Skip to content

Commit

Permalink
core_sign_update: use pkcs11 openssl engine
Browse files Browse the repository at this point in the history 
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
  • Loading branch information
@tormath1
tormath1 committed Dec 14, 2023
1 parent 9e4c015 commit e7a819a
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion core_sign_update
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,8 @@ i=1
signature_sizes=""
for key in "${private_keys[@]}"; do
if [[ "${key}" == pkcs11* ]]; then
openssl rsautl -engine pkcs11 -pkcs -sign -inkey ${key} -keyform engine -in update.pkcs11-padhash -out update.sig.${i}
# NOTE: When we will use OpenSSL 3: use the following URI: pkcs11:id=%${ID}?pin-source=file:/tmp/pin
openssl pkeyutl -engine pkcs11 -sign -keyform engine -inkey "${key}" -in update.pkcs11-padhash -out "update.sig.${i}"
elif [[ "${key}" == fero* ]]; then
fero-client \
--address $FLAGS_signing_server_address \
Expand Down

0 comments on commit e7a819a

Please sign in to comment.