Skip to content

Commit

Permalink
Fix piv-tool generate-key command in TOKENS doc
Browse files Browse the repository at this point in the history
[cosign/TOKENS\.md at main · sigstore/cosign](https://github.com/sigstore/cosign/blob/main/TOKENS.md) says:

... *run the* `cosign generate-key` *command* ...

Which yields this error:

```
$ cosign generate-key
Error: unknown command "generate-key" for "cosign"
```

The documentation is simply missing the `piv-tool` sub-command.

Resolves: #1849

Also fix make target for custom build: was make cosign-pivkey
now make cosign-pivkey-pkcs11key.
Drop old, brittle reference to line in Makefile.

Also make `go build` also work the same way, from the root directory.

See also: #1853

Signed-off-by: Neal McBurnett <[email protected]>
  • Loading branch information
nealmcb committed May 7, 2022
1 parent 798904a commit 76b7071
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions TOKENS.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

The `cosign` command line tool optionally supports hardware tokens for signing and key management.
This support is enabled through the [PIV protocol](https://csrc.nist.gov/projects/piv/piv-standards-and-supporting-documentation)
and the [go-piv](https://github.com/go-piv/piv-go) library, which is not included in the standard release. Use [`make cosign-pivkey`](https://github.com/sigstore/cosign/blob/a8d1cc1132d4a019a62ff515b9375c8c5b98a5c5/Makefile#L52), or `go build -tags=pivkey`, to build `cosign` with support for hardware tokens.
and the [go-piv](https://github.com/go-piv/piv-go) library, which is not included in the standard release. Use `make cosign-pivkey-pkcs11key`, or `go build -tags=pivkey,pkcs11key ./cmd/cosign`, to build `cosign` with support for hardware tokens.

---
**NOTE**
Expand All @@ -18,7 +18,7 @@ We recommend using an application provided by your hardware vendor to manage key

### Setup

To get started, insert a key to your computer and run the `cosign generate-key` command.
To get started, insert a key to your computer and run the `cosign piv-tool generate-key` command.
We recommend using the `--random-management-key=true` flag.

This command generates a cryptographically-random management key and configures the device to use it.
Expand Down

0 comments on commit 76b7071

Please sign in to comment.