Last active
May 16, 2022 15:20
-
-
Save pennam/21641e0f7abda1bc012da1b038e7c35c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # pkcs11-tool --module /usr/lib/libckteec.so.0 --init-token --label arduino --so-pin 12345678 | |
| # pkcs11-tool --module /usr/lib/libckteec.so.0 --init-pin --label arduino --so-pin 12345678 --pin 87654321 | |
| # pkcs11-tool --module /usr/lib/libckteec.so.0 --keypairgen --key-type EC:prime256v1 --label testkey --token-label arduino --pin 87654321 | |
| Key pair generated: | |
| Private Key Object; EC | |
| label: testkey | |
| Usage: sign, derive | |
| Access: sensitive, always sensitive, never extractable, local | |
| Public Key Object; EC EC_POINT 256 bits | |
| EC_POINT: 044104b9e9a4764b2e93e0054be55b0f725a4b812217c8460d6a9f59d1e86ac7ad5d786a83b59a86e79c89529886b9158b8b0f0716a4966d558eeffb8c98a7525cd04b | |
| EC_PARAMS: 06082a8648ce3d030107 | |
| label: testkey | |
| Usage: verify, derive | |
| Access: local | |
| ############## arduino.conf start ############### | |
| # PKCS11 engine config | |
| openssl_conf = openssl_def | |
| [openssl_def] | |
| engines = engine_section | |
| [req] | |
| distinguished_name = req_distinguished_name | |
| [req_distinguished_name] | |
| # empty. | |
| [engine_section] | |
| pkcs11 = pkcs11_section | |
| [pkcs11_section] | |
| engine_id = pkcs11 | |
| dynamic_path = /usr/lib/engines-1.1/pkcs11.so | |
| MODULE_PATH = /usr/lib/libckteec.so.0 | |
| PIN = 87654321 | |
| init = 0 | |
| ############## arduino.conf end ############### | |
| #openssl engine -t pkcs11 | |
| (pkcs11) pkcs11 engine | |
| [ available ] | |
| # pkcs11-tool --module /usr/lib/libckteec.so.0 -L | |
| Available slots: | |
| Slot 0 (0x0): f1e4737d-08a4-5fe4-8451-ca84386a9e7d | |
| token label : arduino | |
| token manufacturer : Linaro | |
| token model : OP-TEE TA | |
| token flags : login required, rng, token initialized, PIN initialized | |
| hardware version : 0.0 | |
| firmware version : 0.1 | |
| serial num : 0000000000000000 | |
| pin min/max : 4/128 | |
| Slot 1 (0x1): f1e4737d-08a4-5fe4-8451-ca84386a9e7d | |
| token state: uninitialized | |
| Slot 2 (0x2): f1e4737d-08a4-5fe4-8451-ca84386a9e7d | |
| token state: uninitialized | |
| # pkcs11-tool --module /usr/lib/libckteec.so.0 -O | |
| Using slot 0 with a present token (0x0) | |
| Public Key Object; EC EC_POINT 256 bits | |
| EC_POINT: 044104f0d4915e5f3cc3c80ccf2bfe58e556e8a8a1a0d533dfdb6a5ef425e7ae1e65a54ad79dc528d82a5afde72bee4566f402e48d78c6201d20714d91b968dd9e6603 | |
| EC_PARAMS: 06082a8648ce3d030107 | |
| label: testkey | |
| Usage: verify, derive | |
| Access: local | |
| # pkcs11-tool --module /usr/lib/libckteec.so.0 --list-object --token arduino --login | |
| Logging in to "arduino". | |
| Please enter User PIN: | |
| Private Key Object; EC | |
| label: ec-test-key | |
| Usage: sign, derive | |
| Access: sensitive, always sensitive, never extractable, local | |
| Public Key Object; EC EC_POINT 256 bits | |
| EC_POINT: 044104fe85a96353064bacf1303328f9695979aba5eb74f827cf48b6a6afaf9dd8d69400f284ee1a81957130d51f6c1b91e83f9bbbbe5fdf23825c12eee837541ff335 | |
| EC_PARAMS: 06082a8648ce3d030107 | |
| label: ec-test-key | |
| Usage: verify, derive | |
| Access: local | |
| Private Key Object; EC | |
| label: testkey | |
| Usage: sign, derive | |
| Access: sensitive, always sensitive, never extractable, local | |
| Public Key Object; EC EC_POINT 256 bits | |
| EC_POINT: 044104f0d4915e5f3cc3c80ccf2bfe58e556e8a8a1a0d533dfdb6a5ef425e7ae1e65a54ad79dc528d82a5afde72bee4566f402e48d78c6201d20714d91b968dd9e6603 | |
| EC_PARAMS: 06082a8648ce3d030107 | |
| label: testkey | |
| Usage: verify, derive | |
| Access: local | |
| # OPENSSL_CONF=./openssl.conf openssl req -new -engine pkcs11 -keyform engine -key label_testkey -out csr.csr -subj "/CN=2d20a0bd-ce12-43b5-bafa-5922e72e4 | |
| a4e" -days 3650 | |
| # cat csr.csr | |
| -----BEGIN CERTIFICATE REQUEST----- | |
| MIHrMIGRAgEAMC8xLTArBgNVBAMMJDJkMjBhMGJkLWNlMTItNDNiNS1iYWZhLTU5 | |
| MjJlNzJlNGE0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIE369T8pqRsNhhz | |
| awtHfH4jXyzu9XAn0prF5NgrA4odpw1JEImqDBYiCtCtQUwB/W24WtGPP/4m/0Mz | |
| 7L38FVygADAKBggqhkjOPQQDAgNJADBGAiEAi/c/pQvPBQc2JzEbYOGfoLPPbI5S | |
| Jl2qOyZ5wZ1IDlQCIQCKkYT7laWbTy4D66x2NDaFRyK527cU+cwBtw5vcQJ5zg== | |
| -----END CERTIFICATE REQUEST----- | |
| ########### provisioning start ############ | |
| .... | |
| ########### provisioning end ############ | |
| OPENSSL_CONF=./openssl.conf openssl s_client -CAfile ca.pem -cert device.pem -engine pkcs11 -keyform engine -key label_testkey -connect mqtts-up.iot.ardu | |
| ino.cc:8883 -servername mqtts-up.iot.arduino.cc -state -quiet | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment