|
Task
|
Command
|
|
Create a RSA Key
|
p11tool2 slot=$PKCS11_SLOT LoginUser=$PKCS11_PIN PubKeyAttr=CKA_LABEL=$KEY_LABEL PrvKeyAttr=CKA_LABEL=$KEY_LABEL GenerateKeyPair=RSA
|
|
Create an ECC Key
|
p11tool2 slot=$PKCS11_SLOT LoginUser=$PKCS11_PIN PubKeyAttr=CKA_LABEL=$KEY_LABEL PrvKeyAttr=CKA_LABEL=$KEY_LABEL GenerateKeyPair=RSA
|
|
Generate a Certificate Signing Request from a key
|
openssl req -engine pkcs11 -new -key "pkcs11:token=$PKCS11_TOKEN;object=$KEY_LABEL;pin-value=$PKCS11_PIN" -keyform engine [-subj "/CN=.../"] -out test.csr
|
|
Generate a certificate from a Certificate Signing Request
|
openssl req -engine pkcs11 -new -x509 -days 365 -key "pkcs11:token=$PKCS11_TOKEN;object=$KEY_LABEL;pin-value=$PKCS11_PIN" -subj "/CN=.../" -keyform engine -out test.cert
|
|
Generate an encrypted message from a file using a certificate
|
openssl cms -engine pkcs11 -encrypt -in message.txt -out encrypted_message.txt test.cert
|
|
Decrypt an encrypted message using a private key
|
openssl cms -engine pkcs11 -decrypt -in encrypted_message.txt -inkey "pkcs11:token=$PKCS11_TOKEN;object=$KEY_LABEL;pin-value=$PKCS11_PIN" -keyform engine -out decrypted_message.txt
|
|
Generate a signed message from a file using a private key
|
openssl cms -engine pkcs11 -sign -in message.txt -signer test.cert -inkey "pkcs11:token=$PKCS11_TOKEN;object=$KEY_LABEL;pin-value=$PKCS11_PIN" -keyform engine -out signed_message.txt
|
|
Verify a signed message using a certificate
|
openssl cms -engine pkcs11 -verify -noverify -in signed_message.txt -CAfile test.cert -out verified_message.txt
|
|
Generate a CA from a private key
|
openssl req -engine pkcs11 -new -x509 -days 365 -key "pkcs11:token=$PKCS11_TOKEN;object=$KEY_LABEL;pin-value=$PKCS11_PIN" -subj "/CN=.../" -keyform engine -out ca.cer
|
|
Sign a Certificate Signing Request using a CA private key
|
openssl ca -batch -engine pkcs11 -policy policy_anything -cert ca.cer -in request.csr -keyfile "pkcs11:token=$PKCS11_TOKEN;object=$KEY_LABEL;pin-value=$PKCS11_PIN" -keyform engine -out certificate.crt
|
