.
Jan Dittberner 2 years ago
parent 9fd40af603
commit b9e8862f3e

@ -1,13 +1,23 @@
# Testing with softhsm2
# Running with softhsm2
## Setup HSM keys and certificates
sudo apt install softhsm2 gnutls-bin
sudo apt install softhsm2
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
cp docs/config.sample.yaml config.yaml
# modify config.yaml to fit your needs
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
export TOKEN_URL=$(p11tool --list-token-urls | grep localhsm | head -1)
p11tool --login --outfile=rootkey2022.pub --label=rootkey2022 --generate-privkey=ECDSA --curve=secp521r1 $TOKEN_URL
go test -v ./cmd/signer/
openssl x509 -in /tmp/test.pem -noout -text
# initialize the keys
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup
## Run the signer
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer