# Running with softhsm2

## Setup HSM keys and certificates

```shell
sudo apt install softhsm2
umask 077
mkdir -p ~/.config/softhsm2/tokens
echo "directories.tokendir = $HOME/.config/softhsm2/tokens/" > ~/.config/softhsm2/softhsm2.conf
cp docs/config.sample.yaml config.yaml
# modify config.yaml to fit your needs
softhsm2-util --init-token --free --label localhsm --so-pin 47110815 --pin 123456
# initialize the keys
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer -setup
```

## Run the signer

```shell
export PKCS11_PIN_LOCALHSM=123456
go run ./cmd/signer
```

## Run the client simulator with socat

You may run the client simulator that sends commands via `stdout` and reads responses on `stdin` via `socat` to
simulate traffic on an emulated serial device:

```shell
sudo apt install socat
```

```shell
go build ./cmd/clientsim
socat -d -d -v pty,rawer,link=$(pwd)/testPty EXEC:./clientsim,pty,rawer
```

You will need to configure `$(pwd)/testPty` as `serial`/`device` in your `config.yaml` to let the signer command find
the emulated serial device.