Skip to content

Commit

Permalink
fixup! core_sign_update: use pkcs11 openssl engine
Browse files Browse the repository at this point in the history
  • Loading branch information
@tormath1
tormath1 committed Jan 18, 2024
1 parent 702e78b commit a20451b
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions core_sign_update
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,8 +136,7 @@ i=1
signature_sizes=""
for key in "${private_keys[@]}"; do
if [[ "${key}" == pkcs11* ]]; then
# NOTE: When we will use OpenSSL 3: use the following URI: pkcs11:id=%${ID}?pin-source=file:/tmp/pin
openssl pkeyutl -engine pkcs11 -sign -keyform engine -inkey "${key}" -in update.pkcs11-padhash -out "update.sig.${i}"
OPENSSL_CONF=/etc/ssl/pkcs11.cnf openssl pkeyutl -engine pkcs11 -sign -keyform engine -inkey "${key}" -in update.pkcs11-padhash -out "update.sig.${i}"
elif [[ "${key}" == fero* ]]; then
fero-client \
--address $FLAGS_signing_server_address \
Expand Down

0 comments on commit a20451b

Please sign in to comment.