This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
appnote:etoken [2015/09/02 18:13] mcb30 |
appnote:etoken [2017/05/10 19:45] mcb30 |
||
---|---|---|---|
Line 20: | Line 20: | ||
pkcs11-tool --module libeToken.so --list-objects | pkcs11-tool --module libeToken.so --list-objects | ||
+ | |||
+ | ==== Changing the password ==== | ||
+ | |||
+ | To change the password on the hardware token, run the command | ||
+ | |||
+ | pkcs11-tool --module libeToken.so --change-pin | ||
==== Extracting the certificate ==== | ==== Extracting the certificate ==== | ||
Line 49: | Line 55: | ||
* ''[[https://github.com/rhinstaller/pesign|pesign]]'' | * ''[[https://github.com/rhinstaller/pesign|pesign]]'' | ||
- | * ''[[http://ohnopub.net/~ohnobinki/lcab/|lcab]]'' | + | * ''[[http://ftp.gnome.org/pub/GNOME/sources/gcab|gcab]]'' |
* ''[[https://www.openssl.org|openssl]]'' | * ''[[https://www.openssl.org|openssl]]'' | ||
* ''[[https://github.com/OpenSC/OpenSC/wiki/Engine-pkcs11-quickstart|engine_pkcs11]]'' | * ''[[https://github.com/OpenSC/OpenSC/wiki/Engine-pkcs11-quickstart|engine_pkcs11]]'' | ||
Line 76: | Line 82: | ||
To create a UEFI signing submission, you must create a ''.cab'' file containing your (unsigned) ''.efi'' files. For example, you can create a ''submission.cab'' file containing ''[[http://boot.ipxe.org/ipxe.efi|ipxe.efi]]'' and ''[[http://boot.ipxe.org/snponly.efi|snponly.efi]]'' using | To create a UEFI signing submission, you must create a ''.cab'' file containing your (unsigned) ''.efi'' files. For example, you can create a ''submission.cab'' file containing ''[[http://boot.ipxe.org/ipxe.efi|ipxe.efi]]'' and ''[[http://boot.ipxe.org/snponly.efi|snponly.efi]]'' using | ||
- | lcab -n -q ipxe.efi snponly.efi submission.cab | + | gcab -n -c submission.cab ipxe.efi snponly.efi |
You can sign the ''submission.cab'' file using | You can sign the ''submission.cab'' file using | ||
- | osslsigncode -pkcs11engine /usr/lib64/openssl/engines/engine_pkcs11.so \ | + | osslsigncode -pkcs11engine /usr/lib64/openssl/engines/pkcs11.so \ |
-pkcs11module /usr/lib64/libeToken.so -certs codesigning.crt \ | -pkcs11module /usr/lib64/libeToken.so -certs codesigning.crt \ | ||
-h sha256 -askpass -t http://timestamp.digicert.com \ | -h sha256 -askpass -t http://timestamp.digicert.com \ |